July 2025 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2025-Jul 2025-Jul Final 1.0 871 2026-05-19T01:42:54 July 2025 Security Updates 2025-07-08T07:00:00 2026-05-19T01:42:54 <h2 id="this-release-consists-of-the-following-137-microsoft-cves">This release consists of the following 137 Microsoft CVEs:</h2> <table> <thead> <tr> <th>Tag</th> <th>CVE</th> <th>Base Score</th> <th>CVSS Vector</th> <th>Exploitability</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Service Fabric</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21195">CVE-2025-21195</a></td> <td>6.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26636">CVE-2025-26636</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Desktop Client</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33054">CVE-2025-33054</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure DevOps</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47158">CVE-2025-47158</a></td> <td>9.0</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>N/A</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Virtualization-Based Security (VBS) Enclave</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47159">CVE-2025-47159</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Configuration Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47178">CVE-2025-47178</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Virtual Hard Disk (VHDX)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47971">CVE-2025-47971</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Input Method Editor (IME)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47972">CVE-2025-47972</a></td> <td>8.0</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Virtual Hard Disk (VHDX)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47973">CVE-2025-47973</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows SSDP Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47975">CVE-2025-47975</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows SSDP Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47976">CVE-2025-47976</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kerberos</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47978">CVE-2025-47978</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Imaging Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47980">CVE-2025-47980</a></td> <td>6.2</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows SPNEGO Extended Negotiation</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47981">CVE-2025-47981</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Storage VSP Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47982">CVE-2025-47982</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows GDI</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47984">CVE-2025-47984</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Event Tracing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47985">CVE-2025-47985</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Universal Print Management Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47986">CVE-2025-47986</a></td> <td>8.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cred SSProvider Protocol</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47987">CVE-2025-47987</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Monitor Agent</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47988">CVE-2025-47988</a></td> <td>7.5</td> <td>CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Input Method Editor (IME)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47991">CVE-2025-47991</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft PC Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47993">CVE-2025-47993</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47994">CVE-2025-47994</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Machine Learning</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47995">CVE-2025-47995</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows MBT Transport driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47996">CVE-2025-47996</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47998">CVE-2025-47998</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47999">CVE-2025-47999</a></td> <td>6.8</td> <td>CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Connected Devices Platform Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48000">CVE-2025-48000</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows BitLocker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48001">CVE-2025-48001</a></td> <td>6.8</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48002">CVE-2025-48002</a></td> <td>5.7</td> <td>CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows BitLocker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48003">CVE-2025-48003</a></td> <td>6.8</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Update Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48799">CVE-2025-48799</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows BitLocker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48800">CVE-2025-48800</a></td> <td>6.8</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows SMB</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48802">CVE-2025-48802</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Virtualization-Based Security (VBS) Enclave</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48803">CVE-2025-48803</a></td> <td>6.7</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows BitLocker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48804">CVE-2025-48804</a></td> <td>6.8</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft MPEG-2 Video Extension</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48805">CVE-2025-48805</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft MPEG-2 Video Extension</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48806">CVE-2025-48806</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48808">CVE-2025-48808</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48809">CVE-2025-48809</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Kernel Mode</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48810">CVE-2025-48810</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Virtualization-Based Security (VBS) Enclave</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48811">CVE-2025-48811</a></td> <td>6.7</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48812">CVE-2025-48812</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Desktop Licensing Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48814">CVE-2025-48814</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows SSDP Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48815">CVE-2025-48815</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>HID class driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48816">CVE-2025-48816</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Desktop Client</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48817">CVE-2025-48817</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows BitLocker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48818">CVE-2025-48818</a></td> <td>6.8</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Universal Plug and Play (UPnP) Device Host</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48819">CVE-2025-48819</a></td> <td>7.1</td> <td>CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows AppX Deployment Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48820">CVE-2025-48820</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Universal Plug and Play (UPnP) Device Host</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48821">CVE-2025-48821</a></td> <td>7.1</td> <td>CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48822">CVE-2025-48822</a></td> <td>8.6</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cryptographic Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48823">CVE-2025-48823</a></td> <td>5.9</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48824">CVE-2025-48824</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49657">CVE-2025-49657</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows TDX.sys</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49658">CVE-2025-49658</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows TDX.sys</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49659">CVE-2025-49659</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Event Tracing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49660">CVE-2025-49660</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49661">CVE-2025-49661</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49663">CVE-2025-49663</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows User-Mode Driver Framework Host</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49664">CVE-2025-49664</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Workspace Broker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49665">CVE-2025-49665</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49666">CVE-2025-49666</a></td> <td>7.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K - ICOMP</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49667">CVE-2025-49667</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49668">CVE-2025-49668</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49669">CVE-2025-49669</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49670">CVE-2025-49670</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49671">CVE-2025-49671</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49672">CVE-2025-49672</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49673">CVE-2025-49673</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49674">CVE-2025-49674</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Kernel Streaming WOW Thunk Service Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49675">CVE-2025-49675</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49676">CVE-2025-49676</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Brokering File System</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49677">CVE-2025-49677</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NTFS</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49678">CVE-2025-49678</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Shell</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49679">CVE-2025-49679</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Performance Recorder</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49680">CVE-2025-49680</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49681">CVE-2025-49681</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49682">CVE-2025-49682</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Virtual Hard Disk (VHDX)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49683">CVE-2025-49683</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Storage Port Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49684">CVE-2025-49684</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows Search Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49685">CVE-2025-49685</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows TCP/IP</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49686">CVE-2025-49686</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Input Method Editor (IME)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49687">CVE-2025-49687</a></td> <td>8.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49688">CVE-2025-49688</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Virtual Hard Disk (VHDX)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49689">CVE-2025-49689</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Capability Access Management Service (camsvc)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49690">CVE-2025-49690</a></td> <td>7.4</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49691">CVE-2025-49691</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Brokering File System</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49693">CVE-2025-49693</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Brokering File System</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49694">CVE-2025-49694</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49695">CVE-2025-49695</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49696">CVE-2025-49696</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49697">CVE-2025-49697</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49698">CVE-2025-49698</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49699">CVE-2025-49699</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49700">CVE-2025-49700</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49701">CVE-2025-49701</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49702">CVE-2025-49702</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49703">CVE-2025-49703</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49704">CVE-2025-49704</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office PowerPoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49705">CVE-2025-49705</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49706">CVE-2025-49706</a></td> <td>6.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49711">CVE-2025-49711</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49713">CVE-2025-49713</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio Code - Python extension</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49714">CVE-2025-49714</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Netlogon</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49716">CVE-2025-49716</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49717">CVE-2025-49717</a></td> <td>8.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49718">CVE-2025-49718</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49719">CVE-2025-49719</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Fast FAT Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49721">CVE-2025-49721</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Print Spooler Components</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49722">CVE-2025-49722</a></td> <td>5.7</td> <td>CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows StateRepository API</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49723">CVE-2025-49723</a></td> <td>8.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Connected Devices Platform Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49724">CVE-2025-49724</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Notification</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49725">CVE-2025-49725</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Notification</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49726">CVE-2025-49726</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K - GRFX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49727">CVE-2025-49727</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49729">CVE-2025-49729</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows QoS scheduler</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49730">CVE-2025-49730</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Teams</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49731">CVE-2025-49731</a></td> <td>3.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49732">CVE-2025-49732</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K - ICOMP</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49733">CVE-2025-49733</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows KDC Proxy Service (KPSSVC)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49735">CVE-2025-49735</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Teams</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49737">CVE-2025-49737</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft PC Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49738">CVE-2025-49738</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49739">CVE-2025-49739</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows SmartScreen</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49740">CVE-2025-49740</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49741">CVE-2025-49741</a></td> <td>7.4</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49742">CVE-2025-49742</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49744">CVE-2025-49744</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Machine Learning</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49746">CVE-2025-49746</a></td> <td>9.9</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Machine Learning</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49747">CVE-2025-49747</a></td> <td>9.9</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49753">CVE-2025-49753</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Office Developer Platform</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49756">CVE-2025-49756</a></td> <td>3.3</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Storage</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49760">CVE-2025-49760</a></td> <td>3.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Purview</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53762">CVE-2025-53762</a></td> <td>8.7</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53770">CVE-2025-53770</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53771">CVE-2025-53771</a></td> <td>6.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="we-are-republishing-13-non-microsoft-cves">We are republishing 13 non-Microsoft CVEs:</h2> <table> <thead> <tr> <th>CNA</th> <th>Tag</th> <th>CVE</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>AMD</td> <td>AMD Store Queue</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-36350">CVE-2024-36350</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>MITRE</td> <td>Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27613">CVE-2025-27613</a></td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>MITRE</td> <td>Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27614">CVE-2025-27614</a></td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>AMD</td> <td>AMD L1 Data Queue</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-36357">CVE-2025-36357</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>MITRE</td> <td>Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-46334">CVE-2025-46334</a></td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>MITRE</td> <td>Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-46835">CVE-2025-46835</a></td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>MITRE</td> <td>Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48384">CVE-2025-48384</a></td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>MITRE</td> <td>Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48385">CVE-2025-48385</a></td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>MITRE</td> <td>Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48386">CVE-2025-48386</a></td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-6554">CVE-2025-6554</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-6558">CVE-2025-6558</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-7656">CVE-2025-7656</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-7657">CVE-2025-7657</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>November 12, 2024</td> <td><a href="https://aka.ms/MSRC-CSAF-Blog">Toward greater transparency: Publishing machine-readable CSAF files</a></td> </tr> <tr> <td>June 27, 2024</td> <td><a href="https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves/">Toward greater transparency: Unveiling Cloud Service CVEs</a></td> </tr> <tr> <td>April 9, 2024</td> <td><a href="https://aka.ms/MSRC-CWE-Blog">Toward greater transparency: Security Update Guide now shares CWEs for CVEs</a></td> </tr> <tr> <td>January 6, 2023</td> <td><a href="https://msrc.microsoft.com/blog/2023/01/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/">Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API</a></td> </tr> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-resources">Relevant Resources</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5062554">5062554</a></td> <td>Windows 10, version 21H2, Windows 10, version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5062557">5062557</a></td> <td>Windows 10, version 1809, Windows Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5062560">5062560</a></td> <td>Windows 10, version 1607, Windows Server 2016</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5062572">5062572</a></td> <td>Windows Server 2022</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5062618">5062618</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5062624">5062624</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Windows Server 2025 (Server Core installation) Windows 11 Version 24H2 for ARM64-based Systems Windows Server 2025 Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 24H2 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows App Client for Windows Desktop Remote Desktop client for Windows Desktop Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2012 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2012 R2 (Server Core installation) Azure Service Fabric Azure Machine Learning Azure Monitor Agent Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2024 for 64-bit editions Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Office Online Server Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC for Mac 2024 Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Teams for Android Microsoft Teams for iOS Microsoft Teams for Desktop Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition Microsoft Office for Android Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft PowerPoint 2016 (32-bit edition) Microsoft PowerPoint 2016 (64-bit edition) Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Microsoft Teams for Mac, New Edition Microsoft Purview Microsoft SQL Server 2019 for x64-based Systems (GDR) Microsoft SQL Server 2022 for x64-based Systems (GDR) Microsoft SQL Server 2019 for x64-based Systems (CU 32) Microsoft SQL Server 2022 for x64-based Systems (CU 19) Microsoft SQL Server 2017 for x64-based Systems (GDR) Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR) Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack Microsoft SQL Server 2017 for x64-based Systems (CU 31) Microsoft Visual Studio 2022 version 17.8 Microsoft Visual Studio 2022 version 17.10 Microsoft Visual Studio 2022 version 17.12 Microsoft Visual Studio 2022 version 17.14 Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Python extension for Visual Studio Code Microsoft Visual Studio 2015 Update 3 Azure DevOps Microsoft Configuration Manager 2503 Microsoft Edge (Chromium-based) Microsoft PC Manager Azure Linux 3.0 x64 Azure Linux 3.0 ARM azl3 kernel 6.6.92.2-2 on Azure Linux 3.0 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Visual Studio 2010 Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Visual Studio 2012 Update 5 Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows RT 8.1 Windows Server 2012 R2 (Server Core installation) Microsoft Visual Studio 2013 Update 5 Microsoft Visual Studio 2015 Update 3 Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft PowerPoint 2016 (32-bit edition) Microsoft PowerPoint 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Windows Server 2016 Office Online Server Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Microsoft SQL Server 2017 for x64-based Systems (GDR) Microsoft Visual Studio 2017 Microsoft Visual Studio 2017 version 15.6.6 Microsoft Visual Studio 2017 version 15.7.5 Expression Blend 4 Service Pack 3 Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR) Microsoft Visual Studio 2017 version 15.8 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft SharePoint Server 2019 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Visual Studio Code Windows Admin Center Windows Server, version 1903 (Server Core installation) Microsoft Edge (Chromium-based) Microsoft Visual Studio 2017 version 15.0 Microsoft Visual Studio 2019 version 16.0 Microsoft Visual Studio 2019 version 16.1 Microsoft Visual Studio 2019 version 16.2 Microsoft Visual Studio 2019 version 16.3 Windows Server, version 1909 (Server Core installation) Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Microsoft Visual Studio Live Share extension Microsoft Visual Studio Code Live Share extension Azure Service Fabric Microsoft Visual Studio 2019 version 16.5 Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Windows Server, version 2004 (Server Core installation) Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5) Microsoft Visual Studio Code ESLint extension Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Microsoft Visual Studio 2019 version 16.8 Visual Studio Code Remote - SSH Extension Visual Studio Code TS-Lint Extension Microsoft SQL Server 2019 for x64-based Systems (GDR) Visual Studio Code Language Support for Java Extension Remote Desktop client for Windows Desktop Microsoft Teams for iOS Visual Studio Code - npm-script Extension Microsoft Visual Studio 2019 version 16.8 (includes 16.0 - 16.7) Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Python extension for Visual Studio Code Visual Studio 2019 for Mac Mono 6.12.0 Microsoft Quantum Development Kit for Visual Studio Code Visual Studio Code - Java Extension Pack Visual Studio Code Remote - Containers Extension Visual Studio Code - Kubernetes Tools Visual Studio Code - Maven for Java Extension Visual Studio Code - GitHub Pull Requests and Issues Extension Visual Studio 2019 for Mac version 8.9 Microsoft Visual Studio 2019 version 16.10 (includes 16.0 - 16.9) Visual Studio 2019 for Mac version 8.10 .NET Education Bundle SDK Install Tool .NET Install Tool for Extension Authors Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft SharePoint Server Subscription Edition Microsoft Visual Studio 2022 version 17.0 Visual Studio Code WSL Extension Azure DevOps Microsoft Teams for Android Microsoft Visual Studio 2022 version 17.1 Microsoft Visual Studio 2022 version 17.2 Visual Studio 2022 for Mac version 17.0 Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack Microsoft Visual Studio 2022 version 17.3 Visual Studio 2022 for Mac version 17.3 Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Jupyter Extension for Visual Studio Code Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Microsoft Visual Studio 2022 version 17.4 Microsoft SQL Server 2017 for x64-based Systems (CU 31) Microsoft SQL Server 2022 for x64-based Systems (GDR) Azure Machine Learning Microsoft Office for Android Microsoft Visual Studio 2022 version 17.5 Microsoft Teams for Desktop Microsoft Visual Studio 2022 version 17.6 Microsoft Teams for Mac, New Edition Microsoft Visual Studio 2022 version 17.7 Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Microsoft Visual Studio 2022 version 17.8 Microsoft Visual Studio 2022 version 17.9 Microsoft Visual Studio 2022 version 17.10 Azure Monitor Agent Microsoft Purview Azure Linux 3.0 x64 Azure Linux 3.0 ARM Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Microsoft Visual Studio 2022 version 17.11 Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2024 for 64-bit editions Windows Server 2025 Windows Server 2025 (Server Core installation) Microsoft Office LTSC for Mac 2024 Microsoft PC Manager Windows App Client for Windows Desktop Microsoft Visual Studio 2022 version 17.12 Visual Studio Installer Microsoft Visual Studio 2022 version 17.13 Visual Studio Tools for Applications (VSTA) 2019 Visual Studio Tools for Applications (VSTA) 2022 VSTA 2022 SDK VSTA 2019 SDK Microsoft Visual Studio 2022 version 17.14 Microsoft SQL Server 2022 for x64-based Systems (CU 19) Microsoft SQL Server 2019 for x64-based Systems (CU 32) Microsoft Configuration Manager 2503 cbl2 libdb 5.3.28-7 on CBL Mariner 2.0 azl3 kernel 6.6.96.1-1 on Azure Linux 3.0 cbl2 kernel 5.15.186.1-1 on CBL Mariner 2.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 rust 1.72.0-10 on CBL Mariner 2.0 cbl2 httpd 2.4.62-1 on CBL Mariner 2.0 cbl2 hdf5 1.14.4-1 on CBL Mariner 2.0 azl3 libxslt 1.1.43-1 on Azure Linux 3.0 azl3 gnutls 3.8.3-4 on Azure Linux 3.0 azl3 unbound 1.19.1-4 on Azure Linux 3.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 azl3 httpd 2.4.62-1 on Azure Linux 3.0 azl3 hdf5 1.14.4.3-1 on Azure Linux 3.0 cbl2 rpm-ostree 2022.1-7 on CBL Mariner 2.0 cbl2 tcl 8.6.13-3 on CBL Mariner 2.0 azl3 tcl 8.6.13-3 on Azure Linux 3.0 cbl2 libssh 0.10.6-1 on CBL Mariner 2.0 azl3 libssh 0.10.6-1 on Azure Linux 3.0 azl3 gdk-pixbuf2 2.42.10-2 on Azure Linux 3.0 azl3 crash 8.0.4-4 on Azure Linux 3.0 azl3 libdb 5.3.28-9 on Azure Linux 3.0 cbl2 php 8.1.32-1 on CBL Mariner 2.0 azl3 mariadb 10.11.11-1 on Azure Linux 3.0 azl3 pytorch 2.2.2-7 on Azure Linux 3.0 azl3 vim 9.1.1198-1 on Azure Linux 3.0 azl3 fluent-bit 3.1.9-4 on Azure Linux 3.0 azl3 sysbench 1.0.20-6 on Azure Linux 3.0 azl3 httpd 2.4.64-1 on Azure Linux 3.0 azl3 ceph 18.2.2-10 on Azure Linux 3.0 cbl2 python3 3.9.19-14 on CBL Mariner 2.0 cm2 luajit 2.1.0-27 on CBL Mariner 2.0 cbl2 httpd 2.4.64-1 on CBL Mariner 2.0 cbl2 ceph 16.2.10-9 on CBL Mariner 2.0 cbl2 php 8.1.33-1 on CBL Mariner 2.0 cbl2 mysql 8.0.42-1 on CBL Mariner 2.0 cbl2 redis 6.2.18-2 on CBL Mariner 2.0 cbl2 gnutls 3.7.11-4 on CBL Mariner 2.0 cm2 redis 6.2.18-3 on CBL Mariner 2.0 cbl2 mysql 8.0.43-1 on CBL Mariner 2.0 cbl2 ceph 16.2.10-8 on CBL Mariner 2.0 cbl2 libssh 0.10.6-2 on CBL Mariner 2.0 cbl2 libssh 0.10.6-2 on CBL Mariner 2.0 cm2 helm 3.14.2-7 on CBL Mariner 2.0 cbl2 vim 9.1.1552-1 on CBL Mariner 2.0 cbl2 httpd 2.4.65-1 on CBL Mariner 2.0 cbl2 sqlite 3.39.2-4 on CBL Mariner 2.0 cm2 gdk-pixbuf2 2.40.0-8 on CBL Mariner 2.0 azl3 glibc 2.38-11 on Azure Linux 3.0 azl3 mysql 8.0.42-1 on Azure Linux 3.0 azl3 valkey 8.0.3-3 on Azure Linux 3.0 azl3 valkey 8.0.4-1 on Azure Linux 3.0 azl3 gnutls 3.8.3-5 on Azure Linux 3.0 azl3 glib 2.78.6-2 on Azure Linux 3.0 azl3 rust 1.75.0-16 on Azure Linux 3.0 azl3 mtr 0.95-3 on Azure Linux 3.0 azl3 ceph 18.2.2-9 on Azure Linux 3.0 azl3 libssh 0.10.6-2 on Azure Linux 3.0 azl3 vim 9.1.1552-1 on Azure Linux 3.0 azl3 httpd 2.4.65-1 on Azure Linux 3.0 azl3 gnutls 3.8.3-6 on Azure Linux 3.0 azl3 gdk-pixbuf2 2.42.10-4 on Azure Linux 3.0 azl3 polkit 123-3 on Azure Linux 3.0 azl3 binutils 2.41-7 on Azure Linux 3.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 cbl2 kata-containers 3.2.0.azl2-6 on CBL Mariner 2.0 cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0 cbl2 rpm-ostree 2022.1-7 on CBL Mariner 2.0 cbl2 rust 1.72.0-10 on CBL Mariner 2.0 azl3 kernel 6.6.85.1-4 on Azure Linux 3.0 cbl2 gdk-pixbuf2 2.40.0-6 on CBL Mariner 2.0 cbl2 golang 1.18.8-8 on CBL Mariner 2.0 cbl2 sqlite 3.39.2-3 on CBL Mariner 2.0 cbl2 unbound 1.19.1-3 on CBL Mariner 2.0 cbl2 libtiff 4.6.0-6 on CBL Mariner 2.0 cbl2 nghttp2 1.57.0-2 on CBL Mariner 2.0 cbl2 fluent-bit 3.0.6-2 on CBL Mariner 2.0 azl3 gdb 13.2-4 on Azure Linux 3.0 azl3 javapackages-bootstrap 1.14.0-3 on Azure Linux 3.0 azl3 kernel 6.6.92.2-2 on Azure Linux 3.0 cbl2 glib 2.71.0-5 on CBL Mariner 2.0 cbl2 pytorch 2.0.0-9 on CBL Mariner 2.0 cbl2 helm 3.14.2-6 on CBL Mariner 2.0 azl3 python3 3.12.9-4 on Azure Linux 3.0 cbl2 hdf5 1.14.4-1 on CBL Mariner 2.0 azl3 qemu 8.2.0-17 on Azure Linux 3.0 cbl2 tar 1.34-3 on CBL Mariner 2.0 azl3 nvidia-container-toolkit 1.15.0-1 on Azure Linux 3.0 cbl2 mariadb 10.6.21-1 on CBL Mariner 2.0 cbl2 crash 8.0.1-4 on CBL Mariner 2.0 azl3 libtiff 4.6.0-7 on Azure Linux 3.0 cbl2 libssh 0.10.6-2 on CBL Mariner 2.0 cbl2 golang 1.22.7-4 on CBL Mariner 2.0 cbl2 reaper 3.1.1-19 on CBL Mariner 2.0 cbl2 libdb 5.3.28-7 on CBL Mariner 2.0 cbl2 kata-containers-cc 3.2.0.azl2-7 on CBL Mariner 2.0 azl3 tar 1.35-2 on Azure Linux 3.0 cbl2 gnutls 3.7.11-3 on CBL Mariner 2.0 azl3 rust 1.86.0-4 on Azure Linux 3.0 cbl2 httpd 2.4.62-1 on CBL Mariner 2.0 azl3 php 8.3.23-1 on Azure Linux 3.0 cbl2 php 8.1.32-1 on CBL Mariner 2.0 azl3 sysbench 1.0.20-5 on Azure Linux 3.0 cbl2 libssh 0.10.6-1 on CBL Mariner 2.0 cbl2 apache-commons-lang3 3.8.1-5 on CBL Mariner 2.0 cbl2 libsoup 3.0.4-7 on CBL Mariner 2.0 azl3 apache-commons-lang3 3.8.1-6 on Azure Linux 3.0 cbl2 javapackages-bootstrap 1.5.0-7 on CBL Mariner 2.0 azl3 libsoup 3.4.4-9 on Azure Linux 3.0 cbl2 libxslt 1.1.34-8 on CBL Mariner 2.0 cbl2 gdb 11.2-6 on CBL Mariner 2.0 cbl2 binutils 2.37-15 on CBL Mariner 2.0 cbl2 redis 6.2.18-1 on CBL Mariner 2.0 cbl2 ruby 3.1.7-2 on CBL Mariner 2.0 azl3 ruby 3.3.5-5 on Azure Linux 3.0 azl3 mtr 0.95-2 on Azure Linux 3.0 cbl2 mysql 8.0.42-1 on CBL Mariner 2.0 azl3 kata-containers-cc 3.15.0.aks0-4 on Azure Linux 3.0 azl3 rust 1.86.0-3 on Azure Linux 3.0 cbl2 iputils 20211215-3 on CBL Mariner 2.0 azl3 iputils 20240117-2 on Azure Linux 3.0 azl3 sqlite 3.44.0-2 on Azure Linux 3.0 cbl2 vim 9.1.1198-1 on CBL Mariner 2.0 cbl2 luajit 2.1.0-26 on CBL Mariner 2.0 cbl2 sysbench 1.0.20-2 on CBL Mariner 2.0 cbl2 python3 3.9.19-14 on CBL Mariner 2.0 azl3 nghttp2 1.61.0-2 on Azure Linux 3.0 cbl2 ceph 16.2.10-8 on CBL Mariner 2.0 cbl2 polkit 0.119-4 on CBL Mariner 2.0 azl3 rust 1.75.0-17 on Azure Linux 3.0 cbl2 luajit 2.1.0-27 on CBL Mariner 2.0 azl3 bind 9.20.11-1 on Azure Linux 3.0 azl3 kata-containers 3.18.0.kata0-3 on Azure Linux 3.0 azl3 python-jwt 2.8.0-1 on Azure Linux 3.0 cbl2 python-jwt 2.3.0-1 on CBL Mariner 2.0 cbl2 tcl 8.6.13-3 on CBL Mariner 2.0 cbl2 rubygem-thor 1.2.1-2 on CBL Mariner 2.0 cbl2 nvidia-container-toolkit 1.11.0-1 on CBL Mariner 2.0 cbl2 httpd 2.4.64-1 on CBL Mariner 2.0 cbl2 golang 1.18.8-9 on CBL Mariner 2.0 cbl2 binutils 2.37-16 on CBL Mariner 2.0 cbl2 libsoup 3.0.4-9 on CBL Mariner 2.0 cbl2 fluent-bit 3.0.6-3 on CBL Mariner 2.0 cbl2 golang 1.22.7-5 on CBL Mariner 2.0 cbl2 apache-commons-lang3 3.8.1-6 on CBL Mariner 2.0 cbl2 ruby 3.1.7-3 on CBL Mariner 2.0 cbl2 kata-containers 3.2.0.azl2-7 on CBL Mariner 2.0 cbl2 kata-containers-cc 3.2.0.azl2-8 on CBL Mariner 2.0 cbl2 rubygem-thor 1.2.1-3 on CBL Mariner 2.0 cbl2 iputils 20211215-4 on CBL Mariner 2.0 cbl2 libtiff 4.6.0-8 on CBL Mariner 2.0 azl3 kernel 6.6.96.2-2 on Azure Linux 3.0 azl3 gdb 13.2-5 on Azure Linux 3.0 azl3 libssh 0.10.6-3 on Azure Linux 3.0 azl3 fluent-bit 3.1.9-5 on Azure Linux 3.0 azl3 kata-containers-cc 3.15.0.aks0-5 on Azure Linux 3.0 azl3 rust 1.75.0-18 on Azure Linux 3.0 azl3 glibc 2.38-12 on Azure Linux 3.0 Windows 11 Version 25H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems cbl2 gdb 11.2-7 on CBL Mariner 2.0 cbl2 binutils 2.37-17 on CBL Mariner 2.0 cbl2 libssh 0.10.6-3 on CBL Mariner 2.0 azl3 kernel 6.6.104.2-4 on Azure Linux 3.0 azl3 binutils 2.41-9 on Azure Linux 3.0 azl3 glibc 2.38-14 on Azure Linux 3.0 azl3 rust 1.75.0-20 on Azure Linux 3.0 cbl2 crash 8.0.1-5 on CBL Mariner 2.0 cbl2 rust 1.72.0-11 on CBL Mariner 2.0 azl3 kernel 6.6.112.1-2 on Azure Linux 3.0 azl3 glibc 2.38-15 on Azure Linux 3.0 azl3 libxml2 2.11.5-7 on Azure Linux 3.0 azl3 rust 1.75.0-21 on Azure Linux 3.0 azl3 libssh 0.10.6-4 on Azure Linux 3.0 cbl2 qemu 6.2.0-26 on CBL Mariner 2.0 cbl2 libxslt 1.1.34-9 on CBL Mariner 2.0 cbl2 pytorch 2.0.0-11 on CBL Mariner 2.0 cbl2 libssh 0.10.6-5 on CBL Mariner 2.0 azl3 kernel 6.6.117.1-1 on Azure Linux 3.0 azl3 libxslt 1.1.43-3 on Azure Linux 3.0 azl3 pytorch 2.2.2-9 on Azure Linux 3.0 azl3 rust 1.75.0-22 on Azure Linux 3.0 azl3 libssh 0.10.6-5 on Azure Linux 3.0 azl3 hdf5 1.14.6-1 on Azure Linux 3.0 cbl2 hdf5 1.14.6-1 on CBL Mariner 2.0 cbl2 libxslt 1.1.34-10 on CBL Mariner 2.0 azl3 kernel 6.6.119.3-1 on Azure Linux 3.0 azl3 pytorch 2.2.2-10 on Azure Linux 3.0 azl3 php 8.3.29-1 on Azure Linux 3.0 azl3 kernel 6.6.119.3-3 on Azure Linux 3.0 azl3 kata-containers-cc 3.15.0.aks0-6 on Azure Linux 3.0 azl3 libxml2 2.11.5-8 on Azure Linux 3.0 azl3 kernel 6.6.121.1-1 on Azure Linux 3.0 azl3 rust 1.75.0-24 on Azure Linux 3.0 cbl2 pytorch 2.0.0-12 on CBL Mariner 2.0 cbl2 rust 1.72.0-13 on CBL Mariner 2.0 azl3 pytorch 2.2.2-11 on Azure Linux 3.0 cbl2 kernel 5.15.200.1-1 on CBL Mariner 2.0 cbl2 pytorch 2.0.0-14 on CBL Mariner 2.0 cbl2 rust 1.72.0-14 on CBL Mariner 2.0 azl3 kernel 6.6.126.1-1 on Azure Linux 3.0 azl3 rust 1.75.0-25 on Azure Linux 3.0 azl3 pytorch 2.2.2-12 on Azure Linux 3.0 cbl2 kernel 5.15.202.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.130.1-3 on Azure Linux 3.0 cbl2 pytorch 2.0.0-15 on CBL Mariner 2.0 cbl2 rust 1.72.0-15 on CBL Mariner 2.0 azl3 rust 1.75.0-27 on Azure Linux 3.0 azl3 gdb 13.2-7 on Azure Linux 3.0 azl3 kernel 6.6.134.1-2 on Azure Linux 3.0 azl3 rust 1.75.0-28 on Azure Linux 3.0 azl3 crash 9.0.0-2 on Azure Linux 3.0 azl3 pytorch 2.2.2-14 on Azure Linux 3.0 azl3 kernel 6.6.137.1-2 on Azure Linux 3.0 azl3 kernel 6.6.138.1-1 on Azure Linux 3.0 azl3 kernel 6.6.139.1-1 on Azure Linux 3.0 None Available Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) f2fs: fix to bail out in get_new_segment() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38333 17085-17084 19683-17084 20553-17084 20613-17084 17087-17086 20725-17084 20788-17084 20823-17084 20860-17084 21248-17084 20412-17084 20956-17084 21094-17084 21308-17084 21332-17084 21344-17084 17085-17084 19683-17084 20553-17084 20613-17084 17087-17086 20725-17084 20788-17084 20823-17084 20860-17084 21248-17084 20412-17084 20956-17084 21094-17084 21308-17084 21332-17084 21344-17084 17085-17084 19683-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 17087-17086 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 21248-17084 20412-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17085-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-11-20T01:02:13 <p>Information published.</p> 3.0 2025-11-25T01:38:04 <p>Information published.</p> 4.0 2025-12-07T01:44:24 <p>Information published.</p> 5.0 2026-01-08T14:41:58 <p>Information published.</p> 6.0 2026-01-20T14:36:31 <p>Information published.</p> 7.0 2026-02-18T03:08:06 <p>Information published.</p> 8.0 2026-03-04T14:46:26 <p>Information published.</p> 9.0 2026-03-31T14:39:07 <p>Information published.</p> 10.0 2026-04-29T14:58:12 <p>Information published.</p> 12.0 2026-05-11T01:49:23 <p>Information published.</p> 1.0 2025-08-21T18:00:17 <p>Information published.</p> 11.0 2026-05-06T14:51:17 <p>Information published.</p> 13.0 2026-05-17T14:50:37 <p>Information published.</p> LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-25178 Out-of-bounds Read 19527-17084 20314-17086 20174-17084 19536-16823 20311-17086 19527-17084 20314-17086 20174-17084 19536-16823 20311-17086 Important 19527-17084 Important 20314-17086 Important 20174-17084 Important 19536-16823 Important 20311-17086 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 19527-17084 9.4 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U 20314-17086 9.4 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U 20174-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 19536-16823 9.4 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U 20311-17086 CBL-Mariner Releases 19527-17084 20174-17084 No Security Update 1.0.20-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19527-17084 20174-17084 CBL-Mariner Releases CBL-Mariner Releases 20314-17086 No Security Update 1.0.20-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20314-17086 CBL-Mariner Releases CBL-Mariner Releases 19536-16823 20311-17086 No Security Update 2.1.0-27 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19536-16823 20311-17086 CBL-Mariner Releases 2.0 2025-07-25T00:00:00 <p>Added luajit to CBL-Mariner 2.0 Added sysbench to CBL-Mariner 2.0 Added sysbench to Azure Linux 3.0</p> 1.0 2025-07-19T00:00:00 <p>Information published.</p> 2.1 2026-02-18T02:02:06 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50080 19570-16823 20247-17086 19547-17086 19591-17084 19570-16823 20247-17086 19547-17086 19591-17084 Moderate 19570-16823 20247-17086 Moderate 19547-17086 Moderate 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19570-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20247-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 CBL-Mariner Releases 19570-16823 20247-17086 19547-17086 19591-17084 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 20247-17086 19547-17086 19591-17084 CBL-Mariner Releases 1.0 2025-08-06T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:45:57 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50081 Improper Access Control 19570-16823 20247-17086 19591-17084 19547-17086 19570-16823 20247-17086 19591-17084 19547-17086 Low 19570-16823 20247-17086 Low 19591-17084 Low 19547-17086 3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N 19570-16823 3.1 2.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:U 20247-17086 3.1 2.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:U 19591-17084 3.1 2.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:U 19547-17086 CBL-Mariner Releases 19570-16823 20247-17086 19591-17084 19547-17086 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 20247-17086 19591-17084 19547-17086 CBL-Mariner Releases 2.0 2026-02-18T02:09:32 <p>Information published.</p> 1.0 2025-08-06T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50084 Incorrect Authorization 19570-16823 19591-17084 20247-17086 19547-17086 19570-16823 19591-17084 20247-17086 19547-17086 Moderate 19570-16823 Moderate 19591-17084 20247-17086 Moderate 19547-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19570-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20247-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-17086 CBL-Mariner Releases 19570-16823 19591-17084 20247-17086 19547-17086 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 19591-17084 20247-17086 19547-17086 CBL-Mariner Releases 2.0 2026-02-18T01:29:00 <p>Information published.</p> 1.0 2025-08-06T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50085 19570-16823 19591-17084 19547-17086 20247-17086 19570-16823 19591-17084 19547-17086 20247-17086 Moderate 19570-16823 Moderate 19591-17084 Moderate 19547-17086 20247-17086 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 19570-16823 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 19591-17084 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 19547-17086 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 20247-17086 CBL-Mariner Releases 19570-16823 19591-17084 19547-17086 20247-17086 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 19591-17084 19547-17086 20247-17086 CBL-Mariner Releases 1.0 2025-08-06T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:32:10 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50092 19570-16823 19547-17086 19591-17084 20247-17086 19570-16823 19547-17086 19591-17084 20247-17086 Moderate 19570-16823 Moderate 19547-17086 Moderate 19591-17084 20247-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19570-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20247-17086 CBL-Mariner Releases 19570-16823 19547-17086 19591-17084 20247-17086 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 19547-17086 19591-17084 20247-17086 CBL-Mariner Releases 2.0 2026-02-18T01:38:34 <p>Information published.</p> 1.0 2025-08-06T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50093 19570-16823 20247-17086 19547-17086 19591-17084 19570-16823 20247-17086 19547-17086 19591-17084 Moderate 19570-16823 20247-17086 Moderate 19547-17086 Moderate 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19570-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20247-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 CBL-Mariner Releases 19570-16823 20247-17086 19547-17086 19591-17084 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 20247-17086 19547-17086 19591-17084 CBL-Mariner Releases 1.0 2025-08-06T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:33:13 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50098 19570-16823 19591-17084 20247-17086 19547-17086 19570-16823 19591-17084 20247-17086 19547-17086 Low 19570-16823 Low 19591-17084 20247-17086 Low 19547-17086 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 19570-16823 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 19591-17084 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 20247-17086 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 19547-17086 CBL-Mariner Releases 19570-16823 19591-17084 20247-17086 19547-17086 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 19591-17084 20247-17086 19547-17086 CBL-Mariner Releases 1.0 2025-08-06T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:31:04 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50099 19570-16823 19591-17084 19547-17086 20247-17086 19570-16823 19591-17084 19547-17086 20247-17086 Moderate 19570-16823 Moderate 19591-17084 Moderate 19547-17086 20247-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19570-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20247-17086 CBL-Mariner Releases 19570-16823 19591-17084 19547-17086 20247-17086 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 19591-17084 19547-17086 20247-17086 CBL-Mariner Releases 2.0 2026-02-18T01:24:56 <p>Information published.</p> 1.0 2025-08-06T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50100 19570-16823 19591-17084 20247-17086 19547-17086 19570-16823 19591-17084 20247-17086 19547-17086 Low 19570-16823 Low 19591-17084 20247-17086 Low 19547-17086 2.2 2.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L 19570-16823 2.2 2.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L 19591-17084 2.2 2.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L 20247-17086 2.2 2.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L 19547-17086 CBL-Mariner Releases 19570-16823 19591-17084 20247-17086 19547-17086 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 19591-17084 20247-17086 19547-17086 CBL-Mariner Releases 1.0 2025-08-06T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:40:35 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50102 19570-16823 19591-17084 20247-17086 19547-17086 19570-16823 19591-17084 20247-17086 19547-17086 Moderate 19570-16823 Moderate 19591-17084 20247-17086 Moderate 19547-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19570-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20247-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-17086 CBL-Mariner Releases 19570-16823 19591-17084 20247-17086 19547-17086 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 19591-17084 20247-17086 19547-17086 CBL-Mariner Releases 1.0 2025-08-06T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:25:59 <p>Information published.</p> Ceph is vulnerable to authentication bypass through RadosGW <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-48916 Insufficient Verification of Data Authenticity 19531-17084 19573-17086 19540-16823 20322-17086 19622-17084 19531-17084 19573-17086 19540-16823 20322-17086 19622-17084 Important 19531-17084 Important 19573-17086 Important 19540-16823 20322-17086 Important 19622-17084 8.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 19531-17084 9.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P 19573-17086 8.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 19540-16823 9.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P 20322-17086 9.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P 19622-17084 CBL-Mariner Releases 19531-17084 19622-17084 No Security Update 18.2.2-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19531-17084 19622-17084 CBL-Mariner Releases CBL-Mariner Releases 19573-17086 19540-16823 20322-17086 No Security Update 16.2.10-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19573-17086 19540-16823 20322-17086 CBL-Mariner Releases 1.0 2025-08-09T00:00:00 <p>Information published.</p> 3.0 2026-02-21T04:20:33 <p>Information published.</p> 2.0 2025-08-11T00:00:00 <p>Added ceph to CBL-Mariner 2.0</p> Null byte termination in hostnames <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner php Yes CVE-2025-1220 Server-Side Request Forgery (SSRF) 19545-16823 20163-17084 20169-17086 20800-17084 19238-17086 19545-16823 20163-17084 20169-17086 20800-17084 19238-17086 Low 19545-16823 Low 20163-17084 20169-17086 Low 20800-17084 Low 19238-17086 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 19545-16823 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 20163-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 20169-17086 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 20800-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 19238-17086 CBL-Mariner Releases 19545-16823 20169-17086 19238-17086 No Security Update 8.1.33-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19545-16823 20169-17086 19238-17086 CBL-Mariner Releases 4.0 2026-04-15T01:38:32 <p>Information published.</p> 1.0 2025-08-06T00:00:00 <p>Information published.</p> 2.0 2026-01-08T14:43:02 <p>Information published.</p> 3.0 2026-02-18T01:09:35 <p>Information published.</p> Apache HTTP Server: mod_ssl access control bypass with session resumption <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2025-23048 Improper Access Control 19537-16823 19528-17084 20148-17086 17686-17084 17276-17086 19537-16823 19528-17084 20148-17086 17686-17084 17276-17086 Important 19537-16823 Important 19528-17084 20148-17086 Important 17686-17084 Important 17276-17086 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 19537-16823 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 19528-17084 8.6 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U 20148-17086 8.6 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U 17686-17084 8.6 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U 17276-17086 CBL-Mariner Releases 19537-16823 19528-17084 20148-17086 17686-17084 17276-17086 No Security Update 2.4.64-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19537-16823 19528-17084 20148-17086 17686-17084 17276-17086 CBL-Mariner Releases 2.0 2025-07-18T00:00:00 <p>Added httpd to CBL-Mariner 2.0 Added httpd to Azure Linux 3.0</p> 1.0 2025-07-17T00:00:00 <p>Information published.</p> 3.0 2026-02-18T01:16:15 <p>Information published.</p> Gnutls: vulnerability in gnutls sct extension parsing <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-32989 Improper Certificate Validation 19552-16823 19597-17084 20134-17086 17479-17084 19552-16823 19597-17084 20134-17086 17479-17084 Moderate 19552-16823 Moderate 19597-17084 Moderate 20134-17086 Moderate 17479-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19552-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19597-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 20134-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17479-17084 CBL-Mariner Releases 19552-16823 20134-17086 No Security Update 3.7.11-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19552-16823 20134-17086 CBL-Mariner Releases CBL-Mariner Releases 19597-17084 17479-17084 No Security Update 3.8.3-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19597-17084 17479-17084 CBL-Mariner Releases 1.0 2025-07-15T00:00:00 <p>Information published.</p> 2.0 2025-07-25T00:00:00 <p>Added gnutls to CBL-Mariner 2.0 Added gnutls to Azure Linux 3.0</p> 2.1 2026-02-18T01:05:35 <p>Information published.</p> x86/iopl: Cure TIF_IO_BITMAP inconsistencies <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38100 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:48:52 <p>Information published.</p> VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38102 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:30:03 <p>Information published.</p> net_sched: red: fix a race in __red_change() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38108 17085-17084 19880-17084 17085-17084 19880-17084 Moderate 17085-17084 Moderate 19880-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:03:06 <p>Information published.</p> net/mdiobus: Fix potential out-of-bounds clause 45 read/write access <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38110 17085-17084 19880-17084 17085-17084 19880-17084 Moderate 17085-17084 Moderate 19880-17084 5.3 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:51:11 <p>Information published.</p> ACPI: CPPC: Fix NULL pointer dereference when nosmp is used <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38113 17085-17084 19880-17084 17085-17084 19880-17084 Moderate 17085-17084 Moderate 19880-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:02:04 <p>Information published.</p> Bluetooth: MGMT: Protect mgmt_pending list with its own lock <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38117 17085-17084 19880-17084 17087-17086 21093-17086 20925-17086 17085-17084 19880-17084 17087-17086 21093-17086 20925-17086 Moderate 17085-17084 Moderate 19880-17084 Moderate 17087-17086 Moderate 21093-17086 Moderate 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-11-22T01:01:42 <p>Information published.</p> 3.0 2026-03-03T14:47:00 <p>Information published.</p> 4.0 2026-03-31T14:59:55 <p>Information published.</p> 2.1 2026-02-18T01:44:07 <p>Information published.</p> Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38118 17085-17084 19880-17084 17087-17086 21093-17086 20925-17086 17085-17084 19880-17084 17087-17086 21093-17086 20925-17086 Important 17085-17084 Important 19880-17084 Important 17087-17086 Important 21093-17086 Important 20925-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.1 2026-02-18T01:31:43 <p>Information published.</p> 3.0 2026-03-03T14:44:23 <p>Information published.</p> 4.0 2026-03-31T14:54:16 <p>Information published.</p> 2.0 2025-12-19T01:01:45 <p>Information published.</p> net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38126 Divide By Zero 17085-17084 20925-17086 21093-17086 19880-17084 17087-17086 17085-17084 20925-17086 21093-17086 19880-17084 17087-17086 Important 17085-17084 Moderate 20925-17086 Moderate 21093-17086 Important 19880-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17085-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-12-19T01:01:50 <p>Information published.</p> 2.1 2026-02-18T01:27:15 <p>Information published.</p> 3.0 2026-03-03T14:44:40 <p>Information published.</p> 4.0 2026-03-31T14:54:42 <p>Information published.</p> ice: fix Tx scheduler error handling in XDP callback <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38127 17085-17084 17087-17086 21093-17086 19880-17084 20925-17086 17085-17084 17087-17086 21093-17086 19880-17084 20925-17086 Moderate 17085-17084 Moderate 17087-17086 Moderate 21093-17086 Moderate 19880-17084 Moderate 20925-17086 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 17087-17086 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 21093-17086 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 19880-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 20925-17086 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 2.0 2025-11-22T01:01:52 <p>Information published.</p> 2.1 2026-02-18T02:05:27 <p>Information published.</p> 3.0 2026-03-03T14:47:39 <p>Information published.</p> 4.0 2026-03-31T15:00:41 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> hwmon: (asus-ec-sensors) check sensor index in read_string() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38142 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.1 2026-02-18T01:36:27 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> net: phy: mscc: Fix memory leak when using one step timestamping <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38148 19880-17084 17087-17086 19880-17084 17087-17086 Moderate 19880-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-12-20T01:01:44 <p>Information published.</p> 2.1 2026-02-18T01:33:52 <p>Information published.</p> 3.0 2026-02-24T14:37:14 <p>Information published.</p> wifi: ath9k_htc: Abort software beacon handling if disabled <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38157 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:33:01 <p>Information published.</p> wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38155 19880-17084 19880-17084 Moderate 19880-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19880-17084 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:46:49 <p>Information published.</p> clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38160 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:01:01 <p>Information published.</p> f2fs: fix to do sanity check on sbi->total_valid_block_count <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38163 NULL Pointer Dereference 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:48:11 <p>Information published.</p> fs/ntfs3: handle hdr_first_de() return value <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38167 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:07:18 <p>Information published.</p> thunderbolt: Do not double dequeue a configuration request <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38174 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:09:35 <p>Information published.</p> crypto: marvell/cesa - Handle zero-length skcipher requests <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38173 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:35:48 <p>Information published.</p> net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38183 Out-of-bounds Write 17085-17084 19880-17084 17085-17084 19880-17084 Moderate 17085-17084 Moderate 19880-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17085-17084 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.1 2026-02-18T02:44:01 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38184 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.1 2026-02-18T02:54:42 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> net_sched: sch_sfq: reject invalid perturb period <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38193 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:50:58 <p>Information published.</p> fbcon: Make sure modelist not set on unregistered console <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38198 17087-17086 19880-17084 20925-17086 21093-17086 17087-17086 19880-17084 20925-17086 21093-17086 Important 17087-17086 Moderate 19880-17084 Important 20925-17086 Important 21093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-12-20T01:02:04 <p>Information published.</p> 2.1 2026-02-18T02:13:54 <p>Information published.</p> 3.0 2026-03-03T14:45:49 <p>Information published.</p> 4.0 2026-03-31T14:56:40 <p>Information published.</p> i40e: fix MMIO write access to an invalid page in i40e_clear_hw <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38200 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:42:03 <p>Information published.</p> bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38202 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:24:49 <p>Information published.</p> ipc: fix to protect IPCS lookups using RCU <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38212 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:53:07 <p>Information published.</p> fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38215 17085-17084 17087-17086 20925-17086 21093-17086 19880-17084 17085-17084 17087-17086 20925-17086 21093-17086 19880-17084 Moderate 17085-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 2.0 2025-12-20T01:02:10 <p>Information published.</p> 3.0 2026-03-03T14:46:05 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.1 2026-02-18T02:24:02 <p>Information published.</p> 4.0 2026-03-31T14:57:04 <p>Information published.</p> f2fs: fix to do sanity check on sit_bitmap_size <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38218 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:18:53 <p>Information published.</p> ext4: inline: fix len overflow in ext4_prepare_inline_data <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38222 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.1 2026-02-18T02:47:47 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> media: vivid: Change the siize of the composing <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38226 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:21:45 <p>Information published.</p> af_unix: Don't leave consecutive consumed OOB skbs. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38236 17085-17084 19880-17084 17087-17086 17085-17084 19880-17084 17087-17086 Important 17085-17084 Important 19880-17084 Important 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.1 2026-02-18T02:56:23 <p>Information published.</p> 3.0 2026-02-24T14:37:28 <p>Information published.</p> 2.0 2025-12-20T01:02:25 <p>Information published.</p> scsi: megaraid_sas: Fix invalid node index <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38239 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T03:03:00 <p>Information published.</p> atm: clip: prevent NULL deref in clip_push() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38251 17087-17086 19880-17084 17087-17086 19880-17084 Moderate 17087-17086 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 2.0 2025-12-20T01:02:39 <p>Information published.</p> 3.0 2026-02-24T14:37:51 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.1 2026-02-18T03:05:12 <p>Information published.</p> s390/pkey: Prevent overflow in size calculation for memdup_user() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38257 19880-17084 17087-17086 19880-17084 17087-17086 Moderate 19880-17084 Important 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 2.0 2025-12-20T01:02:44 <p>Information published.</p> 3.0 2026-01-08T01:39:24 <p>Information published.</p> 3.1 2026-02-18T03:05:38 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> tty: serial: uartlite: register uart driver in init <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38262 19880-17084 17087-17086 19880-17084 17087-17086 Moderate 19880-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-12-20T01:02:54 <p>Information published.</p> 2.1 2026-02-18T03:02:34 <p>Information published.</p> 3.0 2026-02-24T14:37:58 <p>Information published.</p> bcache: fix NULL pointer in cache_set_flush() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38263 NULL Pointer Dereference 17087-17086 19880-17084 17087-17086 19880-17084 Moderate 17087-17086 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 2.0 2025-12-20T01:02:59 <p>Information published.</p> 3.0 2026-01-13T01:40:34 <p>Information published.</p> 3.1 2026-02-18T03:04:45 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> mtd: nand: ecc-mxic: Fix use of uninitialized variable ret <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38277 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.1 2026-02-18T15:06:39 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38278 19880-17084 19880-17084 Important 19880-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:02:53 <p>Information published.</p> pinctrl: at91: Fix possible out-of-boundary access <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38286 19880-17084 19880-17084 Important 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:08:12 <p>Information published.</p> bpf: Fix WARN() in get_bpf_raw_tp_regs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38285 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:05:04 <p>Information published.</p> Bluetooth: Fix NULL pointer deference on eir_get_service_data <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38304 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:04:20 <p>Information published.</p> ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38305 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.1 2026-02-18T15:05:40 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> bus: fsl-mc: fix double-free on mc_dev <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38313 Double Free 17085-17084 19880-17084 17085-17084 19880-17084 Moderate 17085-17084 Moderate 19880-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17085-17084 7.1 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:R 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:10:30 <p>Information published.</p> drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38319 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:01:39 <p>Information published.</p> mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38324 17085-17084 19880-17084 17085-17084 19880-17084 Low 17085-17084 Low 19880-17084 3.3 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:04:40 <p>Information published.</p> aoe: clean device rq_list in aoedev_downdev() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38326 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:09:39 <p>Information published.</p> scsi: lpfc: Use memcpy() for BIOS version <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38332 17085-17084 19880-17084 17085-17084 19880-17084 Moderate 17085-17084 Moderate 19880-17084 7.8 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:10:41 <p>Information published.</p> ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38336 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:00:56 <p>Information published.</p> software node: Correct a OOB check in software_node_get_reference_args() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38342 Out-of-bounds Read 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:03:58 <p>Information published.</p> ACPICA: fix acpi parse and parseext cache leaks <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38344 Missing Release of Memory after Effective Lifetime 19880-17084 19880-17084 Moderate 19880-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:06:09 <p>Information published.</p> posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38352 17085-17084 19880-17084 17085-17084 19880-17084 Moderate 17085-17084 Moderate 19880-17084 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17085-17084 5.1 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:18:24 <p>Information published.</p> drm/msm/gpu: Fix crash when throttling GPU immediately during boot <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38354 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-21T03:56:00 <p>Information published.</p> misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38368 NULL Pointer Dereference 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-21T03:48:38 <p>Information published.</p> dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38369 17085-17084 17087-17086 21093-17086 19880-17084 20925-17086 17085-17084 17087-17086 21093-17086 19880-17084 20925-17086 Important 17085-17084 Moderate 17087-17086 Moderate 21093-17086 Important 19880-17084 Moderate 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-11-20T01:02:28 <p>Information published.</p> 2.1 2026-02-21T03:58:54 <p>Information published.</p> 3.0 2026-03-03T14:42:01 <p>Information published.</p> 4.0 2026-03-31T14:52:27 <p>Information published.</p> remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38419 Missing Release of Memory after Effective Lifetime 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-21T03:41:48 <p>Information published.</p> wifi: carl9170: do not ping device which has failed to load firmware <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38420 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-21T03:49:34 <p>Information published.</p> Input: ims-pcu - check record size in ims_pcu_flash_firmware() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38428 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.1 2026-02-21T03:45:55 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> bus: mhi: ep: Update read pointer only after buffer is written <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38429 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.1 2026-02-21T03:45:07 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> do_change_type(): refuse to operate on unmounted/not ours mounts <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38498 17085-17084 19880-17084 17085-17084 19880-17084 Moderate 17085-17084 Moderate 19880-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-21T04:19:45 <p>Information published.</p> Redis DoS Vulnerability due to bad connection error handling <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-48367 Allocation of Resources Without Limits or Throttling 19566-16823 19593-17084 19592-17084 20238-17086 19566-16823 19593-17084 19592-17084 20238-17086 Important 19566-16823 Important 19593-17084 Important 19592-17084 Important 20238-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19566-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19593-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19592-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20238-17086 CBL-Mariner Releases 19566-16823 20238-17086 No Security Update 6.2.18-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19566-16823 20238-17086 CBL-Mariner Releases CBL-Mariner Releases 19593-17084 19592-17084 No Security Update 8.0.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19593-17084 19592-17084 CBL-Mariner Releases 2.0 2025-07-29T00:00:00 <p>Added valkey to Azure Linux 3.0 Added redis to CBL-Mariner 2.0</p> 2.1 2026-02-18T02:58:11 <p>Information published.</p> 1.0 2025-07-16T00:00:00 <p>Information published.</p> Apache HTTP Server: mod_proxy_http2 denial of service <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2025-49630 Reachable Assertion 19537-16823 19528-17084 20148-17086 17686-17084 17276-17086 19537-16823 19528-17084 20148-17086 17686-17084 17276-17086 Moderate 19537-16823 Moderate 19528-17084 20148-17086 Moderate 17686-17084 Moderate 17276-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19537-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19528-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20148-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 17686-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 17276-17086 CBL-Mariner Releases 19537-16823 19528-17084 20148-17086 17686-17084 17276-17086 No Security Update 2.4.64-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19537-16823 19528-17084 20148-17086 17686-17084 17276-17086 CBL-Mariner Releases 1.0 2025-07-17T00:00:00 <p>Information published.</p> 2.0 2025-07-18T00:00:00 <p>Added httpd to CBL-Mariner 2.0 Added httpd to Azure Linux 3.0</p> 3.0 2026-02-18T01:20:21 <p>Information published.</p> Apache HTTP Server: mod_ssl TLS upgrade attack <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2025-49812 Improper Authentication 19537-16823 19528-17084 17686-17084 20148-17086 17276-17086 19537-16823 19528-17084 17686-17084 20148-17086 17276-17086 Important 19537-16823 Important 19528-17084 Important 17686-17084 20148-17086 Important 17276-17086 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 19537-16823 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 19528-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17686-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20148-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17276-17086 CBL-Mariner Releases 19537-16823 19528-17084 17686-17084 20148-17086 17276-17086 No Security Update 2.4.64-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19537-16823 19528-17084 17686-17084 20148-17086 17276-17086 CBL-Mariner Releases 1.0 2025-07-17T00:00:00 <p>Information published.</p> 2.0 2025-07-18T00:00:00 <p>Added httpd to CBL-Mariner 2.0 Added httpd to Azure Linux 3.0</p> 3.0 2026-02-18T01:08:42 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50078 Uncontrolled Resource Consumption 19570-16823 19591-17084 19547-17086 20247-17086 19570-16823 19591-17084 19547-17086 20247-17086 Moderate 19570-16823 Moderate 19591-17084 Moderate 19547-17086 20247-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19570-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19591-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19547-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20247-17086 CBL-Mariner Releases 19570-16823 19591-17084 19547-17086 20247-17086 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 19591-17084 19547-17086 20247-17086 CBL-Mariner Releases 1.0 2025-08-06T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:44:53 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50091 Uncontrolled Resource Consumption 19570-16823 20247-17086 19547-17086 19591-17084 19570-16823 20247-17086 19547-17086 19591-17084 Moderate 19570-16823 20247-17086 Moderate 19547-17086 Moderate 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19570-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20247-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 CBL-Mariner Releases 19570-16823 20247-17086 19547-17086 19591-17084 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 20247-17086 19547-17086 19591-17084 CBL-Mariner Releases 1.0 2025-08-06T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:43:42 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50096 19570-16823 19591-17084 20247-17086 19547-17086 19570-16823 19591-17084 20247-17086 19547-17086 Moderate 19570-16823 Moderate 19591-17084 20247-17086 Moderate 19547-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19570-16823 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20247-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-17086 CBL-Mariner Releases 19570-16823 19591-17084 20247-17086 19547-17086 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 19591-17084 20247-17086 19547-17086 CBL-Mariner Releases 2.0 2026-02-18T01:28:02 <p>Information published.</p> 1.0 2025-08-06T00:00:00 <p>Information published.</p> Vim has path traversal issue with zip.vim and special crafted zip archives <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-53906 Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;) 19576-16823 19624-17084 19409-17084 20302-17086 19576-16823 19624-17084 19409-17084 20302-17086 Moderate 19576-16823 Low 19624-17084 Low 19409-17084 Moderate 20302-17086 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L 19576-16823 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L 19624-17084 4.1 3.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L/E:U 19409-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L 20302-17086 CBL-Mariner Releases 19576-16823 19624-17084 19409-17084 20302-17086 No Security Update 9.1.1552-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19576-16823 19624-17084 19409-17084 20302-17086 CBL-Mariner Releases 1.1 2026-02-18T01:51:27 <p>Information published.</p> 1.0 2025-08-06T00:00:00 <p>Information published.</p> Libssh: invalid return code for chacha20 poly1305 with openssl backend <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-5987 Return of Wrong Status Code 19574-16823 19623-17084 18214-17084 18208-17086 20179-17086 19574-16823 19623-17084 18214-17084 18208-17086 20179-17086 Moderate 19574-16823 Moderate 19623-17084 Moderate 18214-17084 Moderate 18208-17086 20179-17086 5.0 5.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 19574-16823 5.0 5.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 19623-17084 5.0 5.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 18214-17084 5.0 5.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 18208-17086 5.0 5.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 20179-17086 CBL-Mariner Releases 19574-16823 19623-17084 18214-17084 18208-17086 20179-17086 No Security Update 0.10.6-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19574-16823 19623-17084 18214-17084 18208-17086 20179-17086 CBL-Mariner Releases 1.0 2025-07-17T00:00:00 <p>Information published.</p> 3.0 2026-02-18T02:55:49 <p>Information published.</p> 2.0 2025-07-18T00:00:00 <p>Added libssh to CBL-Mariner 2.0 Added libssh to Azure Linux 3.0</p> NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner php Yes CVE-2025-6491 NULL Pointer Dereference 19545-16823 20163-17084 20169-17086 19238-17086 19545-16823 20163-17084 20169-17086 19238-17086 Moderate 19545-16823 Moderate 20163-17084 20169-17086 Moderate 19238-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19545-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20163-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20169-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19238-17086 CBL-Mariner Releases 19545-16823 20169-17086 19238-17086 No Security Update 8.1.33-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19545-16823 20169-17086 19238-17086 CBL-Mariner Releases 2.0 2025-11-25T01:37:22 <p>Information published.</p> 1.0 2025-08-06T00:00:00 <p>Information published.</p> 3.0 2026-02-18T01:10:25 <p>Information published.</p> SQLite integer overflow in key info allocation may lead to information disclosure. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2025-7458 Integer Overflow or Wraparound 19582-16823 19759-17086 19582-16823 19759-17086 Moderate 19582-16823 Moderate 19759-17086 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 19582-16823 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 19759-17086 CBL-Mariner Releases 19582-16823 19759-17086 No Security Update 3.39.2-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19582-16823 19759-17086 CBL-Mariner Releases 1.0 2025-08-14T00:00:00 <p>Information published.</p> 1.1 2026-02-21T04:19:16 <p>Information published.</p> GNU Binutils objcopy.c copy_section heap-based overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-7545 Heap-based Buffer Overflow 19634-17084 20219-17086 20376-17086 19634-17084 20219-17086 20376-17086 Moderate 19634-17084 20219-17086 Moderate 20376-17086 5.3 4.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U 19634-17084 5.3 4.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U 20219-17086 5.3 4.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U 20376-17086 CBL-Mariner Releases 19634-17084 No Security Update 2.41-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19634-17084 CBL-Mariner Releases CBL-Mariner Releases 20219-17086 20376-17086 No Security Update 2.37-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20219-17086 20376-17086 CBL-Mariner Releases 1.0 2025-08-06T00:00:00 <p>Information published.</p> perf: Revert to requiring CAP_SYS_ADMIN for uprobes <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38466 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Moderate 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T21:49:02 <p>Information published.</p> 2.0 2025-12-24T01:03:53 <p>Information published.</p> 3.0 2026-02-24T14:39:56 <p>Information published.</p> ksmbd: fix potential use-after-free in oplock/lease break ack <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38437 Use After Free 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Important 17087-17086 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 2.0 2025-12-24T01:02:38 <p>Information published.</p> 1.0 2025-09-03T21:51:00 <p>Information published.</p> 3.0 2026-01-08T01:39:46 <p>Information published.</p> bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38439 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 Moderate 17087-17086 19683-17084 Important 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T21:53:44 <p>Information published.</p> 2.0 2025-12-24T01:02:43 <p>Information published.</p> 3.0 2026-02-24T14:38:21 <p>Information published.</p> atm: clip: Fix NULL pointer dereference in vcc_sendmsg() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38458 NULL Pointer Dereference 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 Important 20412-17084 19683-17084 Moderate 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T21:55:15 <p>Information published.</p> 3.0 2026-02-24T14:39:05 <p>Information published.</p> 2.0 2025-12-24T01:03:18 <p>Information published.</p> wifi: ath12k: Fix memory leak due to multiple rx_stats allocation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38199 Missing Release of Memory after Effective Lifetime 20412-17084 19683-17084 20553-17084 20412-17084 19683-17084 20553-17084 20412-17084 19683-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 1.0 2025-09-03T21:57:17 <p>Information published.</p> ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38456 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Important 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T21:57:59 <p>Information published.</p> Unexpected command execution in untrusted VCS repositories in cmd/go <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2025-4674 External Control of File Name or Path 20123-17086 20387-17086 19755-17086 20366-17086 20123-17086 20387-17086 19755-17086 20366-17086 20123-17086 Important 20387-17086 19755-17086 Important 20366-17086 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 20123-17086 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 20387-17086 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 19755-17086 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 20366-17086 CBL-Mariner Releases 20123-17086 20387-17086 No Security Update 1.22.7-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20123-17086 20387-17086 CBL-Mariner Releases CBL-Mariner Releases 20366-17086 No Security Update 1.18.8-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20366-17086 CBL-Mariner Releases 1.0 2025-09-03T21:59:38 <p>Information published.</p> NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38393 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 Moderate 17087-17086 19683-17084 Moderate 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 2.0 2025-12-25T01:01:35 <p>Information published.</p> 1.0 2025-09-03T22:00:09 <p>Information published.</p> 3.0 2026-02-24T14:40:39 <p>Information published.</p> scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38399 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Moderate 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 2.0 2025-12-25T01:01:45 <p>Information published.</p> 1.0 2025-09-03T22:02:33 <p>Information published.</p> 3.0 2026-02-24T14:40:54 <p>Information published.</p> GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in wh <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-45582 Path Traversal: &#39;../filedir&#39; 20131-17084 20044-17086 20131-17084 20044-17086 Moderate 20131-17084 Moderate 20044-17086 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L 20131-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L 20044-17086 1.0 2025-09-03T22:05:01 <p>Information published.</p> netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38201 17087-17086 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 21093-17086 19683-17084 20412-17084 20553-17084 20613-17084 17087-17086 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 21093-17086 19683-17084 20412-17084 20553-17084 20613-17084 Low 17087-17086 Low 20725-17084 Low 20788-17084 Low 20823-17084 Low 20860-17084 Low 20925-17086 Low 21093-17086 19683-17084 20412-17084 Low 20553-17084 Low 20613-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17087-17086 1.9 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L 20725-17084 1.9 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L 20788-17084 1.9 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L 20823-17084 1.9 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L 20860-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 20925-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 21093-17086 1.9 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L 19683-17084 1.9 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L 20412-17084 1.9 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L 20553-17084 1.9 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L 20613-17084 3.0 2025-12-07T01:43:28 <p>Information published.</p> 4.0 2026-01-08T14:41:08 <p>Information published.</p> 5.0 2026-01-20T14:35:40 <p>Information published.</p> 6.0 2026-02-18T02:42:44 <p>Information published.</p> 7.0 2026-02-27T14:35:47 <p>Information published.</p> 8.0 2026-03-03T14:40:30 <p>Information published.</p> 9.0 2026-03-31T14:50:52 <p>Information published.</p> 1.0 2025-09-03T22:05:15 <p>Information published.</p> 2.0 2025-11-20T01:01:37 <p>Information published.</p> fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38396 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T22:07:59 <p>Information published.</p> jfs: Fix null-ptr-deref in jfs_ioc_trim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38203 19683-17084 20412-17084 20553-17084 19683-17084 20412-17084 20553-17084 19683-17084 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 1.0 2025-09-03T22:07:31 <p>Information published.</p> genirq/irq_sim: Initialize work context pointers properly <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38408 17087-17086 20925-17086 21093-17086 17085-17084 17087-17086 20925-17086 21093-17086 17085-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Important 17085-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17085-17084 1.0 2025-09-03T22:10:26 <p>Information published.</p> 2.0 2025-11-21T01:02:19 <p>Information published.</p> 2.1 2026-02-18T15:12:19 <p>Information published.</p> 3.0 2026-03-03T14:45:12 <p>Information published.</p> 4.0 2026-03-31T14:56:16 <p>Information published.</p> virtio-net: ensure the received length does not exceed allocated size <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38375 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Important 17087-17086 19683-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T22:12:59 <p>Information published.</p> 2.0 2025-12-18T01:02:15 <p>Information published.</p> 3.0 2026-02-24T14:36:58 <p>Information published.</p> sched/rt: Fix race in push_rt_task <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38234 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 21093-17086 19683-17084 20412-17084 20553-17084 17087-17086 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 21093-17086 19683-17084 20412-17084 20553-17084 17087-17086 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 21093-17086 19683-17084 20412-17084 Moderate 20553-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-09-03T22:13:44 <p>Information published.</p> 2.0 2025-11-19T14:34:52 <p>Information published.</p> 3.0 2025-11-20T01:01:57 <p>Information published.</p> 4.0 2025-12-07T01:43:38 <p>Information published.</p> 6.0 2026-01-20T14:35:50 <p>Information published.</p> 7.0 2026-02-18T02:44:42 <p>Information published.</p> 8.0 2026-02-27T14:35:52 <p>Information published.</p> 9.0 2026-03-03T14:41:25 <p>Information published.</p> 10.0 2026-03-31T14:52:01 <p>Information published.</p> 5.0 2026-01-08T14:41:18 <p>Information published.</p> drm/amdgpu: Add basic validation for RAS header <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38426 19683-17084 20412-17084 20553-17084 20613-17084 17087-17086 20725-17084 20823-17084 20925-17086 21093-17086 20788-17084 20860-17084 20956-17084 19683-17084 20412-17084 20553-17084 20613-17084 17087-17086 20725-17084 20823-17084 20925-17086 21093-17086 20788-17084 20860-17084 20956-17084 19683-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 17087-17086 Moderate 20725-17084 Moderate 20823-17084 Moderate 20925-17086 Moderate 21093-17086 Moderate 20788-17084 Moderate 20860-17084 Moderate 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 1.0 2025-09-03T22:15:19 <p>Information published.</p> 2.0 2025-11-21T01:02:24 <p>Information published.</p> 3.0 2025-12-07T01:46:25 <p>Information published.</p> 4.0 2026-01-08T14:43:45 <p>Information published.</p> 7.0 2026-03-03T14:45:30 <p>Information published.</p> 8.0 2026-03-04T14:47:15 <p>Information published.</p> 10.0 2026-03-31T14:56:38 <p>Information published.</p> 5.0 2026-01-20T14:37:55 <p>Information published.</p> 6.0 2026-02-18T15:12:43 <p>Information published.</p> 9.0 2026-03-28T14:36:18 <p>Information published.</p> mtk-sd: Prevent memory corruption from DMA map failure <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38401 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Important 17087-17086 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T22:17:52 <p>Information published.</p> 2.0 2025-12-25T01:01:55 <p>Information published.</p> 3.0 2026-02-24T14:41:08 <p>Information published.</p> NFSD: fix race between nfsd registration and exports_proc <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38232 19683-17084 20412-17084 20613-17084 17087-17086 20725-17084 20788-17084 20823-17084 20925-17086 21093-17086 20553-17084 20860-17084 19683-17084 20412-17084 20613-17084 17087-17086 20725-17084 20788-17084 20823-17084 20925-17086 21093-17086 20553-17084 20860-17084 19683-17084 20412-17084 Moderate 20613-17084 Moderate 17087-17086 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20925-17086 Moderate 21093-17086 Moderate 20553-17084 Moderate 20860-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 20613-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 20725-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 20788-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 20823-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 20553-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 20860-17084 2.0 2025-11-20T01:01:52 <p>Information published.</p> 3.0 2025-12-07T01:43:48 <p>Information published.</p> 6.0 2026-02-18T02:46:22 <p>Information published.</p> 7.0 2026-02-27T14:35:57 <p>Information published.</p> 8.0 2026-03-03T14:41:07 <p>Information published.</p> 9.0 2026-03-31T14:51:38 <p>Information published.</p> 1.0 2025-09-03T22:20:10 <p>Information published.</p> 4.0 2026-01-08T14:41:28 <p>Information published.</p> 5.0 2026-01-20T14:36:00 <p>Information published.</p> net/sched: Abort __tc_modify_qdisc if parent class does not exist <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38457 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Moderate 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 19683-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T22:21:10 <p>Information published.</p> 2.0 2025-12-24T01:03:13 <p>Information published.</p> 3.0 2026-02-24T14:38:57 <p>Information published.</p> net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38385 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 19683-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20412-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T22:23:41 <p>Information published.</p> md/raid1: Fix stack memory use after return in raid1_reshape <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38445 Out-of-bounds Read 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 Important 20412-17084 19683-17084 Important 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19683-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T22:25:33 <p>Information published.</p> 2.0 2025-12-24T01:03:03 <p>Information published.</p> 3.0 2026-02-24T14:38:50 <p>Information published.</p> mtd: spinand: fix memory leak of ECC engine conf <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38384 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 Moderate 20412-17084 19683-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 3.0 2026-02-24T14:36:07 <p>Information published.</p> 1.0 2025-09-03T22:28:21 <p>Information published.</p> 2.0 2025-12-17T01:01:17 <p>Information published.</p> vsock: Fix transport_{g2h,h2g} TOCTOU <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38462 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Moderate 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 3.0 2026-02-24T14:39:35 <p>Information published.</p> 1.0 2025-09-03T22:31:00 <p>Information published.</p> 2.0 2025-12-24T01:03:38 <p>Information published.</p> exfat: fix double free in delayed_free <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38206 17085-17084 17085-17084 Important 17085-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17085-17084 1.0 2025-09-03T22:31:13 <p>Information published.</p> 1.1 2026-02-18T02:48:53 <p>Information published.</p> wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38414 17085-17084 17085-17084 Important 17085-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17085-17084 1.1 2026-02-18T15:13:36 <p>Information published.</p> 1.0 2025-09-03T22:33:00 <p>Information published.</p> mm: fix uprobe pte be overwritten when expanding vma <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38207 20412-17084 20553-17084 20613-17084 19683-17084 17087-17086 20412-17084 20553-17084 20613-17084 19683-17084 17087-17086 20412-17084 Moderate 20553-17084 Moderate 20613-17084 19683-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 17087-17086 2.0 2025-11-20T01:01:42 <p>Information published.</p> 4.0 2025-11-25T01:37:16 <p>Information published.</p> 1.0 2025-09-03T22:33:43 <p>Information published.</p> 3.0 2025-11-20T01:35:14 <p>Information published.</p> s390/mm: Fix in_atomic() handling in do_secure_storage_access() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38359 19683-17084 20412-17084 20553-17084 20613-17084 20725-17084 20823-17084 20956-17084 21332-17084 17087-17086 20788-17084 20860-17084 21094-17084 21248-17084 21308-17084 21344-17084 19683-17084 20412-17084 20553-17084 20613-17084 20725-17084 20823-17084 20956-17084 21332-17084 17087-17086 20788-17084 20860-17084 21094-17084 21248-17084 21308-17084 21344-17084 19683-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20956-17084 Moderate 21332-17084 Moderate 17087-17086 Moderate 20788-17084 Moderate 20860-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 21308-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 4.0 2025-12-07T01:46:35 <p>Information published.</p> 6.0 2026-01-20T14:38:06 <p>Information published.</p> 7.0 2026-02-18T15:13:48 <p>Information published.</p> 8.0 2026-03-04T14:47:23 <p>Information published.</p> 10.0 2026-04-29T14:38:31 <p>Information published.</p> 12.0 2026-05-11T01:50:17 <p>Information published.</p> 1.0 2025-09-03T22:35:46 <p>Information published.</p> 2.0 2025-11-20T01:02:18 <p>Information published.</p> 3.0 2025-11-25T01:37:39 <p>Information published.</p> 5.0 2026-01-08T14:43:55 <p>Information published.</p> 9.0 2026-03-31T14:42:29 <p>Information published.</p> 11.0 2026-05-06T14:52:01 <p>Information published.</p> 13.0 2026-05-17T14:51:29 <p>Information published.</p> Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2025-48924 Uncontrolled Recursion 20181-17086 20187-17084 20189-17086 19822-17084 20391-17086 20181-17086 20187-17084 20189-17086 19822-17084 20391-17086 20181-17086 Moderate 20187-17084 Moderate 20189-17086 Moderate 19822-17084 Moderate 20391-17086 5.3 4.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20181-17086 5.3 4.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20187-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 20189-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19822-17084 5.3 4.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20391-17086 CBL-Mariner Releases 20181-17086 20187-17084 20391-17086 No Security Update 3.8.1-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20181-17086 20187-17084 20391-17086 CBL-Mariner Releases 1.0 2025-09-03T22:42:41 <p>Information published.</p> 1.1 2026-02-18T01:12:57 <p>Information published.</p> netlink: Fix wraparounds of sk->sk_rmem_alloc. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38465 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Moderate 17087-17086 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T22:38:53 <p>Information published.</p> 2.0 2025-12-24T01:03:48 <p>Information published.</p> 3.0 2026-02-24T14:39:49 <p>Information published.</p> ACPICA: Refuse to evaluate a method if arguments are missing <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38386 Use After Free 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 19683-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T22:42:21 <p>Information published.</p> 2.0 2025-12-17T01:01:22 <p>Information published.</p> 3.0 2026-02-24T14:36:15 <p>Information published.</p> btrfs: fix iteration of extrefs during log replay <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38382 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T22:45:15 <p>Information published.</p> vsock/vmci: Clear the vmci transport packet properly when initializing it <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38403 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Important 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19683-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T22:47:47 <p>Information published.</p> 2.0 2025-12-25T01:02:01 <p>Information published.</p> 3.0 2026-02-24T14:41:16 <p>Information published.</p> HDF5 H5FScache.c H5FS__sinfo_serialize_node_cb heap-based overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-7067 Heap-based Buffer Overflow 17741-17084 20755-17084 19980-17086 17336-17086 20762-17086 17741-17084 20755-17084 19980-17086 17336-17086 20762-17086 Low 17741-17084 Low 20755-17084 19980-17086 Low 17336-17086 Low 20762-17086 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 17741-17084 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 20755-17084 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 19980-17086 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 17336-17086 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 20762-17086 CBL-Mariner Releases 17741-17084 20755-17084 17336-17086 20762-17086 No Security Update 1.14.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17741-17084 20755-17084 17336-17086 20762-17086 CBL-Mariner Releases 1.0 2025-09-03T22:51:04 <p>Information published.</p> 3.0 2025-12-20T01:37:56 <p>Information published.</p> 2.0 2025-12-16T01:37:35 <p>Information published.</p> 4.0 2026-01-02T14:38:18 <p>Information published.</p> 5.0 2026-01-08T14:43:25 <p>Information published.</p> tcp: Correct signedness in skb remaining space calculation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38463 20412-17084 19683-17084 20412-17084 19683-17084 Important 20412-17084 19683-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T22:50:41 <p>Information published.</p> ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38438 17085-17084 17087-17086 17085-17084 17087-17086 Important 17085-17084 Moderate 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17085-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 2.0 2025-11-21T01:02:34 <p>Information published.</p> 3.0 2025-11-25T01:38:45 <p>Information published.</p> 3.1 2026-02-21T03:27:06 <p>Information published.</p> 1.0 2025-09-03T22:53:23 <p>Information published.</p> HDF5 H5FL.c H5FL__malloc memory leak <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-7068 Missing Release of Memory after Effective Lifetime 19980-17086 17741-17084 17336-17086 20762-17086 20755-17084 19980-17086 17741-17084 17336-17086 20762-17086 20755-17084 19980-17086 Low 17741-17084 Low 17336-17086 Low 20762-17086 Low 20755-17084 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 19980-17086 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 17741-17084 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 17336-17086 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 20762-17086 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 20755-17084 CBL-Mariner Releases 17741-17084 17336-17086 20762-17086 20755-17084 No Security Update 1.14.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17741-17084 17336-17086 20762-17086 20755-17084 CBL-Mariner Releases 1.0 2025-09-03T22:54:55 <p>Information published.</p> 2.0 2025-12-16T01:37:28 <p>Information published.</p> 5.0 2026-01-08T14:43:14 <p>Information published.</p> 3.0 2025-12-20T01:38:05 <p>Information published.</p> 4.0 2026-01-02T14:38:23 <p>Information published.</p> smb: client: fix warning when reconnecting channel <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38379 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Important 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19683-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T22:56:14 <p>Information published.</p> vsock: Fix transport_* TOCTOU <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38461 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Moderate 17087-17086 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H 19683-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T22:59:09 <p>Information published.</p> 2.0 2025-12-24T01:03:33 <p>Information published.</p> 3.0 2026-02-24T14:39:26 <p>Information published.</p> drm/gem: Acquire references on GEM handles for framebuffers <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38449 19683-17084 17087-17086 20925-17086 20412-17084 21093-17086 19683-17084 17087-17086 20925-17086 20412-17084 21093-17086 19683-17084 Moderate 17087-17086 Moderate 20925-17086 Important 20412-17084 Moderate 21093-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T23:02:28 <p>Information published.</p> 2.0 2025-11-21T01:02:39 <p>Information published.</p> 3.0 2026-03-03T14:46:06 <p>Information published.</p> 4.0 2026-03-31T14:57:26 <p>Information published.</p> drm/amd/display: Check dce_hwseq before dereferencing it <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38361 19683-17084 20412-17084 20613-17084 17087-17086 20725-17084 20788-17084 20823-17084 20553-17084 20860-17084 19683-17084 20412-17084 20613-17084 17087-17086 20725-17084 20788-17084 20823-17084 20553-17084 20860-17084 19683-17084 Moderate 20412-17084 Moderate 20613-17084 Important 17087-17086 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20553-17084 Moderate 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 1.0 2025-09-03T23:05:17 <p>Information published.</p> 4.0 2025-12-07T01:46:46 <p>Information published.</p> 6.0 2026-01-20T14:38:17 <p>Information published.</p> 7.0 2026-02-21T03:30:50 <p>Information published.</p> 8.0 2026-02-27T14:36:11 <p>Information published.</p> 2.0 2025-11-20T01:02:23 <p>Information published.</p> 3.0 2025-11-25T01:37:46 <p>Information published.</p> 5.0 2026-01-08T14:44:05 <p>Information published.</p> maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38364 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T23:08:55 <p>Information published.</p> media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38237 19880-17084 19880-17084 Important 19880-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 19880-17084 1.0 2025-09-03T23:10:02 <p>Information published.</p> 1.1 2026-02-18T02:56:48 <p>Information published.</p> nbd: fix uaf in nbd_genl_connect() error path <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38443 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Important 17087-17086 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 3.0 2026-02-24T14:38:35 <p>Information published.</p> 1.0 2025-09-03T23:12:00 <p>Information published.</p> 2.0 2025-12-24T01:02:53 <p>Information published.</p> Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-52496 Compiler Optimization Removal or Modification of Security-critical Code 20035-17084 17093-17086 19662-17086 20035-17084 17093-17086 19662-17086 Important 20035-17084 Important 17093-17086 19662-17086 7.8 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:P 20035-17084 7.8 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:P 17093-17086 7.8 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:P 19662-17086 1.0 2025-09-03T23:18:31 <p>Information published.</p> 2.0 2026-02-18T01:21:15 <p>Information published.</p> netfs: Fix double put of request <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38411 17085-17084 17085-17084 Moderate 17085-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17085-17084 1.0 2025-09-03T23:21:36 <p>Information published.</p> 1.1 2026-02-21T03:35:12 <p>Information published.</p> : null pointer dereference in libssh kex session id calculation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-8114 NULL Pointer Dereference 19623-17084 20111-17086 19574-17086 20628-17084 20695-17086 20418-17084 20532-17086 20746-17084 19623-17084 20111-17086 19574-17086 20628-17084 20695-17086 20418-17084 20532-17086 20746-17084 19623-17084 20111-17086 Moderate 19574-17086 Moderate 20628-17084 Moderate 20695-17086 Moderate 20418-17084 Moderate 20532-17086 Moderate 20746-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19623-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20111-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19574-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20628-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20695-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20418-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20532-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20746-17084 CBL-Mariner Releases 20628-17084 20695-17086 20532-17086 20746-17084 No Security Update 0.10.6-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20628-17084 20695-17086 20532-17086 20746-17084 CBL-Mariner Releases 1.0 2025-09-03T23:24:40 <p>Information published.</p> 3.0 2025-12-07T01:47:07 <p>Information published.</p> 2.0 2025-12-06T14:37:11 <p>Information published.</p> nvme-tcp: sanitize request list handling <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38264 19683-17084 20412-17084 20613-17084 20725-17084 20823-17084 20860-17084 20925-17086 21093-17086 21248-17084 20553-17084 17087-17086 20788-17084 20956-17084 21094-17084 21308-17084 21332-17084 21344-17084 19683-17084 20412-17084 20613-17084 20725-17084 20823-17084 20860-17084 20925-17086 21093-17086 21248-17084 20553-17084 17087-17086 20788-17084 20956-17084 21094-17084 21308-17084 21332-17084 21344-17084 19683-17084 20412-17084 Important 20613-17084 Important 20725-17084 Important 20823-17084 Important 20860-17084 Moderate 20925-17086 Moderate 21093-17086 Important 21248-17084 Important 20553-17084 Moderate 17087-17086 Important 20788-17084 Important 20956-17084 Important 21094-17084 Important 21308-17084 Important 21332-17084 Important 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 7.1 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 7.1 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.1 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20823-17084 7.1 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 7.1 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21248-17084 7.1 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 7.1 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 7.1 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20956-17084 7.1 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21094-17084 7.1 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21308-17084 7.1 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21332-17084 7.1 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21344-17084 1.0 2025-09-03T23:24:11 <p>Information published.</p> 2.0 2025-11-19T14:34:58 <p>Information published.</p> 4.0 2025-12-07T01:44:02 <p>Information published.</p> 5.0 2026-01-08T14:41:39 <p>Information published.</p> 6.0 2026-01-20T14:36:11 <p>Information published.</p> 7.0 2026-02-18T02:59:13 <p>Information published.</p> 8.0 2026-03-03T14:41:43 <p>Information published.</p> 10.0 2026-03-31T14:38:41 <p>Information published.</p> 11.0 2026-04-29T14:57:58 <p>Information published.</p> 3.0 2025-11-20T01:02:02 <p>Information published.</p> 9.0 2026-03-04T14:46:19 <p>Information published.</p> 12.0 2026-05-06T14:51:10 <p>Information published.</p> 13.0 2026-05-11T01:49:15 <p>Information published.</p> 14.0 2026-05-17T14:50:28 <p>Information published.</p> tipc: Fix use-after-free in tipc_conn_close(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38464 Use After Free 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Important 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19683-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T23:24:54 <p>Information published.</p> 2.0 2025-12-24T01:03:43 <p>Information published.</p> 3.0 2026-02-24T14:39:42 <p>Information published.</p> bnxt: properly flush XDP redirect lists <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38246 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T23:27:31 <p>Information published.</p> drm/msm: Fix a fence leak in submit error path <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38410 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 Moderate 17087-17086 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 19683-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 2.0 2025-12-25T01:02:16 <p>Information published.</p> 3.0 2026-02-24T14:41:23 <p>Information published.</p> 1.0 2025-09-03T23:28:13 <p>Information published.</p> drm/xe: Fix taking invalid lock on wedge <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38353 17085-17084 17085-17084 Moderate 17085-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17085-17084 1.0 2025-09-03T23:31:37 <p>Information published.</p> 1.1 2026-02-21T03:37:46 <p>Information published.</p> bridge: mcast: Fix use-after-free during router port configuration <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38248 19683-17084 20412-17084 20613-17084 17087-17086 20725-17084 20823-17084 20860-17084 21093-17086 20553-17084 20788-17084 20925-17086 19683-17084 20412-17084 20613-17084 17087-17086 20725-17084 20823-17084 20860-17084 21093-17086 20553-17084 20788-17084 20925-17086 19683-17084 20412-17084 Important 20613-17084 Important 17087-17086 Important 20725-17084 Important 20823-17084 Important 20860-17084 Important 21093-17086 Important 20553-17084 Important 20788-17084 Important 20925-17086 7.6 7.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H 19683-17084 7.6 7.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H 20412-17084 7.6 7.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H 20613-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H 17087-17086 7.6 7.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H 20725-17084 7.6 7.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H 20823-17084 7.6 7.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H 20860-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H 21093-17086 7.6 7.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H 20553-17084 7.6 7.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H 20788-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H 20925-17086 1.0 2025-09-03T23:32:57 <p>Information published.</p> 2.0 2025-11-21T01:02:09 <p>Information published.</p> 5.0 2026-01-20T14:36:21 <p>Information published.</p> 6.0 2026-02-18T03:00:28 <p>Information published.</p> 7.0 2026-02-27T14:36:02 <p>Information published.</p> 8.0 2026-03-03T14:44:39 <p>Information published.</p> 9.0 2026-03-31T14:55:25 <p>Information published.</p> 3.0 2025-12-07T01:44:13 <p>Information published.</p> 4.0 2026-01-08T14:41:48 <p>Information published.</p> i2c/designware: Fix an initialization issue <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38380 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 20412-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 19683-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 20412-17084 1.0 2025-09-03T23:34:23 <p>Information published.</p> atm: clip: Fix potential null-ptr-deref in to_atmarpd(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38460 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T23:36:43 <p>Information published.</p> 2.0 2025-12-24T01:03:28 <p>Information published.</p> 3.0 2026-02-24T14:39:19 <p>Information published.</p> Bluetooth: hci_core: Fix use-after-free in vhci_flush() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38250 19683-17084 20412-17084 17087-17086 20925-17086 21093-17086 19683-17084 20412-17084 17087-17086 20925-17086 21093-17086 19683-17084 Moderate 20412-17084 Important 17087-17086 Important 20925-17086 Important 21093-17086 6.0 6.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H 19683-17084 6.0 6.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H 20412-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H 17087-17086 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H 20925-17086 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H 21093-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T23:38:51 <p>Information published.</p> 2.0 2025-11-21T01:02:14 <p>Information published.</p> 4.0 2026-03-31T14:55:51 <p>Information published.</p> 3.0 2026-03-03T14:44:57 <p>Information published.</p> atm: clip: Fix infinite recursive call of clip_push(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38459 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 Important 20412-17084 19683-17084 Important 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T23:39:50 <p>Information published.</p> 2.0 2025-12-24T01:03:23 <p>Information published.</p> 3.0 2026-02-24T14:39:12 <p>Information published.</p> wifi: ath6kl: remove WARN on bad firmware input <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38406 17085-17084 17087-17086 17085-17084 17087-17086 Low 17085-17084 Moderate 17087-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17085-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 2.0 2025-12-25T01:02:06 <p>Information published.</p> 2.1 2026-02-21T03:40:51 <p>Information published.</p> 1.0 2025-09-03T23:43:12 <p>Information published.</p> riscv: save the SR_SUM status over switches <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38261 17087-17086 19880-17084 17087-17086 19880-17084 Moderate 17087-17086 Important 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-09-04T00:02:03 <p>Information published.</p> 2.0 2025-11-22T01:02:12 <p>Information published.</p> 3.1 2026-02-18T03:06:07 <p>Information published.</p> 3.0 2025-11-25T01:39:50 <p>Information published.</p> Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38099 17087-17086 19880-17084 17087-17086 19880-17084 Moderate 17087-17086 Important 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 2.0 2025-11-22T01:01:31 <p>Information published.</p> 3.1 2026-02-18T01:30:51 <p>Information published.</p> 1.0 2025-09-04T00:22:06 <p>Information published.</p> 3.0 2025-11-25T01:39:39 <p>Information published.</p> ALSA: usb-audio: Kill timer properly at removal <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38105 19683-17084 20412-17084 20553-17084 17087-17086 20925-17086 21093-17086 19683-17084 20412-17084 20553-17084 17087-17086 20925-17086 21093-17086 19683-17084 Important 20412-17084 Important 20553-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 2.0 2025-11-22T01:01:36 <p>Information published.</p> 3.0 2026-03-03T14:46:43 <p>Information published.</p> 4.0 2026-03-31T14:59:30 <p>Information published.</p> 1.0 2025-09-04T00:27:31 <p>Information published.</p> ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-48964 Integer Overflow or Wraparound 20282-17086 20284-17084 20396-17086 20282-17086 20284-17084 20396-17086 20282-17086 Moderate 20284-17084 Moderate 20396-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 20282-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 20284-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 20396-17086 CBL-Mariner Releases 20282-17086 20396-17086 No Security Update 20211215-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20282-17086 20396-17086 CBL-Mariner Releases CBL-Mariner Releases 20284-17084 No Security Update 20240117-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20284-17084 CBL-Mariner Releases 1.0 2025-09-04T00:40:23 <p>Information published.</p> 1.1 2026-02-21T04:00:07 <p>Information published.</p> netfilter: nf_conntrack: fix crash due to removal of uninitialised entry <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38472 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 6.3 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 19683-17084 6.3 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T00:44:01 <p>Information published.</p> net: stmmac: make sure that ptp_rate is not 0 before configuring EST <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38125 20412-17084 20553-17084 20613-17084 17087-17086 20725-17084 20823-17084 20860-17084 20925-17086 21093-17086 19683-17084 20788-17084 20412-17084 20553-17084 20613-17084 17087-17086 20725-17084 20823-17084 20860-17084 20925-17086 21093-17086 19683-17084 20788-17084 20412-17084 Important 20553-17084 Important 20613-17084 Moderate 17087-17086 Important 20725-17084 Important 20823-17084 Important 20860-17084 Moderate 20925-17086 Moderate 21093-17086 19683-17084 Important 20788-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20823-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 1.0 2025-09-04T00:50:18 <p>Information published.</p> 2.0 2025-11-22T01:01:47 <p>Information published.</p> 3.0 2025-12-07T01:42:46 <p>Information published.</p> 7.0 2026-03-03T14:47:20 <p>Information published.</p> 8.0 2026-03-31T15:00:19 <p>Information published.</p> 4.0 2026-01-08T14:40:27 <p>Information published.</p> 5.0 2026-01-20T14:51:41 <p>Information published.</p> 6.0 2026-02-18T02:38:37 <p>Information published.</p> comedi: Fix use of uninitialized data in insn_rw_emulate_bits() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38480 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T00:53:14 <p>Information published.</p> 3.0 2026-01-13T01:37:20 <p>Information published.</p> 2.0 2026-01-08T01:01:14 <p>Information published.</p> firmware: cs_dsp: Fix OOB memory read access in KUnit test <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38340 Out-of-bounds Read 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-09-04T00:57:21 <p>Information published.</p> comedi: das16m1: Fix bit shift out of bounds <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38483 Out-of-bounds Read 17085-17084 17087-17086 17085-17084 17087-17086 Critical 17085-17084 Important 17087-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17085-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 1.0 2025-09-04T00:56:25 <p>Information published.</p> 2.0 2026-01-08T01:01:30 <p>Information published.</p> 2.1 2026-02-21T04:03:27 <p>Information published.</p> page_pool: Fix use-after-free in page_pool_recycle_in_ring <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38129 17087-17086 19880-17084 17087-17086 19880-17084 Important 17087-17086 Important 19880-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 2.0 2025-11-22T01:01:57 <p>Information published.</p> 3.0 2025-11-25T01:39:45 <p>Information published.</p> 1.0 2025-09-04T00:59:07 <p>Information published.</p> 3.1 2026-02-18T01:41:55 <p>Information published.</p> firmware: cs_dsp: Fix OOB memory read access in KUnit test (wmfw info) <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38329 19880-17084 19880-17084 Moderate 19880-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-09-04T01:01:28 <p>Information published.</p> 1.1 2026-02-18T15:03:40 <p>Information published.</p> net/sched: sch_qfq: Fix race condition on qfq_aggregate <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38477 Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Moderate 17087-17086 7.8 7.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P 19683-17084 7.8 7.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-04T01:03:51 <p>Information published.</p> 2.0 2025-12-25T01:02:36 <p>Information published.</p> 3.0 2026-02-24T14:41:37 <p>Information published.</p> HID: core: do not bypass hid_hw_raw_request <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38494 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Important 20412-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T01:11:10 <p>Information published.</p> HID: core: ensure the allocated report buffer can contain the reserved report ID <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38495 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-04T01:14:07 <p>Information published.</p> 2.0 2026-01-08T01:01:56 <p>Information published.</p> 3.0 2026-02-24T14:42:00 <p>Information published.</p> rpl: Fix use-after-free in rpl_do_srh_inline(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38476 17085-17084 17087-17086 17085-17084 17087-17086 Important 17085-17084 Important 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17085-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 3.1 2026-02-21T04:07:49 <p>Information published.</p> 1.0 2025-09-04T01:18:01 <p>Information published.</p> 2.0 2025-12-24T01:04:23 <p>Information published.</p> 3.0 2026-01-08T01:39:51 <p>Information published.</p> comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38481 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 Moderate 20412-17084 19683-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 3.0 2026-01-13T01:37:26 <p>Information published.</p> 1.0 2025-09-04T01:21:50 <p>Information published.</p> 2.0 2026-01-08T01:01:20 <p>Information published.</p> dm-bufio: fix sched in atomic context <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38496 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 4.7 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P 19683-17084 4.7 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T01:25:57 <p>Information published.</p> net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38470 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 3.0 2026-02-24T14:40:11 <p>Information published.</p> 1.0 2025-09-04T01:27:51 <p>Information published.</p> 2.0 2025-12-24T01:04:08 <p>Information published.</p> soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38487 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 3.0 2026-01-13T01:37:33 <p>Information published.</p> 1.0 2025-09-04T01:31:48 <p>Information published.</p> 2.0 2026-01-08T01:01:40 <p>Information published.</p> netfilter: nft_set_pipapo: prevent overflow in lookup table allocation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38162 19683-17084 20412-17084 20613-17084 17087-17086 20725-17084 20823-17084 20860-17084 21093-17086 20553-17084 20788-17084 20925-17086 19683-17084 20412-17084 20613-17084 17087-17086 20725-17084 20823-17084 20860-17084 21093-17086 20553-17084 20788-17084 20925-17086 19683-17084 20412-17084 Important 20613-17084 Moderate 17087-17086 Important 20725-17084 Important 20823-17084 Important 20860-17084 Moderate 21093-17086 Important 20553-17084 Important 20788-17084 Moderate 20925-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20823-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 1.0 2025-09-04T01:32:26 <p>Information published.</p> 2.0 2025-11-22T01:02:07 <p>Information published.</p> 3.0 2025-12-07T01:42:57 <p>Information published.</p> 6.0 2026-02-18T02:39:18 <p>Information published.</p> 8.0 2026-03-03T14:48:13 <p>Information published.</p> 9.0 2026-03-31T15:01:06 <p>Information published.</p> 4.0 2026-01-08T14:40:38 <p>Information published.</p> 5.0 2026-01-20T14:51:49 <p>Information published.</p> 7.0 2026-02-28T01:36:02 <p>Information published.</p> iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38485 19683-17084 20925-17086 21093-17086 20412-17084 17087-17086 19683-17084 20925-17086 21093-17086 20412-17084 17087-17086 19683-17084 Important 20925-17086 Important 21093-17086 Moderate 20412-17084 Important 17087-17086 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 19683-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T01:34:28 <p>Information published.</p> 3.0 2026-03-03T14:49:50 <p>Information published.</p> 4.0 2026-03-31T15:04:52 <p>Information published.</p> 2.0 2026-01-08T01:01:35 <p>Information published.</p> comedi: das6402: Fix bit shift out of bounds <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38482 17085-17084 17087-17086 17085-17084 17087-17086 Critical 17085-17084 Important 17087-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17085-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 1.0 2025-09-04T01:35:21 <p>Information published.</p> 2.1 2026-02-21T04:11:45 <p>Information published.</p> 2.0 2026-01-08T01:01:25 <p>Information published.</p> usb: gadget: configfs: Fix OOB read on empty string write <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38497 Out-of-bounds Read 17087-17086 17085-17084 17087-17086 17085-17084 Important 17087-17086 Critical 17085-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17085-17084 1.0 2025-09-04T01:37:54 <p>Information published.</p> 2.0 2026-01-08T01:02:01 <p>Information published.</p> 2.1 2026-02-21T04:12:39 <p>Information published.</p> coresight: holding cscfg_csdev_lock while removing cscfg from csdev <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38132 19683-17084 20553-17084 20412-17084 19683-17084 20553-17084 20412-17084 19683-17084 Moderate 20553-17084 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 1.0 2025-09-04T01:39:05 <p>Information published.</p> mptcp: make fallback action and fallback decision atomic <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38491 20412-17084 21093-17086 19683-17084 17087-17086 20925-17086 20412-17084 21093-17086 19683-17084 17087-17086 20925-17086 Moderate 20412-17084 Moderate 21093-17086 19683-17084 Moderate 17087-17086 Moderate 20925-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 3.0 2026-03-03T14:50:07 <p>Information published.</p> 4.0 2026-03-31T15:05:15 <p>Information published.</p> 1.0 2025-09-04T01:40:32 <p>Information published.</p> 2.0 2026-01-08T01:01:51 <p>Information published.</p> Bluetooth: eir: Fix possible crashes on eir_create_adv_data <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38303 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20956-17084 21248-17084 21308-17084 19683-17084 20860-17084 21094-17084 21332-17084 21344-17084 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20956-17084 21248-17084 21308-17084 19683-17084 20860-17084 21094-17084 21332-17084 21344-17084 20412-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20956-17084 Moderate 21248-17084 Moderate 21308-17084 19683-17084 Moderate 20860-17084 Moderate 21094-17084 Moderate 21332-17084 Moderate 21344-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20553-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20613-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20725-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20788-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20823-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20956-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 21248-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 21308-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20860-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 21094-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 21332-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-04T01:42:05 <p>Information published.</p> 3.0 2026-01-08T14:42:09 <p>Information published.</p> 5.0 2026-02-18T15:07:23 <p>Information published.</p> 6.0 2026-03-04T14:46:32 <p>Information published.</p> 8.0 2026-04-29T14:58:26 <p>Information published.</p> 2.0 2025-12-07T01:44:41 <p>Information published.</p> 4.0 2026-01-20T14:36:42 <p>Information published.</p> 7.0 2026-03-31T14:39:31 <p>Information published.</p> 9.0 2026-05-06T14:51:24 <p>Information published.</p> 10.0 2026-05-11T01:49:33 <p>Information published.</p> 11.0 2026-05-17T14:50:45 <p>Information published.</p> tracing/osnoise: Fix crash in timerlat_dump_stack() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38493 Uncontrolled Recursion 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Important 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T01:44:20 <p>Information published.</p> tls: always refresh the queue when reading sock <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38471 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Important 20412-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 19683-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T01:48:57 <p>Information published.</p> bpf: Do not include stack ptr register in precision backtracking bookkeeping <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38279 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20956-17084 21094-17084 21248-17084 21332-17084 19683-17084 20553-17084 20860-17084 21308-17084 21344-17084 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20956-17084 21094-17084 21248-17084 21332-17084 19683-17084 20553-17084 20860-17084 21308-17084 21344-17084 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 21332-17084 19683-17084 Moderate 20553-17084 Moderate 20860-17084 Moderate 21308-17084 Moderate 21344-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U 20412-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U 20613-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U 20725-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U 20788-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U 20823-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U 20956-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U 21094-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U 21248-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U 21332-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U 19683-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U 20553-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U 20860-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U 21308-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U 21344-17084 1.0 2025-09-04T02:00:17 <p>Information published.</p> 2.0 2025-12-07T01:44:51 <p>Information published.</p> 4.0 2026-01-20T14:36:52 <p>Information published.</p> 5.0 2026-02-18T15:08:22 <p>Information published.</p> 7.0 2026-03-31T14:39:54 <p>Information published.</p> 8.0 2026-04-29T14:58:39 <p>Information published.</p> 10.0 2026-05-11T01:49:41 <p>Information published.</p> 3.0 2026-01-08T14:42:21 <p>Information published.</p> 6.0 2026-03-04T14:46:39 <p>Information published.</p> 9.0 2026-05-06T14:51:32 <p>Information published.</p> 11.0 2026-05-17T14:50:53 <p>Information published.</p> GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-8224 NULL Pointer Dereference 20219-17086 20600-17086 21253-17084 21201-17084 19634-17084 20376-17086 20219-17086 20600-17086 21253-17084 21201-17084 19634-17084 20376-17086 20219-17086 Low 20600-17086 Low 21253-17084 Low 21201-17084 Moderate 19634-17084 Moderate 20376-17086 5.5 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P 20219-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20600-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 21253-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 21201-17084 5.5 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P 19634-17084 5.5 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P 20376-17086 2.0 2026-05-03T01:02:16 <p>Information published.</p> 3.0 2026-05-05T01:41:44 <p>Information published.</p> 4.0 2026-05-19T01:42:54 <p>Information published.</p> 1.0 2025-09-04T02:04:38 <p>Information published.</p> Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-7425 Use After Free 20191-17086 17469-17084 20726-17084 20783-17086 20825-17084 20693-17086 20622-17084 20191-17086 17469-17084 20726-17084 20783-17086 20825-17084 20693-17086 20622-17084 Moderate 20191-17086 Moderate 17469-17084 Moderate 20726-17084 Moderate 20783-17086 Important 20825-17084 Moderate 20693-17086 Important 20622-17084 7.3 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H/E:U 20191-17086 7.3 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H/E:U 17469-17084 7.3 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H/E:U 20726-17084 7.3 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H/E:U 20783-17086 7.8 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H 20825-17084 7.3 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H/E:U 20693-17086 7.8 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H 20622-17084 CBL-Mariner Releases 20825-17084 20622-17084 No Security Update 2.11.5-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20825-17084 20622-17084 CBL-Mariner Releases 1.0 2025-09-04T02:04:37 <p>Information published.</p> 3.0 2025-12-07T01:45:45 <p>Information published.</p> 4.0 2025-12-26T01:01:24 <p>Information published.</p> 6.0 2026-01-03T01:37:15 <p>Information published.</p> 8.0 2026-01-20T14:44:17 <p>Information published.</p> 2.0 2025-12-06T14:36:53 <p>Information published.</p> 5.0 2025-12-26T14:39:00 <p>Information published.</p> 7.0 2026-01-16T14:35:23 <p>Information published.</p> firmware: cs_dsp: Fix OOB memory read access in KUnit test (ctl cache) <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38330 Out-of-bounds Read 19880-17084 19880-17084 Important 19880-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-09-04T02:05:31 <p>Information published.</p> 1.1 2026-02-18T15:08:34 <p>Information published.</p> Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-7424 Access of Resource Using Incompatible Type (&#39;Type Confusion&#39;) 17469-17084 20726-17084 20783-17086 20191-17086 20693-17086 17469-17084 20726-17084 20783-17086 20191-17086 20693-17086 Moderate 17469-17084 Moderate 20726-17084 Moderate 20783-17086 Moderate 20191-17086 Moderate 20693-17086 7.3 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H/E:U 17469-17084 7.3 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H/E:U 20726-17084 7.3 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H/E:U 20783-17086 7.3 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H/E:U 20191-17086 7.3 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H/E:U 20693-17086 CBL-Mariner Releases 20726-17084 No Security Update 1.1.43-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20726-17084 CBL-Mariner Releases CBL-Mariner Releases 20783-17086 20693-17086 No Security Update 1.1.34-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20783-17086 20693-17086 CBL-Mariner Releases 1.0 2025-09-04T02:12:04 <p>Information published.</p> 2.0 2025-12-06T14:36:58 <p>Information published.</p> 3.0 2025-12-07T01:46:00 <p>Information published.</p> 4.0 2025-12-22T14:35:05 <p>Information published.</p> 5.0 2026-01-03T01:37:21 <p>Information published.</p> btrfs: exit after state insertion failure at btrfs_convert_extent_bit() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38269 19683-17084 20553-17084 20613-17084 17087-17086 20725-17084 20823-17084 20925-17086 20956-17084 21094-17084 21332-17084 20412-17084 20788-17084 20860-17084 21093-17086 21248-17084 21308-17084 21344-17084 19683-17084 20553-17084 20613-17084 17087-17086 20725-17084 20823-17084 20925-17086 20956-17084 21094-17084 21332-17084 20412-17084 20788-17084 20860-17084 21093-17086 21248-17084 21308-17084 21344-17084 19683-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 17087-17086 Moderate 20725-17084 Moderate 20823-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21094-17084 Moderate 21332-17084 20412-17084 Moderate 20788-17084 Moderate 20860-17084 Moderate 21093-17086 Moderate 21248-17084 Moderate 21308-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-04T02:13:28 <p>Information published.</p> 2.0 2025-11-22T01:02:17 <p>Information published.</p> 3.0 2025-12-07T01:45:06 <p>Information published.</p> 5.0 2026-01-20T14:37:02 <p>Information published.</p> 8.0 2026-03-04T14:46:46 <p>Information published.</p> 9.0 2026-03-31T14:40:29 <p>Information published.</p> 10.0 2026-04-29T14:58:52 <p>Information published.</p> 12.0 2026-05-11T01:49:50 <p>Information published.</p> 4.0 2026-01-08T14:42:31 <p>Information published.</p> 6.0 2026-02-18T15:08:57 <p>Information published.</p> 7.0 2026-03-03T14:48:30 <p>Information published.</p> 11.0 2026-05-06T14:51:38 <p>Information published.</p> 13.0 2026-05-17T14:51:03 <p>Information published.</p> LibTIFF thumbnail.c setrow buffer overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-8177 Buffer Copy without Checking Size of Input (&#39;Classic Buffer Overflow&#39;) 19773-17086 20397-17086 20104-17084 19773-17086 20397-17086 20104-17084 19773-17086 Low 20397-17086 Low 20104-17084 5.3 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C 19773-17086 5.3 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C 20397-17086 5.3 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C 20104-17084 CBL-Mariner Releases 19773-17086 20104-17084 No Security Update 4.6.0-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19773-17086 20104-17084 CBL-Mariner Releases CBL-Mariner Releases 20397-17086 No Security Update 4.6.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20397-17086 CBL-Mariner Releases 1.1 2026-02-21T04:16:37 <p>Information published.</p> 1.0 2025-09-04T02:16:00 <p>Information published.</p> wifi: iwlwifi: don't warn when if there is a FW error <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38096 20412-17084 20613-17084 17087-17086 20725-17084 20788-17084 20860-17084 20925-17086 20956-17084 21094-17084 21248-17084 21332-17084 19683-17084 20553-17084 20823-17084 21093-17086 21308-17084 21344-17084 20412-17084 20613-17084 17087-17086 20725-17084 20788-17084 20860-17084 20925-17086 20956-17084 21094-17084 21248-17084 21332-17084 19683-17084 20553-17084 20823-17084 21093-17086 21308-17084 21344-17084 20412-17084 Important 20613-17084 Moderate 17087-17086 Important 20725-17084 Important 20788-17084 Important 20860-17084 Moderate 20925-17086 Important 20956-17084 Important 21094-17084 Important 21248-17084 Important 21332-17084 19683-17084 Important 20553-17084 Important 20823-17084 Moderate 21093-17086 Important 21308-17084 Important 21344-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20956-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21094-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21248-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21332-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21308-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21344-17084 1.0 2025-09-04T02:15:10 <p>Information published.</p> 3.0 2025-11-22T01:01:27 <p>Information published.</p> 4.0 2025-12-07T01:43:18 <p>Information published.</p> 6.0 2026-01-20T14:35:33 <p>Information published.</p> 8.0 2026-03-03T14:46:26 <p>Information published.</p> 9.0 2026-03-04T14:46:11 <p>Information published.</p> 10.0 2026-03-31T14:38:01 <p>Information published.</p> 11.0 2026-04-29T14:57:45 <p>Information published.</p> 2.0 2025-11-21T14:35:04 <p>Information published.</p> 5.0 2026-01-08T14:40:58 <p>Information published.</p> 7.0 2026-02-18T02:40:43 <p>Information published.</p> 12.0 2026-05-06T14:51:03 <p>Information published.</p> 13.0 2026-05-11T14:46:20 <p>Information published.</p> 14.0 2026-05-17T14:50:19 <p>Information published.</p> net: dsa: b53: do not enable EEE on bcm63xx <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38272 19683-17084 20412-17084 20553-17084 20613-17084 17087-17086 20725-17084 20788-17084 20860-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 20823-17084 21308-17084 21332-17084 21344-17084 19683-17084 20412-17084 20553-17084 20613-17084 17087-17086 20725-17084 20788-17084 20860-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 20823-17084 21308-17084 21332-17084 21344-17084 19683-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 17087-17086 Moderate 20725-17084 Moderate 20788-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21094-17084 Moderate 21093-17086 Moderate 21248-17084 Moderate 20823-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-11-22T01:02:22 <p>Information published.</p> 3.0 2025-12-07T01:45:20 <p>Information published.</p> 5.0 2026-01-20T14:37:13 <p>Information published.</p> 6.0 2026-02-18T15:09:12 <p>Information published.</p> 7.0 2026-03-03T14:48:47 <p>Information published.</p> 8.0 2026-03-04T14:46:53 <p>Information published.</p> 9.0 2026-03-31T14:41:04 <p>Information published.</p> 11.0 2026-05-06T14:51:46 <p>Information published.</p> 1.0 2025-09-04T02:17:12 <p>Information published.</p> 4.0 2026-01-08T14:42:41 <p>Information published.</p> 10.0 2026-04-29T14:59:05 <p>Information published.</p> 12.0 2026-05-11T01:50:00 <p>Information published.</p> 13.0 2026-05-17T14:51:11 <p>Information published.</p> Tarfile infinite loop during parsing with negative member offset <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner PSF Yes CVE-2025-8194 Loop with Unreachable Exit Condition (&#39;Infinite Loop&#39;) 20315-17086 17667-17084 19968-17084 19533-17086 20315-17086 17667-17084 19968-17084 19533-17086 20315-17086 Important 17667-17084 Important 19968-17084 Important 19533-17086 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 20315-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17667-17084 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 19968-17084 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 19533-17086 CBL-Mariner Releases 19968-17084 No Security Update 3.12.9-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19968-17084 CBL-Mariner Releases CBL-Mariner Releases 19533-17086 No Security Update 3.9.19-15 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19533-17086 CBL-Mariner Releases 1.1 2026-02-21T04:18:39 <p>Information published.</p> 1.0 2025-09-04T02:31:30 <p>Information published.</p> mruby nregs codegen.c scope_new heap-based overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-7207 Heap-based Buffer Overflow 19721-17086 19603-17084 17183-17086 19774-17086 20318-17084 20257-17084 19721-17086 19603-17084 17183-17086 19774-17086 20318-17084 20257-17084 19721-17086 Moderate 19603-17084 Moderate 17183-17086 Moderate 19774-17086 Moderate 20318-17084 Moderate 20257-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 19721-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 19603-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 17183-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 19774-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20318-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20257-17084 1.0 2025-09-04T02:39:43 <p>Information published.</p> 2.0 2026-02-18T02:05:04 <p>Information published.</p> Glib: glib crash after long command line <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-4056 Improper Control of Generation of Code (&#39;Code Injection&#39;) 19598-17084 19898-17086 19598-17084 19898-17086 Low 19598-17084 Low 19898-17086 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 19598-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 19898-17086 1.1 2026-02-21T04:21:13 <p>Information published.</p> 1.0 2025-09-04T02:50:16 <p>Information published.</p> Cache poisoning via the ECS-enabled Rebirthday Attack <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner NLnet Labs Yes CVE-2025-5994 Acceptance of Extraneous Untrusted Data With Trusted Data 19765-17086 17617-17084 19765-17086 17617-17084 Important 19765-17086 Important 17617-17084 1.0 2025-09-04T02:52:05 <p>Information published.</p> 1.1 2026-02-18T02:07:53 <p>Information published.</p> jfs: fix array-index-out-of-bounds read in add_missing_indices <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38204 Out-of-bounds Read 19880-17084 19880-17084 Important 19880-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 1.0 2025-09-04T02:52:29 <p>Information published.</p> 1.1 2026-02-18T02:17:53 <p>Information published.</p> The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-58266 Improper Encoding or Escaping of Output 19695-17086 20126-17086 19721-17086 20329-17084 20257-17084 20425-17084 17183-17086 20627-17084 20744-17084 20864-17084 20959-17084 21108-17086 21110-17084 21249-17084 20393-17086 20394-17086 20580-17084 20605-17086 20879-17086 20939-17086 19695-17086 20126-17086 19721-17086 20329-17084 20257-17084 20425-17084 17183-17086 20627-17084 20744-17084 20864-17084 20959-17084 21108-17086 21110-17084 21249-17084 20393-17086 20394-17086 20580-17084 20605-17086 20879-17086 20939-17086 19695-17086 20126-17086 19721-17086 20329-17084 Low 20257-17084 Low 20425-17084 Low 17183-17086 Low 20627-17084 Low 20744-17084 Low 20864-17084 Low 20959-17084 Low 21108-17086 Low 21110-17084 Low 21249-17084 Low 20393-17086 Low 20394-17086 Low 20580-17084 Low 20605-17086 Low 20879-17086 Low 20939-17086 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 19695-17086 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20126-17086 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 19721-17086 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20329-17084 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20257-17084 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20425-17084 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 17183-17086 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20627-17084 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20744-17084 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20864-17084 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20959-17084 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 21108-17086 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 21110-17084 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 21249-17084 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20393-17086 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20394-17086 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20580-17084 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20605-17086 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20879-17086 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20939-17086 CBL-Mariner Releases 20257-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20257-17084 CBL-Mariner Releases 1.0 2025-09-04T03:03:00 <p>Information published.</p> 2.0 2025-12-07T01:46:56 <p>Information published.</p> 3.0 2026-02-21T04:22:24 <p>Information published.</p> 4.0 2026-03-03T14:38:47 <p>Information published.</p> 5.0 2026-03-04T14:35:29 <p>Information published.</p> 6.0 2026-03-31T14:43:13 <p>Information published.</p> 7.0 2026-04-29T14:38:45 <p>Information published.</p> LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-25177 NULL Pointer Dereference 20330-17086 20330-17086 Important 20330-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20330-17086 CBL-Mariner Releases 20330-17086 No Security Update 2.1.0-28 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20330-17086 CBL-Mariner Releases 1.0 2025-09-04T03:05:40 <p>Information published.</p> 1.1 2026-02-18T02:10:56 <p>Information published.</p> A possible assertion failure when 'stale-answer-client-timeout' is set to '0' <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner isc Yes CVE-2025-40777 Reachable Assertion 20336-17084 20336-17084 Moderate 20336-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20336-17084 CBL-Mariner Releases 20336-17084 No Security Update 9.20.15-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20336-17084 CBL-Mariner Releases 1.0 2025-09-04T03:14:11 <p>Information published.</p> The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-53605 Uncontrolled Recursion 20337-17084 20253-17084 20141-17084 19695-17086 20126-17086 20394-17086 20421-17084 17183-17086 20605-17086 20824-17084 20329-17084 19721-17086 20393-17086 20337-17084 20253-17084 20141-17084 19695-17086 20126-17086 20394-17086 20421-17084 17183-17086 20605-17086 20824-17084 20329-17084 19721-17086 20393-17086 Moderate 20337-17084 20253-17084 Moderate 20141-17084 19695-17086 20126-17086 Moderate 20394-17086 Moderate 20421-17084 Moderate 17183-17086 Moderate 20605-17086 Moderate 20824-17084 Moderate 20329-17084 19721-17086 Moderate 20393-17086 5.9 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20337-17084 5.9 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20253-17084 5.9 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20141-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19695-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20126-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20394-17086 5.9 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20421-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17183-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20605-17086 5.9 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20824-17084 5.9 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20329-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19721-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20393-17086 CBL-Mariner Releases 20337-17084 No Security Update 3.19.1.kata2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20337-17084 CBL-Mariner Releases CBL-Mariner Releases 20141-17084 No Security Update 1.86.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20141-17084 CBL-Mariner Releases CBL-Mariner Releases 17183-17086 20605-17086 No Security Update 1.72.0-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17183-17086 20605-17086 CBL-Mariner Releases CBL-Mariner Releases 20329-17084 No Security Update 1.75.0-17 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20329-17084 CBL-Mariner Releases 1.0 2025-09-04T03:26:57 <p>Information published.</p> 2.0 2026-01-20T14:37:36 <p>Information published.</p> 2.1 2026-02-18T02:15:18 <p>Information published.</p> WebAssembly Micro Runtime's `--addr-pool` option allows all IPv4 addresses when subnet mask is not specified <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-54126 Exposure of Resource to Wrong Sphere 19445-17084 19787-17086 20380-17086 20420-17084 19445-17084 19787-17086 20380-17086 20420-17084 19445-17084 19787-17086 Moderate 20380-17086 Moderate 20420-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19445-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19787-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 20380-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 20420-17084 CBL-Mariner Releases 19445-17084 20420-17084 No Security Update 3.1.9-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19445-17084 20420-17084 CBL-Mariner Releases CBL-Mariner Releases 19787-17086 20380-17086 No Security Update 3.0.6-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19787-17086 20380-17086 CBL-Mariner Releases 1.0 2025-09-04T03:22:55 <p>Information published.</p> Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner CPANSec Yes CVE-2025-40913 Dependency on Vulnerable Third-Party Component 20341-17086 18110-17084 18102-17086 20341-17086 18110-17084 18102-17086 20341-17086 Moderate 18110-17084 Moderate 18102-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 20341-17086 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U 18110-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 18102-17086 CBL-Mariner Releases 20341-17086 18110-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20341-17086 18110-17084 CBL-Mariner Releases 1.0 2025-09-04T03:33:01 <p>Information published.</p> 2.0 2026-02-18T02:16:33 <p>Information published.</p> KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38351 17085-17084 17085-17084 Moderate 17085-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17085-17084 1.0 2025-09-04T03:38:46 <p>Information published.</p> 1.1 2026-02-18T02:17:30 <p>Information published.</p> In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated in applications that are both using RAND_bytes() and doing fork() operations. This only affects applications explicitly calling RAND_bytes() after fork() and does not affect any internal TLS operations. Although RAND_bytes() documentation in OpenSSL calls out not being safe for use with fork() without first calling RAND_poll(), an additional code change was also made in wolfSSL to make RAND_bytes() behave similar to OpenSSL after a fork() call without calling RAND_poll(). Now the Hash-DRBG used gets reseeded after detecting running in a new process. If making use of RAND_bytes() and calling fork() we recommend updating to the latest version of wolfSSL. Thanks to Per Allansson from Appgate for the report. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner wolfSSL Yes CVE-2025-7394 Exposure of Sensitive Information to an Unauthorized Actor 20085-17086 19283-17084 20085-17086 19283-17084 Important 20085-17086 Important 19283-17084 CBL-Mariner Releases 20085-17086 19283-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20085-17086 19283-17084 CBL-Mariner Releases 1.0 2025-09-04T03:46:05 <p>Information published.</p> 1.1 2026-02-18T02:19:45 <p>Information published.</p> Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments." <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-54314 Improper Neutralization of Special Elements used in an OS Command (&#39;OS Command Injection&#39;) 20344-17086 20395-17086 20344-17086 20395-17086 20344-17086 Low 20395-17086 2.8 2.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N 20344-17086 2.8 2.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N 20395-17086 CBL-Mariner Releases 20344-17086 20395-17086 No Security Update 1.2.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20344-17086 20395-17086 CBL-Mariner Releases 1.0 2025-09-04T04:06:48 <p>Information published.</p> Libssh: use of uninitialized variable in privatekey_from_file() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-4878 Use After Free 20111-17086 19623-17084 20418-17084 20532-17086 19574-17086 20111-17086 19623-17084 20418-17084 20532-17086 19574-17086 20111-17086 19623-17084 Low 20418-17084 Low 20532-17086 Low 19574-17086 3.6 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 20111-17086 3.6 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 19623-17084 3.6 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 20418-17084 3.6 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 20532-17086 3.6 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 19574-17086 CBL-Mariner Releases 19623-17084 20418-17084 20532-17086 19574-17086 No Security Update 0.10.6-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19623-17084 20418-17084 20532-17086 19574-17086 CBL-Mariner Releases 1.0 2025-09-04T04:13:58 <p>Information published.</p> Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-51480 Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;) 20694-17086 20729-17084 20799-17084 20938-17086 20972-17084 21262-17084 19407-17084 19949-17086 20906-17084 20874-17086 21103-17086 20694-17086 20729-17084 20799-17084 20938-17086 20972-17084 21262-17084 19407-17084 19949-17086 20906-17084 20874-17086 21103-17086 Important 20694-17086 Important 20729-17084 Important 20799-17084 Important 20938-17086 Important 20972-17084 Important 21262-17084 Important 19407-17084 Important 19949-17086 Important 20906-17084 Important 20874-17086 Important 21103-17086 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 20694-17086 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 20729-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 20799-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 20938-17086 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 20972-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 21262-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19407-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19949-17086 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 20906-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 20874-17086 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 21103-17086 1.0 2025-09-04T04:33:02 <p>Information published.</p> 3.0 2025-12-07T01:46:15 <p>Information published.</p> 4.0 2026-01-08T14:43:35 <p>Information published.</p> 5.0 2026-02-18T15:11:48 <p>Information published.</p> 7.0 2026-03-04T14:47:07 <p>Information published.</p> 8.0 2026-03-31T14:42:00 <p>Information published.</p> 9.0 2026-04-29T14:59:26 <p>Information published.</p> 2.0 2025-12-06T14:37:04 <p>Information published.</p> 6.0 2026-03-03T14:38:28 <p>Information published.</p> hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-54567 Incorrect Provision of Specified Functionality 20035-17084 20691-17086 20035-17084 20691-17086 Low 20035-17084 Moderate 20691-17086 4.2 3.9 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U 20035-17084 4.2 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L 20691-17086 1.0 2025-09-04T04:37:16 <p>Information published.</p> 2.0 2025-12-18T01:04:33 <p>Information published.</p> 3.0 2026-01-13T01:39:55 <p>Information published.</p> 3.1 2026-02-18T02:27:48 <p>Information published.</p> usb: gadget: u_serial: Fix race condition in TTY wakeup <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38448 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19683-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T05:05:56 <p>Information published.</p> 3.0 2026-01-13T01:41:45 <p>Information published.</p> 2.0 2025-12-24T01:03:08 <p>Information published.</p> on-headers vulnerable to http response header manipulation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openjs Yes CVE-2025-7339 Improper Handling of Unexpected Data Type 20124-17086 19693-17084 20124-17086 19693-17084 Low 20124-17086 Low 19693-17084 3.4 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 20124-17086 3.4 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 19693-17084 1.0 2025-09-17T01:01:34 <p>Information published.</p> 1.1 2026-02-18T01:58:55 <p>Information published.</p> drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()` Mariner Linux Yes CVE-2025-38189 NULL Pointer Dereference 20613-17084 17087-17086 20613-17084 17087-17086 Moderate 20613-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-11-21T01:01:48 <p>Information published.</p> 2.0 2025-11-25T01:38:24 <p>Information published.</p> f2fs: zone: fix to avoid inconsistence in between SIT and SSA Mariner Linux Yes CVE-2025-38164 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 1.0 2025-11-22T01:01:22 <p>Information published.</p> 2.0 2025-11-25T01:39:34 <p>Information published.</p> net/sched: Always pass notifications when child class becomes empty Mariner Linux Yes CVE-2025-38350 Use After Free 17087-17086 17087-17086 Important 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-12-18T01:01:55 <p>Information published.</p> 2.0 2026-02-24T14:36:44 <p>Information published.</p> smb: client: fix use-after-free in crypt_message when using async crypto Mariner Linux Yes CVE-2025-38488 Use After Free 17087-17086 17087-17086 Important 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2026-01-08T01:01:46 <p>Information published.</p> 2.0 2026-02-24T14:41:53 <p>Information published.</p> The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner glibc Yes CVE-2025-8058 Double Free 20426-17084 20614-17084 20570-17084 20426-17084 20614-17084 20570-17084 Moderate 20426-17084 Moderate 20614-17084 Moderate 20570-17084 CBL-Mariner Releases 20614-17084 20570-17084 No Security Update 2.38-15 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20614-17084 20570-17084 CBL-Mariner Releases 1.0 2025-10-22T01:01:52 <p>Information published.</p> latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. https://nvd.nist.gov/vuln/detail/CVE-2023-50967 https://nvd.nist.gov/vuln/detail/CVE-2023-50967 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-50967 Uncontrolled Resource Consumption 12356 12357 12356 12357 12356 12357 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12356 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12357 jose 12356 jose-14-3.azl3.x86_64.rpm 0001-01-01T00:00:00 libjose-14-3.azl3.x86_64.rpm 0001-01-01T00:00:00 libjose-devel-14-3.azl3.x86_64.rpm 0001-01-01T00:00:00 jose-debuginfo-14-3.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 14-3 https://nvd.nist.gov/vuln/detail/CVE-2023-50967 12356 jose jose 12357 jose-14-3.azl3.aarch64.rpm 0001-01-01T00:00:00 libjose-14-3.azl3.aarch64.rpm 0001-01-01T00:00:00 libjose-devel-14-3.azl3.aarch64.rpm 0001-01-01T00:00:00 jose-debuginfo-14-3.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 14-3 https://nvd.nist.gov/vuln/detail/CVE-2023-50967 12357 jose 1.0 2025-07-11T00:00:00 <p>Information published.</p> Glibc: stack read overflow in getaddrinfo in no-aaaa mode https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-4527 Stack-based Buffer Overflow 12356 12357 19587-17084 12356 12357 19587-17084 12356 12357 Moderate 19587-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H 12356 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H 12357 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H 19587-17084 glibc 12356 glibc-2.38-11.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-devel-2.38-11.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-static-2.38-11.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-lang-2.38-11.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-i18n-2.38-11.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-iconv-2.38-11.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-tools-2.38-11.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-nscd-2.38-11.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-locales-all-2.38-11.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-debuginfo-2.38-11.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.38-11 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 12356 glibc glibc 12357 glibc-2.38-11.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-devel-2.38-11.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-static-2.38-11.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-lang-2.38-11.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-i18n-2.38-11.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-iconv-2.38-11.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-tools-2.38-11.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-nscd-2.38-11.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-locales-all-2.38-11.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-debuginfo-2.38-11.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.38-11 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 12357 glibc CBL-Mariner Releases 19587-17084 No Security Update 2.38-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19587-17084 CBL-Mariner Releases 1.1 2026-02-18T03:09:55 <p>Information published.</p> 1.0 2025-07-11T00:00:00 <p>Information published.</p> ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-53034 19734-17084 19734-17084 Moderate 19734-17084 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H 19734-17084 CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:16:21 <p>Information published.</p> MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan. https://nvd.nist.gov/vuln/detail/CVE-2023-52971 https://nvd.nist.gov/vuln/detail/CVE-2023-52971 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-52971 Insecure Automated Optimizations 12357 12356 19283-17084 12357 12356 19283-17084 12357 12356 Moderate 19283-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12357 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12356 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19283-17084 mariadb 12357 mariadb-10.11.11-1.azl3.aarch64.rpm 0001-01-01T00:00:00 mariadb-server-10.11.11-1.azl3.aarch64.rpm 0001-01-01T00:00:00 mariadb-server-galera-10.11.11-1.azl3.aarch64.rpm 0001-01-01T00:00:00 mariadb-devel-10.11.11-1.azl3.aarch64.rpm 0001-01-01T00:00:00 mariadb-errmsg-10.11.11-1.azl3.aarch64.rpm 0001-01-01T00:00:00 mariadb-debuginfo-10.11.11-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 10.11.11-1 https://nvd.nist.gov/vuln/detail/CVE-2023-52971 12357 mariadb mariadb 12356 mariadb-10.11.11-1.azl3.x86_64.rpm 0001-01-01T00:00:00 mariadb-server-10.11.11-1.azl3.x86_64.rpm 0001-01-01T00:00:00 mariadb-server-galera-10.11.11-1.azl3.x86_64.rpm 0001-01-01T00:00:00 mariadb-devel-10.11.11-1.azl3.x86_64.rpm 0001-01-01T00:00:00 mariadb-errmsg-10.11.11-1.azl3.x86_64.rpm 0001-01-01T00:00:00 mariadb-debuginfo-10.11.11-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 10.11.11-1 https://nvd.nist.gov/vuln/detail/CVE-2023-52971 12356 mariadb CBL-Mariner Releases 19283-17084 No Security Update 10.11.11-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19283-17084 CBL-Mariner Releases 1.1 2026-02-18T01:55:03 <p>Information published.</p> 1.0 2025-07-11T00:00:00 <p>Information published.</p> Memory Allocation with Excessive Size Value in Wireshark https://nvd.nist.gov/vuln/detail/CVE-2023-5371 https://nvd.nist.gov/vuln/detail/CVE-2023-5371 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2023-5371 Memory Allocation with Excessive Size Value 12356 12357 12356 12357 12356 12357 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12356 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12357 wireshark 12356 wireshark-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 wireshark-cli-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 wireshark-devel-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 wireshark-debuginfo-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.7-1 https://nvd.nist.gov/vuln/detail/CVE-2023-5371 12356 wireshark wireshark 12357 wireshark-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 wireshark-cli-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 wireshark-devel-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 wireshark-debuginfo-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.7-1 https://nvd.nist.gov/vuln/detail/CVE-2023-5371 12357 wireshark 1.0 2025-07-11T00:00:00 <p>Information published.</p> Out-of-bounds Read in Wireshark https://nvd.nist.gov/vuln/detail/CVE-2023-6174 https://nvd.nist.gov/vuln/detail/CVE-2023-6174 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2023-6174 Out-of-bounds Read 12357 12356 12357 12356 12357 12356 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12357 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12356 wireshark 12357 wireshark-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 wireshark-cli-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 wireshark-devel-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 wireshark-debuginfo-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.7-1 https://nvd.nist.gov/vuln/detail/CVE-2023-6174 12357 wireshark wireshark 12356 wireshark-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 wireshark-cli-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 wireshark-devel-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 wireshark-debuginfo-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.7-1 https://nvd.nist.gov/vuln/detail/CVE-2023-6174 12356 wireshark 1.0 2025-07-11T00:00:00 <p>Information published.</p> Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark https://nvd.nist.gov/vuln/detail/CVE-2023-6175 https://nvd.nist.gov/vuln/detail/CVE-2023-6175 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2023-6175 Buffer Copy without Checking Size of Input (&#39;Classic Buffer Overflow&#39;) 12356 12357 12356 12357 12356 12357 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12356 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12357 wireshark 12356 wireshark-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 wireshark-cli-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 wireshark-devel-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 wireshark-debuginfo-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.7-1 https://nvd.nist.gov/vuln/detail/CVE-2023-6175 12356 wireshark wireshark 12357 wireshark-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 wireshark-cli-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 wireshark-devel-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 wireshark-debuginfo-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.7-1 https://nvd.nist.gov/vuln/detail/CVE-2023-6175 12357 wireshark 1.0 2025-07-11T00:00:00 <p>Information published.</p> LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-25176 Stack-based Buffer Overflow 19527-17084 20311-17086 19536-16823 20314-17086 20174-17084 19527-17084 20311-17086 19536-16823 20314-17086 20174-17084 Important 19527-17084 Important 20311-17086 Important 19536-16823 Important 20314-17086 Important 20174-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19527-17084 9.4 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U 20311-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19536-16823 9.4 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U 20314-17086 9.4 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U 20174-17084 CBL-Mariner Releases 19527-17084 20174-17084 No Security Update 1.0.20-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19527-17084 20174-17084 CBL-Mariner Releases CBL-Mariner Releases 20311-17086 19536-16823 No Security Update 2.1.0-27 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20311-17086 19536-16823 CBL-Mariner Releases CBL-Mariner Releases 20314-17086 No Security Update 1.0.20-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20314-17086 CBL-Mariner Releases 1.0 2025-07-19T00:00:00 <p>Information published.</p> 2.0 2025-07-25T00:00:00 <p>Added luajit to CBL-Mariner 2.0 Added sysbench to CBL-Mariner 2.0 Added sysbench to Azure Linux 3.0</p> 2.1 2026-02-18T01:59:57 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50077 19570-16823 19591-17084 20247-17086 19547-17086 19570-16823 19591-17084 20247-17086 19547-17086 Moderate 19570-16823 Moderate 19591-17084 20247-17086 Moderate 19547-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19570-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20247-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-17086 CBL-Mariner Releases 19570-16823 19591-17084 20247-17086 19547-17086 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 19591-17084 20247-17086 19547-17086 CBL-Mariner Releases 1.0 2025-08-06T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:23:54 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50079 Uncontrolled Resource Consumption 19570-16823 19591-17084 19547-17086 20247-17086 19570-16823 19591-17084 19547-17086 20247-17086 Moderate 19570-16823 Moderate 19591-17084 Moderate 19547-17086 20247-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19570-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20247-17086 CBL-Mariner Releases 19570-16823 19591-17084 19547-17086 20247-17086 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 19591-17084 19547-17086 20247-17086 CBL-Mariner Releases 2.0 2026-02-18T01:47:03 <p>Information published.</p> 1.0 2025-08-06T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50082 19570-16823 19591-17084 19547-17086 20247-17086 19570-16823 19591-17084 19547-17086 20247-17086 Moderate 19570-16823 Moderate 19591-17084 Moderate 19547-17086 20247-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19570-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19591-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19547-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20247-17086 CBL-Mariner Releases 19570-16823 19591-17084 19547-17086 20247-17086 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 19591-17084 19547-17086 20247-17086 CBL-Mariner Releases 1.0 2025-08-06T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:36:22 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50086 Incorrect Authorization 19570-16823 19591-17084 20247-17086 19547-17086 19570-16823 19591-17084 20247-17086 19547-17086 Moderate 19570-16823 Moderate 19591-17084 20247-17086 Moderate 19547-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19570-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20247-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-17086 CBL-Mariner Releases 19570-16823 19591-17084 20247-17086 19547-17086 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 19591-17084 20247-17086 19547-17086 CBL-Mariner Releases 1.0 2025-08-06T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:37:27 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50087 19570-16823 19591-17084 20247-17086 19547-17086 19570-16823 19591-17084 20247-17086 19547-17086 Moderate 19570-16823 Moderate 19591-17084 20247-17086 Moderate 19547-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 19570-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 20247-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 19547-17086 CBL-Mariner Releases 19570-16823 19591-17084 20247-17086 19547-17086 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 19591-17084 20247-17086 19547-17086 CBL-Mariner Releases 1.0 2025-08-06T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:34:15 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50094 19570-16823 20247-17086 19591-17084 19547-17086 19570-16823 20247-17086 19591-17084 19547-17086 Moderate 19570-16823 20247-17086 Moderate 19591-17084 Moderate 19547-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19570-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20247-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-17086 CBL-Mariner Releases 19570-16823 20247-17086 19591-17084 19547-17086 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 20247-17086 19591-17084 19547-17086 CBL-Mariner Releases 1.0 2025-08-06T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:39:33 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50097 Uncontrolled Resource Consumption 19570-16823 19591-17084 20247-17086 19547-17086 19570-16823 19591-17084 20247-17086 19547-17086 Moderate 19570-16823 Moderate 19591-17084 20247-17086 Moderate 19547-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19570-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20247-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-17086 CBL-Mariner Releases 19570-16823 19591-17084 20247-17086 19547-17086 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 19591-17084 20247-17086 19547-17086 CBL-Mariner Releases 2.0 2026-02-18T01:41:37 <p>Information published.</p> 1.0 2025-08-06T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50104 19570-16823 19591-17084 20247-17086 19547-17086 19570-16823 19591-17084 20247-17086 19547-17086 Low 19570-16823 Low 19591-17084 20247-17086 Low 19547-17086 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 19570-16823 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 19591-17084 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 20247-17086 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 19547-17086 CBL-Mariner Releases 19570-16823 19591-17084 20247-17086 19547-17086 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 19591-17084 20247-17086 19547-17086 CBL-Mariner Releases 1.0 2025-08-06T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:30:04 <p>Information published.</p> Apache HTTP Server: HTTP response splitting <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2024-42516 Improper Input Validation 19528-17084 20148-17086 17686-17084 19537-16823 17276-17086 19528-17084 20148-17086 17686-17084 19537-16823 17276-17086 Moderate 19528-17084 20148-17086 Moderate 17686-17084 Moderate 19537-16823 Moderate 17276-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19528-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U 20148-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U 17686-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19537-16823 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U 17276-17086 CBL-Mariner Releases 19528-17084 20148-17086 17686-17084 19537-16823 17276-17086 No Security Update 2.4.64-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19528-17084 20148-17086 17686-17084 19537-16823 17276-17086 CBL-Mariner Releases 1.0 2025-07-17T00:00:00 <p>Information published.</p> 2.0 2025-07-18T00:00:00 <p>Added httpd to CBL-Mariner 2.0 Added httpd to Azure Linux 3.0</p> 3.0 2026-02-18T01:17:13 <p>Information published.</p> Apache HTTP Server: SSRF with mod_headers setting Content-Type header <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2024-43204 Server-Side Request Forgery (SSRF) 19528-17084 17686-17084 17276-17086 19537-16823 20148-17086 19528-17084 17686-17084 17276-17086 19537-16823 20148-17086 Moderate 19528-17084 Moderate 17686-17084 Moderate 17276-17086 Moderate 19537-16823 20148-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19528-17084 5.4 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U 17686-17084 5.4 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U 17276-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19537-16823 5.4 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U 20148-17086 CBL-Mariner Releases 19528-17084 17686-17084 17276-17086 19537-16823 20148-17086 No Security Update 2.4.64-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19528-17084 17686-17084 17276-17086 19537-16823 20148-17086 CBL-Mariner Releases 1.0 2025-07-17T00:00:00 <p>Information published.</p> 2.0 2025-07-18T00:00:00 <p>Added httpd to CBL-Mariner 2.0 Added httpd to Azure Linux 3.0</p> 3.0 2026-02-18T01:18:20 <p>Information published.</p> Apache HTTP Server: mod_ssl error log variable escaping <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2024-47252 Improper Neutralization of Escape, Meta, or Control Sequences 19528-17084 20148-17086 17686-17084 17276-17086 19537-16823 19528-17084 20148-17086 17686-17084 17276-17086 19537-16823 Moderate 19528-17084 20148-17086 Moderate 17686-17084 Moderate 17276-17086 Moderate 19537-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19528-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U 20148-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U 17686-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U 17276-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19537-16823 CBL-Mariner Releases 19528-17084 20148-17086 17686-17084 17276-17086 19537-16823 No Security Update 2.4.64-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19528-17084 20148-17086 17686-17084 17276-17086 19537-16823 CBL-Mariner Releases 1.0 2025-07-17T00:00:00 <p>Information published.</p> 2.0 2025-07-18T00:00:00 <p>Added httpd to CBL-Mariner 2.0 Added httpd to Azure Linux 3.0</p> 3.0 2026-02-18T01:19:23 <p>Information published.</p> pgsql extension does not check for errors during escaping <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner php Yes CVE-2025-1735 Improper Neutralization of Special Elements used in an SQL Command (&#39;SQL Injection&#39;) 19545-16823 20163-17084 20169-17086 19238-17086 19545-16823 20163-17084 20169-17086 19238-17086 Moderate 19545-16823 Moderate 20163-17084 20169-17086 Moderate 19238-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19545-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20163-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20169-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19238-17086 CBL-Mariner Releases 19545-16823 20169-17086 19238-17086 No Security Update 8.1.33-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19545-16823 20169-17086 19238-17086 CBL-Mariner Releases 2.0 2025-11-25T01:37:27 <p>Information published.</p> 1.0 2025-08-06T00:00:00 <p>Information published.</p> 3.0 2026-02-18T01:11:16 <p>Information published.</p> Redis allows out of bounds writes in hyperloglog commands leading to RCE <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-32023 Integer Overflow to Buffer Overflow 19549-16823 19593-17084 20238-17086 19592-17084 19549-16823 19593-17084 20238-17086 19592-17084 Important 19549-16823 Important 19593-17084 Important 20238-17086 Important 19592-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19549-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19593-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20238-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19592-17084 CBL-Mariner Releases 19549-16823 20238-17086 No Security Update 6.2.18-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19549-16823 20238-17086 CBL-Mariner Releases CBL-Mariner Releases 19593-17084 19592-17084 No Security Update 8.0.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19593-17084 19592-17084 CBL-Mariner Releases 2.0 2025-07-29T00:00:00 <p>Added valkey to Azure Linux 3.0 Added redis to CBL-Mariner 2.0</p> 1.0 2025-07-11T00:00:00 <p>Information published.</p> 2.1 2026-02-18T02:57:31 <p>Information published.</p> Gnutls: vulnerability in gnutls othername san export <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-32988 Double Free 19552-16823 19597-17084 20134-17086 17479-17084 19552-16823 19597-17084 20134-17086 17479-17084 Moderate 19552-16823 Moderate 19597-17084 Moderate 20134-17086 Moderate 17479-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 19552-16823 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 19597-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 20134-17086 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 17479-17084 CBL-Mariner Releases 19552-16823 20134-17086 No Security Update 3.7.11-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19552-16823 20134-17086 CBL-Mariner Releases CBL-Mariner Releases 19597-17084 17479-17084 No Security Update 3.8.3-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19597-17084 17479-17084 CBL-Mariner Releases 1.0 2025-07-15T00:00:00 <p>Information published.</p> 2.0 2025-07-25T00:00:00 <p>Added gnutls to CBL-Mariner 2.0 Added gnutls to Azure Linux 3.0</p> 2.1 2026-02-18T01:04:33 <p>Information published.</p> Gnutls: vulnerability in gnutls certtool template parsing <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-32990 Heap-based Buffer Overflow 19552-16823 19597-17084 20134-17086 17479-17084 19552-16823 19597-17084 20134-17086 17479-17084 Moderate 19552-16823 Moderate 19597-17084 Moderate 20134-17086 Moderate 17479-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 19552-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 19597-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 20134-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 17479-17084 CBL-Mariner Releases 19552-16823 20134-17086 No Security Update 3.7.11-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19552-16823 20134-17086 CBL-Mariner Releases CBL-Mariner Releases 19597-17084 17479-17084 No Security Update 3.8.3-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19597-17084 17479-17084 CBL-Mariner Releases 2.1 2025-08-15T00:00:00 <p>Added gnutls to CBL-Mariner 2.0 Added gnutls to Azure Linux 3.0</p> 1.0 2025-07-15T00:00:00 <p>Information published.</p> 2.0 2025-07-25T00:00:00 <p>Added gnutls to CBL-Mariner 2.0 Added gnutls to Azure Linux 3.0</p> 2.2 2026-02-18T01:06:39 <p>Information published.</p> drm/amd/display: check stream id dml21 wrapper to get plane_id https://nvd.nist.gov/vuln/detail/CVE-2025-38091 https://nvd.nist.gov/vuln/detail/CVE-2025-38091 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38091 12357 12356 19880-17084 12357 12356 19880-17084 12357 12356 Low 19880-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12357 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12356 2.3 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 19880-17084 kernel 12357 kernel-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-intree-amdgpu-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 python3-perf-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 bpftool-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.6.92.2-2 https://nvd.nist.gov/vuln/detail/CVE-2025-38091 12357 kernel kernel 12356 kernel-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-intree-amdgpu-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 python3-perf-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 bpftool-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.6.92.2-2 https://nvd.nist.gov/vuln/detail/CVE-2025-38091 12356 kernel CBL-Mariner Releases 19880-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:25:45 <p>Information published.</p> ksmbd: use list_first_entry_or_null for opinfo_get_list() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38092 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 19880-17084 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:26:21 <p>Information published.</p> espintcp: remove encap socket caching to avoid reference leak <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38097 19880-17084 17087-17086 20925-17086 21093-17086 19880-17084 17087-17086 20925-17086 21093-17086 Moderate 19880-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-12-18T01:01:39 <p>Information published.</p> 2.1 2026-02-18T01:52:26 <p>Information published.</p> 3.0 2026-03-03T14:43:15 <p>Information published.</p> 4.0 2026-03-31T14:51:49 <p>Information published.</p> HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38103 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.1 2026-02-18T01:58:54 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> net_sched: ets: fix a race in ets_qdisc_change() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38107 Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) 19880-17084 19880-17084 Important 19880-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:37:46 <p>Information published.</p> net/mlx5: Fix ECVF vports unload on shutdown flow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38109 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:35:08 <p>Information published.</p> net/mdiobus: Fix potential out-of-bounds read/write access <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38111 Out-of-bounds Read 17085-17084 19880-17084 17085-17084 19880-17084 Moderate 17085-17084 Moderate 19880-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17085-17084 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:42:37 <p>Information published.</p> net: Fix TOCTOU issue in sk_is_readable() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38112 17085-17084 19880-17084 17085-17084 19880-17084 Moderate 17085-17084 Moderate 19880-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:43:22 <p>Information published.</p> net_sched: sch_sfq: fix a potential crash on gso_skb handling <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38115 17085-17084 19880-17084 17085-17084 19880-17084 Moderate 17085-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:49:30 <p>Information published.</p> scsi: core: ufs: Fix a hang in the error handler <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38119 17085-17084 19880-17084 17085-17084 19880-17084 Moderate 17085-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17085-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:45:31 <p>Information published.</p> gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38122 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:54:48 <p>Information published.</p> net: wwan: t7xx: Fix napi rx poll issue <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38123 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:40:28 <p>Information published.</p> coresight: prevent deactivate active config while enabling the config <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38131 17087-17086 19880-17084 17087-17086 19880-17084 Important 17087-17086 Moderate 19880-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-12-19T01:01:55 <p>Information published.</p> 3.0 2026-01-08T01:39:09 <p>Information published.</p> 3.1 2026-02-18T01:39:48 <p>Information published.</p> serial: Fix potential null-ptr-deref in mlb_usio_probe() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38135 NULL Pointer Dereference 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.1 2026-02-18T01:47:29 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> usb: renesas_usbhs: Reorder clock handling and power management in probe <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38136 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.1 2026-02-18T01:55:48 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> dmaengine: ti: Add NULL check in udma_probe() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38138 17085-17084 19880-17084 17085-17084 19880-17084 Moderate 17085-17084 Moderate 19880-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:44:50 <p>Information published.</p> backlight: pm8941: Add NULL check in wled_configure() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38143 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.1 2026-02-18T01:34:31 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38145 NULL Pointer Dereference 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.1 2026-02-18T01:57:55 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> net: openvswitch: Fix the dead loop of MPLS parse <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38146 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:27:57 <p>Information published.</p> calipso: Don't call calipso functions for AF_INET sk. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38147 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:37:09 <p>Information published.</p> net: phy: clear phydev->devlink when the link is deleted <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38149 NULL Pointer Dereference 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17085-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:56:51 <p>Information published.</p> net: usb: aqc111: fix error handling of usbnet read calls <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38153 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:41:06 <p>Information published.</p> hisi_acc_vfio_pci: fix XQE dma address error <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38158 17085-17084 19880-17084 17085-17084 19880-17084 Moderate 17085-17084 Moderate 19880-17084 5.7 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:59:52 <p>Information published.</p> wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38159 Out-of-bounds Read 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17085-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:38:24 <p>Information published.</p> RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38161 17085-17084 19880-17084 17085-17084 19880-17084 Moderate 17085-17084 Moderate 19880-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.1 2026-02-18T01:28:40 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> bpf, sockmap: Fix panic when calling skb_linearize <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38165 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:46:12 <p>Information published.</p> bpf: fix ktls panic with sockmap <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38166 17085-17084 19880-17084 17087-17086 20925-17086 21093-17086 17085-17084 19880-17084 17087-17086 20925-17086 21093-17086 Moderate 17085-17084 Moderate 19880-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-12-20T01:01:49 <p>Information published.</p> 3.0 2026-03-03T14:45:31 <p>Information published.</p> 4.0 2026-03-31T14:56:16 <p>Information published.</p> 2.1 2026-02-18T02:08:33 <p>Information published.</p> arm64/fpsimd: Discard stale CPU state when handling SME traps <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38170 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.1 2026-02-18T02:04:13 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> net: atm: fix /proc/net/atm/lec handling <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38180 19880-17084 19880-17084 Important 19880-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:47:14 <p>Information published.</p> calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38181 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:45:44 <p>Information published.</p> ublk: santizize the arguments from userspace when adding a device <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38182 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:45:12 <p>Information published.</p> atm: atmtcp: Free invalid length skb in atmtcp_c_send(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38185 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.1 2026-02-18T02:48:23 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> atm: Revert atm_account_tx() if copy_from_iter_full() fails. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38190 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:50:28 <p>Information published.</p> ksmbd: fix null pointer dereference in destroy_previous_session <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38191 19880-17084 17087-17086 19880-17084 17087-17086 Moderate 19880-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-12-20T01:01:59 <p>Information published.</p> 3.0 2026-01-13T01:40:20 <p>Information published.</p> 3.1 2026-02-18T02:25:58 <p>Information published.</p> net: clear the dst when changing skb protocol <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38192 NULL Pointer Dereference 17085-17084 19880-17084 17087-17086 21093-17086 20925-17086 17085-17084 19880-17084 17087-17086 21093-17086 20925-17086 Moderate 17085-17084 Moderate 19880-17084 Moderate 17087-17086 Moderate 21093-17086 Moderate 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17085-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 2.0 2025-11-21T01:02:04 <p>Information published.</p> 2.1 2026-02-18T02:41:28 <p>Information published.</p> 3.0 2026-03-03T14:44:23 <p>Information published.</p> 4.0 2026-03-31T14:55:05 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> jffs2: check that raw node were preallocated before writing summary <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38194 19880-17084 19880-17084 Important 19880-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:14:51 <p>Information published.</p> platform/x86: dell_rbu: Fix list usage <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38197 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.1 2026-02-18T02:54:12 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 https://nvd.nist.gov/vuln/detail/CVE-2025-38205 https://nvd.nist.gov/vuln/detail/CVE-2025-38205 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38205 12356 12357 19880-17084 12356 12357 19880-17084 12356 12357 19880-17084 kernel 12356 kernel-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-intree-amdgpu-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 python3-perf-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 bpftool-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-6.6.92.2-2.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.6.92.2-2 https://nvd.nist.gov/vuln/detail/CVE-2025-38205 12356 kernel kernel 12357 kernel-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-intree-amdgpu-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 python3-perf-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 bpftool-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-6.6.92.2-2.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.6.92.2-2 https://nvd.nist.gov/vuln/detail/CVE-2025-38205 12357 kernel CBL-Mariner Releases 19880-17084 No Security Update 6.6.92.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> smb: client: add NULL check in automount_fullpath <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38208 17085-17084 17087-17086 20925-17086 21093-17086 19880-17084 17085-17084 17087-17086 20925-17086 21093-17086 19880-17084 Moderate 17085-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-11-20T01:01:47 <p>Information published.</p> 4.0 2026-03-31T14:51:16 <p>Information published.</p> 2.1 2026-02-18T02:22:50 <p>Information published.</p> 3.0 2026-03-03T14:40:50 <p>Information published.</p> RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38211 Use After Free 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:20:52 <p>Information published.</p> Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38213 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:15:45 <p>Information published.</p> fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38214 19880-17084 19880-17084 Important 19880-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:52:01 <p>Information published.</p> hwmon: (ftsteutates) Fix TOCTOU race in fts_read() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38217 Time-of-check Time-of-use (TOCTOU) Race Condition 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:27:11 <p>Information published.</p> f2fs: prevent kernel warning due to negative i_nlink from corrupted image <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38219 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:49:55 <p>Information published.</p> ext4: only dirty folios when data journaling regular files <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38220 NULL Pointer Dereference 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17085-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:51:27 <p>Information published.</p> media: imx-jpeg: Cleanup after an allocation error <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38225 19880-17084 17087-17086 19880-17084 17087-17086 Moderate 19880-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-12-20T01:02:15 <p>Information published.</p> 3.0 2026-01-13T01:40:27 <p>Information published.</p> 3.1 2026-02-18T02:20:03 <p>Information published.</p> media: vidtv: Terminating the subsequent process of initialization failure <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38227 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:53:40 <p>Information published.</p> media: cxusb: no longer judge rbuf when the write fails <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38229 19880-17084 19880-17084 Important 19880-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:52:36 <p>Information published.</p> jfs: validate AG parameters in dbMount() to prevent crashes <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38230 19880-17084 17087-17086 19880-17084 17087-17086 Important 19880-17084 Important 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-12-20T01:02:20 <p>Information published.</p> 3.0 2026-01-08T01:39:19 <p>Information published.</p> 3.1 2026-02-18T02:16:59 <p>Information published.</p> nfsd: Initialize ssc before laundromat_work to prevent NULL dereference <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38231 17085-17084 19880-17084 17085-17084 19880-17084 Moderate 17085-17084 Moderate 19880-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.1 2026-02-18T02:43:31 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> smb: client: fix potential deadlock when reconnecting channels <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38244 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:59:55 <p>Information published.</p> atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38245 19880-17084 17087-17086 19880-17084 17087-17086 Moderate 19880-17084 Important 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 2.0 2025-12-20T01:02:30 <p>Information published.</p> 2.1 2026-02-18T03:01:57 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> 3.0 2026-02-24T14:37:36 <p>Information published.</p> ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38249 Out-of-bounds Read 19880-17084 17087-17086 19880-17084 17087-17086 Moderate 19880-17084 Important 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-12-20T01:02:34 <p>Information published.</p> 2.1 2026-02-18T03:03:37 <p>Information published.</p> 3.0 2026-02-24T14:37:43 <p>Information published.</p> mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38258 Missing Release of Memory after Effective Lifetime 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.1 2026-02-18T03:00:55 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> ASoC: codecs: wcd9335: Fix missing free of regulator supplies <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38259 17087-17086 19880-17084 17087-17086 19880-17084 Important 17087-17086 Moderate 19880-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-12-20T01:02:49 <p>Information published.</p> 3.1 2026-02-18T03:04:13 <p>Information published.</p> 3.0 2026-01-08T01:39:29 <p>Information published.</p> btrfs: handle csum tree error with rescue=ibadroots correctly <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38260 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:58:39 <p>Information published.</p> serial: jsm: fix NPE during jsm_uart_port_init <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38265 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:58:55 <p>Information published.</p> fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38274 NULL Pointer Dereference 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T03:07:18 <p>Information published.</p> phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38275 17087-17086 19880-17084 17087-17086 19880-17084 Moderate 17087-17086 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 2.0 2025-12-20T01:03:04 <p>Information published.</p> 3.0 2026-01-13T01:40:41 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> 3.1 2026-02-18T15:07:57 <p>Information published.</p> bpf: Avoid __bpf_prog_ret0_warn when jit fails <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38280 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:59:21 <p>Information published.</p> kernfs: Relax constraint in draining guard <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38282 17085-17084 19880-17084 17085-17084 19880-17084 Low 17085-17084 Low 19880-17084 3.3 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:10:18 <p>Information published.</p> hisi_acc_vfio_pci: bugfix live migration function without VF device driver <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38283 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:02:34 <p>Information published.</p> wifi: ath12k: fix node corruption in ar->arvifs list <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38290 Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) 19880-17084 19880-17084 Important 19880-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:06:24 <p>Information published.</p> wifi: ath11k: fix node corruption in ar->arvifs list <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38293 19880-17084 19880-17084 Important 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:09:55 <p>Information published.</p> crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38300 19880-17084 17087-17086 20925-17086 21093-17086 19880-17084 17087-17086 20925-17086 21093-17086 Moderate 19880-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 2.0 2025-12-21T01:01:38 <p>Information published.</p> 3.1 2026-02-18T03:06:56 <p>Information published.</p> 4.0 2026-03-03T14:47:15 <p>Information published.</p> 5.0 2026-03-31T14:58:19 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> 3.0 2025-12-23T01:36:50 <p>Information published.</p> ASoC: Intel: avs: Verify content returned by parse_int_array() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38307 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T03:07:40 <p>Information published.</p> seg6: Fix validation of nexthop addresses <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38310 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.1 2026-02-18T15:05:23 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38312 17085-17084 19880-17084 17085-17084 19880-17084 Moderate 17085-17084 Moderate 19880-17084 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.1 2026-02-18T15:07:08 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38320 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:00:33 <p>Information published.</p> smb: Log an error when close_all_cached_dirs fails <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38321 19880-17084 17087-17086 19880-17084 17087-17086 Moderate 19880-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 3.1 2026-02-18T03:09:03 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-11-20T01:02:08 <p>Information published.</p> 3.0 2025-11-25T01:37:58 <p>Information published.</p> net: atm: add lec_mutex <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38323 Use After Free 17085-17084 19880-17084 17085-17084 19880-17084 Moderate 17085-17084 Moderate 19880-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17085-17084 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:03:12 <p>Information published.</p> jffs2: check jffs2_prealloc_raw_node_refs() result in few other places <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38328 19880-17084 19880-17084 Important 19880-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:05:54 <p>Information published.</p> net: ethernet: cortina: Use TOE/TSO on all TCP <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38331 19880-17084 17087-17086 20925-17086 21093-17086 19880-17084 17087-17086 20925-17086 21093-17086 Moderate 19880-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 2.0 2025-12-21T01:01:43 <p>Information published.</p> 3.1 2026-02-18T03:09:21 <p>Information published.</p> 4.0 2026-03-03T14:47:35 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> 3.0 2025-12-23T01:36:56 <p>Information published.</p> 5.0 2026-03-31T14:58:41 <p>Information published.</p> x86/sgx: Prevent attempts to reclaim poisoned pages <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38334 19880-17084 17087-17086 20925-17086 21093-17086 19880-17084 17087-17086 20925-17086 21093-17086 Moderate 19880-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-12-18T01:01:44 <p>Information published.</p> 3.0 2026-03-03T14:43:33 <p>Information published.</p> 2.1 2026-02-18T15:09:28 <p>Information published.</p> 4.0 2026-03-31T14:52:15 <p>Information published.</p> jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38337 NULL Pointer Dereference 19880-17084 19880-17084 Moderate 19880-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:07:38 <p>Information published.</p> fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38338 Double Free 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17085-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:59:45 <p>Information published.</p> wifi: mt76: mt7996: drop fragments with multicast or broadcast RA <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38343 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:06:54 <p>Information published.</p> ACPICA: fix acpi operand cache leak in dswstate.c <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38345 Missing Release of Memory after Effective Lifetime 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:01:18 <p>Information published.</p> ftrace: Fix UAF when lookup kallsym after ftrace disabled <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38346 Use After Free 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:00:12 <p>Information published.</p> f2fs: fix to do sanity check on ino and xnid <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38347 17087-17086 19880-17084 17087-17086 19880-17084 Moderate 17087-17086 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-12-21T01:01:48 <p>Information published.</p> 3.1 2026-02-18T15:02:11 <p>Information published.</p> 4.0 2026-02-24T14:38:13 <p>Information published.</p> 3.0 2025-12-23T01:37:01 <p>Information published.</p> wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38348 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-18T03:08:28 <p>Information published.</p> drm/amd/display: Add null pointer check for get_first_active_display() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38362 17087-17086 19880-17084 17087-17086 19880-17084 Moderate 17087-17086 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 2.0 2025-12-18T01:01:59 <p>Information published.</p> 2.1 2026-02-21T03:50:42 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> 3.0 2026-02-24T14:36:51 <p>Information published.</p> drm/tegra: Fix a possible null pointer dereference <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38363 17085-17084 19880-17084 17087-17086 17085-17084 19880-17084 17087-17086 Important 17085-17084 Important 19880-17084 Moderate 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-12-18T01:02:04 <p>Information published.</p> 3.0 2026-01-13T01:38:46 <p>Information published.</p> 3.1 2026-02-21T03:54:11 <p>Information published.</p> btrfs: fix a race between renames and directory logging <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38365 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-21T03:57:42 <p>Information published.</p> Squashfs: check return result of sb_min_blocksize <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38415 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-21T03:46:43 <p>Information published.</p> NFC: nci: uart: Set tty->disc_data only in success path <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38416 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-21T03:56:50 <p>Information published.</p> remoteproc: core: Release rproc->clean_table after rproc_attach() fails <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38418 19880-17084 19880-17084 Moderate 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-21T03:55:08 <p>Information published.</p> net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38422 17085-17084 17087-17086 21093-17086 19880-17084 20925-17086 17085-17084 17087-17086 21093-17086 19880-17084 20925-17086 Important 17085-17084 Important 17087-17086 Important 21093-17086 Important 19880-17084 Important 20925-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-12-25T01:02:26 <p>Information published.</p> 2.1 2026-02-21T03:53:03 <p>Information published.</p> 3.0 2026-03-03T14:48:43 <p>Information published.</p> 4.0 2026-03-31T15:00:54 <p>Information published.</p> perf: Fix sample vs do_exit() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38424 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.1 2026-02-21T03:47:42 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> i2c: tegra: check msg length in SMBUS block read <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38425 17085-17084 17087-17086 19880-17084 17085-17084 17087-17086 19880-17084 Important 17085-17084 Important 17087-17086 Important 19880-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-12-25T01:02:31 <p>Information published.</p> 3.0 2026-01-08T01:39:56 <p>Information published.</p> 3.1 2026-02-21T03:44:11 <p>Information published.</p> nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38430 17085-17084 19880-17084 17085-17084 19880-17084 Important 17085-17084 Important 19880-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 1.1 2026-02-21T03:42:48 <p>Information published.</p> drm/scheduler: signal scheduled fence when kill job <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38436 17085-17084 17087-17086 20925-17086 21093-17086 19880-17084 17085-17084 17087-17086 20925-17086 21093-17086 19880-17084 Important 17085-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Important 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19880-17084 CBL-Mariner Releases 17085-17084 19880-17084 No Security Update 6.6.96.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17085-17084 19880-17084 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2025-11-21T01:02:29 <p>Information published.</p> 2.1 2026-02-21T03:51:48 <p>Information published.</p> 3.0 2026-03-03T14:45:48 <p>Information published.</p> 4.0 2026-03-31T14:57:01 <p>Information published.</p> mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-49809 Inclusion of Functionality from Untrusted Control Sphere 19619-17084 20246-17084 19619-17084 20246-17084 Important 19619-17084 Important 20246-17084 7.8 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 19619-17084 7.8 7.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P 20246-17084 CBL-Mariner Releases 19619-17084 20246-17084 No Security Update 0.95-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19619-17084 20246-17084 CBL-Mariner Releases 1.0 2025-07-17T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:22:53 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.25. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50076 Uncontrolled Resource Consumption 1.0 2025-08-06T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50083 19570-16823 19591-17084 20247-17086 19547-17086 19570-16823 19591-17084 20247-17086 19547-17086 Moderate 19570-16823 Moderate 19591-17084 20247-17086 Moderate 19547-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19570-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19591-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20247-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19547-17086 CBL-Mariner Releases 19570-16823 19591-17084 20247-17086 19547-17086 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 19591-17084 20247-17086 19547-17086 CBL-Mariner Releases 1.0 2025-08-06T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:35:20 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-50101 19570-16823 19591-17084 19547-17086 20247-17086 19570-16823 19591-17084 19547-17086 20247-17086 Moderate 19570-16823 Moderate 19591-17084 Moderate 19547-17086 20247-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19570-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20247-17086 CBL-Mariner Releases 19570-16823 19591-17084 19547-17086 20247-17086 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 19591-17084 19547-17086 20247-17086 CBL-Mariner Releases 1.0 2025-08-06T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:42:41 <p>Information published.</p> Apache HTTP Server: HTTP/2 DoS by Memory Increase <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2025-53020 Missing Release of Memory after Effective Lifetime 19537-16823 19528-17084 20148-17086 17686-17084 17276-17086 19537-16823 19528-17084 20148-17086 17686-17084 17276-17086 Moderate 19537-16823 Moderate 19528-17084 20148-17086 Moderate 17686-17084 Moderate 17276-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19537-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19528-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20148-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17686-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17276-17086 CBL-Mariner Releases 19537-16823 19528-17084 20148-17086 17686-17084 17276-17086 No Security Update 2.4.64-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19537-16823 19528-17084 20148-17086 17686-17084 17276-17086 CBL-Mariner Releases 1.0 2025-07-17T00:00:00 <p>Information published.</p> 2.0 2025-07-18T00:00:00 <p>Added httpd to CBL-Mariner 2.0 Added httpd to Azure Linux 3.0</p> 3.0 2026-02-18T01:07:44 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-53023 19570-16823 19591-17084 20247-17086 19547-17086 19570-16823 19591-17084 20247-17086 19547-17086 Moderate 19570-16823 Moderate 19591-17084 20247-17086 Moderate 19547-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19570-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20247-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-17086 CBL-Mariner Releases 19570-16823 19591-17084 20247-17086 19547-17086 No Security Update 8.0.43-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-16823 19591-17084 20247-17086 19547-17086 CBL-Mariner Releases 1.0 2025-08-07T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:27:01 <p>Information published.</p> Libssh: double free vulnerability in libssh key export functions <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-5351 Double Free 19574-16823 19623-17084 18214-17084 20179-17086 18208-17086 19574-16823 19623-17084 18214-17084 20179-17086 18208-17086 Moderate 19574-16823 Moderate 19623-17084 Moderate 18214-17084 20179-17086 Moderate 18208-17086 4.2 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 19574-16823 4.2 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 19623-17084 4.2 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 18214-17084 4.2 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 20179-17086 4.2 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 18208-17086 CBL-Mariner Releases 19574-16823 19623-17084 18214-17084 20179-17086 18208-17086 No Security Update 0.10.6-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19574-16823 19623-17084 18214-17084 20179-17086 18208-17086 CBL-Mariner Releases 1.0 2025-07-17T00:00:00 <p>Information published.</p> 2.0 2025-07-18T00:00:00 <p>Added libssh to CBL-Mariner 2.0 Added libssh to Azure Linux 3.0</p> 3.0 2026-02-18T02:12:46 <p>Information published.</p> Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-53547 Improper Control of Generation of Code (&#39;Code Injection&#39;) 19575-16823 19963-17086 19575-16823 19963-17086 Important 19575-16823 Important 19963-17086 8.5 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H 19575-16823 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 19963-17086 CBL-Mariner Releases 19575-16823 19963-17086 No Security Update 3.14.2-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19575-16823 19963-17086 CBL-Mariner Releases 1.1 2026-02-18T03:06:28 <p>Information published.</p> 1.0 2025-07-16T00:00:00 <p>Information published.</p> Libssh: incorrect return code handling in ssh_kdf() in libssh <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-5372 Incorrect Calculation 19574-16823 19623-17084 20179-17086 18214-17084 18208-17086 19574-16823 19623-17084 20179-17086 18214-17084 18208-17086 Moderate 19574-16823 Moderate 19623-17084 20179-17086 Moderate 18214-17084 Moderate 18208-17086 5.0 5.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 19574-16823 5.0 5.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 19623-17084 5.0 5.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 20179-17086 5.0 5.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 18214-17084 5.0 5.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 18208-17086 CBL-Mariner Releases 19574-16823 19623-17084 20179-17086 18214-17084 18208-17086 No Security Update 0.10.6-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19574-16823 19623-17084 20179-17086 18214-17084 18208-17086 CBL-Mariner Releases 1.0 2025-07-17T00:00:00 <p>Information published.</p> 2.0 2025-07-18T00:00:00 <p>Added libssh to CBL-Mariner 2.0 Added libssh to Azure Linux 3.0</p> 3.0 2026-02-18T02:11:06 <p>Information published.</p> Vim has path traversial issue with tar.vim and special crafted tar files <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-53905 Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;) 19576-16823 19624-17084 19409-17084 20302-17086 19576-16823 19624-17084 19409-17084 20302-17086 Moderate 19576-16823 Moderate 19624-17084 Moderate 19409-17084 Moderate 20302-17086 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L 19576-16823 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L 19624-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L 19409-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L 20302-17086 CBL-Mariner Releases 19576-16823 19624-17084 19409-17084 20302-17086 No Security Update 9.1.1552-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19576-16823 19624-17084 19409-17084 20302-17086 CBL-Mariner Releases 1.1 2026-02-18T01:49:47 <p>Information published.</p> 1.0 2025-08-06T00:00:00 <p>Information published.</p> Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2025-54090 Incorrect Check of Function Return Value 19577-16823 19625-17084 19528-17084 20350-17086 19577-16823 19625-17084 19528-17084 20350-17086 Moderate 19577-16823 Moderate 19625-17084 Moderate 19528-17084 Moderate 20350-17086 6.3 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 19577-16823 6.3 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 19625-17084 6.3 5.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U 19528-17084 6.3 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 20350-17086 CBL-Mariner Releases 19577-16823 19625-17084 19528-17084 20350-17086 No Security Update 2.4.65-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19577-16823 19625-17084 19528-17084 20350-17086 CBL-Mariner Releases 2.0 2025-08-07T00:00:00 <p>Added httpd to CBL-Mariner 2.0 Added httpd to Azure Linux 3.0</p> 1.0 2025-08-06T00:00:00 <p>Information published.</p> 2.1 2026-02-18T02:26:17 <p>Information published.</p> Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-6395 NULL Pointer Dereference 19552-16823 19631-17084 20134-17086 17479-17084 19552-16823 19631-17084 20134-17086 17479-17084 Moderate 19552-16823 Moderate 19631-17084 Moderate 20134-17086 Moderate 17479-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 19552-16823 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 19631-17084 6.5 6.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U 20134-17086 6.5 6.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U 17479-17084 CBL-Mariner Releases 19552-16823 20134-17086 No Security Update 3.7.11-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19552-16823 20134-17086 CBL-Mariner Releases CBL-Mariner Releases 19631-17084 17479-17084 No Security Update 3.8.3-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19631-17084 17479-17084 CBL-Mariner Releases 2.0 2025-07-25T00:00:00 <p>Added gnutls to CBL-Mariner 2.0 Added gnutls to Azure Linux 3.0</p> 1.0 2025-07-17T00:00:00 <p>Information published.</p> 2.1 2026-02-18T01:13:57 <p>Information published.</p> Integer Truncation on SQLite <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2025-6965 Numeric Truncation Error 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 19582-16823 20296-17084 19759-17086 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 19582-16823 20296-17084 19759-17086 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 Important 19582-16823 Important 20296-17084 Important 19759-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 11929 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 11930 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 11931 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12242 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12243 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19582-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20296-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19759-17086 5073723 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073723 5071544 11568 11569 11571 11572 Yes Security Update 10.0.17763.8276 https://support.microsoft.com/help/5073723 11568 11569 11571 11572 5073723 5073723 https://support.microsoft.com/help/5073723 11568 11569 11571 11572 5073457 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073457 5071547 11923 11924 Yes Security Update 10.0.20348.4648 https://support.microsoft.com/help/5073457 11923 11924 5073457 5073457 https://support.microsoft.com/help/5073457 11923 11924 5073724 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724 5071546 11929 11930 11931 Yes Security Update 10.0.19044.6809 https://support.microsoft.com/help/5073724 11929 11930 11931 5073724 5073724 https://support.microsoft.com/help/5073724 11929 11930 11931 12097 12098 12099 5073724 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073724 5071546 12097 12098 12099 Yes Security Update 10.0.19045.6809 https://support.microsoft.com/help/5073724 12097 12098 12099 5073724 5073379 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379 5072033 12437 12436 Yes Security Update 10.0.26100.32230 https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da 12437 12436 5073379 5073379 https://support.microsoft.com/help/5073379 12437 12436 5074109 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109 5072033 20437 20438 Yes Security Update 10.0.26200.7623 https://support.microsoft.com/help/5074109 20437 20438 5074109 5074109 https://support.microsoft.com/help/5074109 20437 20438 12389 12390 5073455 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073455 5071417 12242 12243 Yes Security Update 10.0.22631.6491 https://support.microsoft.com/help/5073455 12242 12243 5073455 5073455 https://support.microsoft.com/help/5073455 12242 12243 5073450 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073450 5071542 12244 Yes Security Update 10.0.25398.2092 https://support.microsoft.com/help/5073450 12244 5073450 5073450 https://support.microsoft.com/help/5073450 12244 5074109 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074109 5072033 12389 12390 Yes Security Update 10.0.26100.7623 https://support.microsoft.com/help/5074109 12389 12390 5074109 5073722 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073722 5071543 10852 10853 10816 10855 Yes Security Update 10.0.14393.8783 https://support.microsoft.com/help/5073722 10852 10853 10816 10855 5073722 CBL-Mariner Releases 19582-16823 19759-17086 No Security Update 3.39.2-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19582-16823 19759-17086 CBL-Mariner Releases CBL-Mariner Releases 20296-17084 No Security Update 3.44.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20296-17084 CBL-Mariner Releases Anonymous 2.0 2026-03-05T08:00:00 <p>Added Affected Software for Windows packages</p> 1.0 2025-08-14T00:00:00 <p>Information published.</p> 3.0 2026-02-18T01:48:45 <p>Information published.</p> 4.0 2026-04-14T07:00:00 <p>This CVE has been modified to include updated links to the Windows operating systems in the Security Updates table.</p> 5.0 2026-05-12T07:00:00 Gdk‑pixbuf: heap‑buffer‑overflow in gdk‑pixbuf <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-7345 Buffer Copy without Checking Size of Input (&#39;Classic Buffer Overflow&#39;) 19583-16823 19632-17084 18843-17084 19751-17086 19583-16823 19632-17084 18843-17084 19751-17086 Important 19583-16823 Important 19632-17084 Important 18843-17084 Important 19751-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19583-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19632-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18843-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19751-17086 CBL-Mariner Releases 19583-16823 19751-17086 No Security Update 2.40.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19583-16823 19751-17086 CBL-Mariner Releases CBL-Mariner Releases 19632-17084 18843-17084 No Security Update 2.42.10-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19632-17084 18843-17084 CBL-Mariner Releases 1.0 2025-07-16T00:00:00 <p>Information published.</p> 2.0 2025-07-18T00:00:00 <p>Added gdk-pixbuf2 to Azure Linux 3.0 Added gdk-pixbuf2 to CBL-Mariner 2.0</p> 2.1 2026-02-18T15:10:59 <p>Information published.</p> Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-7519 Out-of-bounds Write 19633-17084 20324-17086 19633-17084 20324-17086 Moderate 19633-17084 Moderate 20324-17086 6.7 6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U 19633-17084 6.7 6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U 20324-17086 CBL-Mariner Releases 19633-17084 No Security Update 123-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19633-17084 CBL-Mariner Releases CBL-Mariner Releases 20324-17086 No Security Update 0.119-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20324-17086 CBL-Mariner Releases 1.0 2025-08-06T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:06:32 <p>Information published.</p> GNU Binutils elf.c bfd_elf_set_group_contents out-of-bounds write <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-7546 Out-of-bounds Write 19634-17084 20219-17086 20100-17086 18844-17084 19818-17084 20376-17086 20414-17084 20203-17086 20524-17086 19634-17084 20219-17086 20100-17086 18844-17084 19818-17084 20376-17086 20414-17084 20203-17086 20524-17086 Moderate 19634-17084 20219-17086 Moderate 20100-17086 Moderate 18844-17084 19818-17084 Moderate 20376-17086 Moderate 20414-17084 Moderate 20203-17086 Moderate 20524-17086 5.3 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P 19634-17084 5.3 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P 20219-17086 5.3 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 20100-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 18844-17084 5.3 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P 19818-17084 5.3 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P 20376-17086 5.3 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P 20414-17084 5.3 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P 20203-17086 5.3 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P 20524-17086 CBL-Mariner Releases 19634-17084 No Security Update 2.41-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19634-17084 CBL-Mariner Releases CBL-Mariner Releases 20219-17086 20376-17086 No Security Update 2.37-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20219-17086 20376-17086 CBL-Mariner Releases CBL-Mariner Releases 19818-17084 20414-17084 No Security Update 13.2-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19818-17084 20414-17084 CBL-Mariner Releases CBL-Mariner Releases 20203-17086 20524-17086 No Security Update 11.2-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20203-17086 20524-17086 CBL-Mariner Releases 1.1 2026-02-18T01:55:02 <p>Information published.</p> 1.0 2025-08-06T00:00:00 <p>Information published.</p> iavf: get rid of the crit lock <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38311 19683-17084 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 21308-17084 21332-17084 21344-17084 19683-17084 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 21308-17084 21332-17084 21344-17084 19683-17084 20412-17084 Important 20553-17084 Important 20613-17084 Important 20725-17084 Important 20788-17084 Important 20823-17084 Important 20860-17084 Important 20956-17084 Important 21094-17084 Important 21248-17084 Important 21308-17084 Important 21332-17084 Important 21344-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20823-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20956-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21094-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21248-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21308-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21332-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21344-17084 1.0 2025-09-03T21:51:11 <p>Information published.</p> 2.0 2025-12-07T01:45:31 <p>Information published.</p> 3.0 2026-01-08T14:42:52 <p>Information published.</p> 4.0 2026-01-20T14:37:24 <p>Information published.</p> 6.0 2026-03-04T14:47:00 <p>Information published.</p> 7.0 2026-03-31T14:41:29 <p>Information published.</p> 8.0 2026-04-29T14:59:17 <p>Information published.</p> 10.0 2026-05-11T01:50:09 <p>Information published.</p> 5.0 2026-02-18T15:10:06 <p>Information published.</p> 9.0 2026-05-06T14:51:54 <p>Information published.</p> 11.0 2026-05-17T14:51:20 <p>Information published.</p> drm/msm: Fix another leak in the submit error path <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38409 19683-17084 17087-17086 21093-17086 20412-17084 20925-17086 19683-17084 17087-17086 21093-17086 20412-17084 20925-17086 19683-17084 Moderate 17087-17086 Moderate 21093-17086 Moderate 20412-17084 Moderate 20925-17086 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T22:04:48 <p>Information published.</p> 2.0 2025-12-25T01:02:11 <p>Information published.</p> 4.0 2026-03-31T15:00:30 <p>Information published.</p> 3.0 2026-03-03T14:48:27 <p>Information published.</p> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38395 Out-of-bounds Read 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 Important 17087-17086 Moderate 20412-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 19683-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T23:15:38 <p>Information published.</p> 2.0 2025-12-25T01:01:40 <p>Information published.</p> 3.0 2026-02-24T14:40:47 <p>Information published.</p> drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38467 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 3.0 2026-01-13T01:41:52 <p>Information published.</p> 1.0 2025-09-03T23:18:36 <p>Information published.</p> 2.0 2025-12-24T01:03:58 <p>Information published.</p> drm/amd/display: Don't treat wb connector as physical in create_validate_stream_for_sink <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38098 19683-17084 19683-17084 Moderate 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 19683-17084 No Security Update 6.6.96.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19683-17084 CBL-Mariner Releases 1.1 2026-02-18T01:29:22 <p>Information published.</p> 1.0 2025-09-04T00:15:29 <p>Information published.</p> Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38335 Improper Locking 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-04T00:19:35 <p>Information published.</p> 2.0 2025-12-18T01:01:49 <p>Information published.</p> 3.0 2026-02-24T14:36:37 <p>Information published.</p> comedi: Fix initialization of data for instructions that write to subdevice <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38478 17085-17084 17087-17086 17085-17084 17087-17086 Critical 17085-17084 Moderate 17087-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17085-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-09-04T00:48:20 <p>Information published.</p> 2.0 2025-12-25T01:02:40 <p>Information published.</p> 3.0 2026-01-13T01:42:28 <p>Information published.</p> 3.1 2026-02-21T04:01:36 <p>Information published.</p> net: libwx: remove duplicate page_pool_put_full_page() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38490 17085-17084 17085-17084 Critical 17085-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17085-17084 1.1 2026-02-21T04:04:11 <p>Information published.</p> 1.0 2025-09-04T01:00:10 <p>Information published.</p> net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38468 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 Important 20412-17084 19683-17084 Moderate 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-04T01:07:05 <p>Information published.</p> 2.0 2025-12-24T01:04:03 <p>Information published.</p> 3.0 2026-02-24T14:40:03 <p>Information published.</p> dm: limit swapping tables for devices with zone write plugs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38140 20412-17084 20613-17084 17087-17086 20725-17084 20788-17084 20823-17084 20925-17086 20956-17084 21094-17084 21093-17086 21332-17084 19683-17084 20553-17084 20860-17084 21248-17084 21308-17084 21344-17084 20412-17084 20613-17084 17087-17086 20725-17084 20788-17084 20823-17084 20925-17086 20956-17084 21094-17084 21093-17086 21332-17084 19683-17084 20553-17084 20860-17084 21248-17084 21308-17084 21344-17084 20412-17084 Important 20613-17084 Moderate 17087-17086 Important 20725-17084 Important 20788-17084 Important 20823-17084 Moderate 20925-17086 Important 20956-17084 Important 21094-17084 Moderate 21093-17086 Important 21332-17084 19683-17084 Important 20553-17084 Important 20860-17084 Important 21248-17084 Important 21308-17084 Important 21344-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20956-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21332-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21248-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21308-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21344-17084 2.0 2025-11-22T01:02:02 <p>Information published.</p> 3.0 2025-12-07T01:43:07 <p>Information published.</p> 5.0 2026-01-20T14:51:54 <p>Information published.</p> 6.0 2026-02-18T02:40:00 <p>Information published.</p> 7.0 2026-03-03T14:47:55 <p>Information published.</p> 8.0 2026-03-04T14:46:04 <p>Information published.</p> 10.0 2026-04-29T14:57:32 <p>Information published.</p> 12.0 2026-05-11T01:49:06 <p>Information published.</p> 1.0 2025-09-04T01:41:02 <p>Information published.</p> 4.0 2026-01-08T14:40:48 <p>Information published.</p> 9.0 2026-03-31T14:37:22 <p>Information published.</p> 11.0 2026-05-06T14:50:55 <p>Information published.</p> 13.0 2026-05-17T14:50:05 <p>Information published.</p> usb: net: sierra: check for no status endpoint <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38474 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 4.3 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19683-17084 4.3 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 3.0 2026-02-24T14:40:25 <p>Information published.</p> 1.0 2025-09-04T01:53:52 <p>Information published.</p> 2.0 2025-12-24T01:04:18 <p>Information published.</p> HDF5 H5FSsection.c H5FS__sect_link_size heap-based overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-7069 Heap-based Buffer Overflow 19980-17086 17336-17086 17741-17084 19980-17086 17336-17086 17741-17084 19980-17086 Low 17336-17086 Low 17741-17084 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 19980-17086 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 17336-17086 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 17741-17084 1.0 2025-09-04T01:57:23 <p>Information published.</p> GNU Binutils DWARF Section dwarf.c process_debug_info memory leak <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-8225 Missing Release of Memory after Effective Lifetime 20376-17086 19634-17084 20219-17086 20525-17086 20568-17084 20376-17086 19634-17084 20219-17086 20525-17086 20568-17084 Moderate 20376-17086 Moderate 19634-17084 20219-17086 Moderate 20525-17086 Moderate 20568-17084 4.4 4.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:P 20376-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 19634-17084 4.4 4.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:P 20219-17086 4.4 4.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:P 20525-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20568-17084 CBL-Mariner Releases 20376-17086 20525-17086 No Security Update 2.37-17 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20376-17086 20525-17086 CBL-Mariner Releases CBL-Mariner Releases 19634-17084 No Security Update 2.41-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19634-17084 CBL-Mariner Releases CBL-Mariner Releases 20568-17084 No Security Update 2.41-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20568-17084 CBL-Mariner Releases 1.0 2025-09-04T01:57:24 <p>Information published.</p> Rejected reason: Maintainers have included reasons at https://gitlab.gnome.org/GNOME/libsoup/-/issues/465 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-8197 20379-17086 20190-17084 20186-17086 20379-17086 20190-17084 20186-17086 20379-17086 20190-17084 20186-17086 6.6 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 20379-17086 6.6 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 20190-17084 6.6 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 20186-17086 1.0 2025-09-04T02:10:57 <p>Information published.</p> wifi: ath12k: fix invalid access to memory <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38292 19880-17084 19880-17084 Important 19880-17084 2.0 2026-02-18T15:08:44 <p>Information published.</p> 1.0 2025-09-04T02:08:58 <p>Information published.</p> LibTIFF tiffmedian.c get_histogram use after free <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-8176 Use After Free 19773-17086 20104-17084 20397-17086 19773-17086 20104-17084 20397-17086 19773-17086 Low 20104-17084 Low 20397-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 19773-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 20104-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 20397-17086 CBL-Mariner Releases 19773-17086 20104-17084 No Security Update 4.6.0-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19773-17086 20104-17084 CBL-Mariner Releases CBL-Mariner Releases 20397-17086 No Security Update 4.6.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20397-17086 CBL-Mariner Releases 1.0 2025-09-04T02:22:03 <p>Information published.</p> 1.1 2026-02-21T04:17:29 <p>Information published.</p> The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-53159 Buffer Over-read 19714-17086 19603-17084 20257-17084 18011-17086 19714-17086 19603-17084 20257-17084 18011-17086 19714-17086 Moderate 19603-17084 Moderate 20257-17084 Moderate 18011-17086 4.5 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L 19714-17086 4.5 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L 19603-17084 4.5 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L 20257-17084 4.5 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L 18011-17086 1.0 2025-09-04T03:10:43 <p>Information published.</p> 2.0 2026-02-21T04:23:18 <p>Information published.</p> eventpoll: don't decrement ep refcount while still holding the ep mutex <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38349 Use After Free 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Important 20412-17084 8.4 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 8.4 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T03:09:39 <p>Information published.</p> The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability (involving a username field) that is more difficult to exploit. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-53158 Improper Neutralization of Special Elements used in an OS Command (&#39;OS Command Injection&#39;) 19721-17086 17183-17086 19721-17086 17183-17086 19721-17086 Moderate 17183-17086 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N 19721-17086 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N 17183-17086 CBL-Mariner Releases 19721-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19721-17086 CBL-Mariner Releases 1.0 2025-09-04T03:13:40 <p>Information published.</p> 1.0 2025-09-04T03:13:40 <p>Information published.</p> 2.0 2026-02-21T04:23:43 <p>Information published.</p> pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-45768 Missing Encryption of Sensitive Data 20338-17084 20339-17086 20338-17084 20339-17086 Moderate 20338-17084 Moderate 20339-17086 7.0 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U 20338-17084 7.0 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U 20339-17086 1.0 2025-09-04T03:30:36 <p>Information published.</p> Domain Name Validation Bypass with Apple Native Certificate Validation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner wolfSSL Yes CVE-2025-7395 Improper Certificate Validation 20085-17086 19283-17084 20085-17086 19283-17084 Critical 20085-17086 Critical 19283-17084 CBL-Mariner Releases 20085-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20085-17086 CBL-Mariner Releases 1.0 2025-09-04T03:52:58 <p>Information published.</p> 1.1 2026-02-18T02:21:00 <p>Information published.</p> Usage of unsafe random function in form-data for choosing boundary <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner harborist Yes CVE-2025-7783 Use of Insufficiently Random Values 20124-17086 19712-17086 19693-17084 20124-17086 19712-17086 19693-17084 Critical 20124-17086 Critical 19712-17086 Critical 19693-17084 1.0 2025-09-04T04:02:28 <p>Information published.</p> 1.1 2026-02-18T02:22:31 <p>Information published.</p> NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner nvidia Yes CVE-2025-23266 Untrusted Search Path 20077-17084 20349-17086 20077-17084 20349-17086 Critical 20077-17084 Critical 20349-17086 9.0 9.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 20077-17084 9.0 9.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 20349-17086 CBL-Mariner Releases 20077-17084 20349-17086 No Security Update 1.17.8-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20077-17084 20349-17086 CBL-Mariner Releases 1.1 2026-02-18T02:25:01 <p>Information published.</p> 1.0 2025-09-04T04:21:49 <p>Information published.</p> hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-54566 External Control of Critical State Data 20691-17086 20035-17084 20691-17086 20035-17084 Moderate 20691-17086 Low 20035-17084 4.2 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L 20691-17086 4.2 3.9 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U 20035-17084 1.0 2025-09-04T04:40:47 <p>Information published.</p> 2.0 2025-12-18T01:04:28 <p>Information published.</p> 3.1 2026-02-18T02:28:48 <p>Information published.</p> 3.0 2026-01-13T01:39:48 <p>Information published.</p> drm/i915/gt: Fix timeline left held on VMA alloc error <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38389 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 Moderate 20412-17084 19683-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-04T04:45:13 <p>Information published.</p> 2.0 2025-12-17T01:01:32 <p>Information published.</p> 3.0 2026-02-24T14:36:29 <p>Information published.</p> usb: typec: displayport: Fix potential deadlock <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38404 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T04:49:40 <p>Information published.</p> rose: fix dangling neighbour pointers in rose_rt_device_down() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38377 17085-17084 17087-17086 17085-17084 17087-17086 Important 17085-17084 Important 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 17085-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 1.0 2025-09-04T04:53:15 <p>Information published.</p> 2.0 2025-12-20T01:03:09 <p>Information published.</p> 3.0 2026-01-08T01:39:34 <p>Information published.</p> 3.1 2026-02-18T02:30:44 <p>Information published.</p> platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38412 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 Moderate 17087-17086 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 19683-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T04:58:20 <p>Information published.</p> 2.0 2025-12-25T01:02:21 <p>Information published.</p> 3.0 2026-02-24T14:41:30 <p>Information published.</p> usb: typec: altmodes/displayport: do not index invalid pin_assignments <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38391 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 Moderate 17087-17086 Moderate 20412-17084 5.2 5.2 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.2 5.2 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T05:01:31 <p>Information published.</p> 2.0 2025-12-25T01:01:30 <p>Information published.</p> 3.0 2026-02-24T14:40:32 <p>Information published.</p> raid10: cleanup memleak at raid10_make_request <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38444 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-04T05:11:05 <p>Information published.</p> 2.0 2025-12-24T01:02:58 <p>Information published.</p> 3.0 2026-02-24T14:38:43 <p>Information published.</p> usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38376 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T05:14:38 <p>Information published.</p> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert Mariner Linux Yes CVE-2025-38387 NULL Pointer Dereference 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-12-17T01:01:28 <p>Information published.</p> 2.0 2026-02-24T14:36:22 <p>Information published.</p> dma-buf: insert memory barrier before updating num_fences Mariner Linux Yes CVE-2025-38095 NULL Pointer Dereference 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-12-18T01:01:35 <p>Information published.</p> 2.0 2026-01-13T01:38:39 <p>Information published.</p> drm/v3d: Disable interrupts before resetting the GPU Mariner Linux Yes CVE-2025-38371 NULL Pointer Dereference 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-12-18T01:02:11 <p>Information published.</p> 2.0 2026-01-13T01:38:53 <p>Information published.</p> sch_hfsc: make hfsc_qlen_notify() idempotent Mariner Linux Yes CVE-2025-38177 Incomplete Cleanup 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 2.0 2026-02-24T14:37:21 <p>Information published.</p> 1.0 2025-12-20T01:01:55 <p>Information published.</p> netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() Mariner Linux Yes CVE-2025-38441 Use of Uninitialized Resource 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 2.0 2026-02-24T14:38:28 <p>Information published.</p> 1.0 2025-12-24T01:02:49 <p>Information published.</p> Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() Mariner Linux Yes CVE-2025-38473 NULL Pointer Dereference 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 2.0 2026-02-24T14:40:18 <p>Information published.</p> 1.0 2025-12-24T01:04:14 <p>Information published.</p> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Mariner Linux Yes CVE-2025-38400 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-12-25T01:01:51 <p>Information published.</p> 2.0 2026-02-24T14:41:01 <p>Information published.</p> The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2025-24294 Uncontrolled Resource Consumption 20243-17086 20392-17086 20244-17084 20243-17086 20392-17086 20244-17084 20243-17086 Moderate 20392-17086 Moderate 20244-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20243-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20392-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20244-17084 CBL-Mariner Releases 20243-17086 20392-17086 No Security Update 3.1.7-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20243-17086 20392-17086 CBL-Mariner Releases CBL-Mariner Releases 20244-17084 No Security Update 3.3.5-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20244-17084 CBL-Mariner Releases 1.1 2026-02-18T01:22:14 <p>Information published.</p> 1.0 2025-09-03T23:24:27 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p>Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain kernel memory content.</p> Windows Kernel Microsoft Yes CVE-2025-26636 Processor Optimization Removal or Modification of Security-critical Code 12437 12389 12436 Information Disclosure 12437 Information Disclosure 12389 Information Disclosure 12436 Important 12437 Important 12389 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12436 Windows Kernel, Virtualization &amp; Security Team 1.0 2025-07-08T07:00:00 <p>Information published.</p> Remote Desktop Spoofing Vulnerability <p>Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must trick the user into interacting with a spoofed WebAuthn prompt and entering their credentials.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> Remote Desktop Client Microsoft Yes CVE-2025-33054 Insufficient UI Warning of Dangerous Operations 12085 12086 12437 12242 12243 12389 12390 12436 Spoofing 12085 Spoofing 12086 Spoofing 12437 Spoofing 12242 Spoofing 12243 Spoofing 12389 Spoofing 12390 Spoofing 12436 Important 12085 Important 12086 Important 12437 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 Philemon Orphee Favrod with Microsoft Josh Watson with Microsoft Ray Reskusich with Microsoft Gus Catalano with Microsoft 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability <p>Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Virtualization-Based Security (VBS) Enclave Microsoft Yes CVE-2025-47159 Protection Mechanism Failure 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Azure Service Fabric Runtime Elevation of Privilege Vulnerability <p>Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.</p> <p><strong>How can I update my Service Fabric Cluster to the latest version?</strong></p> <p>If you have automatic updates, no action is needed. However, for those who choose to manually update, please refer to <a href="https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-upgrade-version-azure#manual-upgrades-with-azure-portal">Manage Service Fabric cluster upgrades</a> for instructions on how to update your Service Fabric Cluster.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), but could lead to major loss on integrity (I:H) and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to have access to the location where the target file will be run. They would then need to plant a specific file that would be used as part of the exploitation.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Successful exploitation of this vulnerability requires an administrator to install the bootstrapping agent on the target device where an attacker has planted specially crafted malicious files.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Service Fabric Microsoft Yes CVE-2025-21195 Improper Link Resolution Before File Access ('Link Following') 11743 Elevation of Privilege 11743 Important 11743 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.0 5.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11743 Release Notes https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-versions?tabs=windows#listed-versions 11743 Maybe Security Update 10.1 Cumulative Update 7.0 https://github.com/microsoft/service-fabric/blob/master/release_notes/Service_Fabric_ReleaseNotes_101CU7.md 11743 Release Notes <a href="https://twitter.com/crispr56338851">BochengXiang(@Crispr)</a> with <a href="https://secsys.fudan.edu.cn/">FDU</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability <p>Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p> <p>An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Virtual Hard Disk (VHDX) Microsoft Yes CVE-2025-47971 Buffer Over-read 11924 12086 11923 12085 12097 12098 11572 11568 11571 11931 11569 11929 12099 11930 12437 12242 12243 12390 12389 12244 12436 10853 10855 9318 10049 10379 10729 10483 10051 10287 9312 10378 9344 10543 10852 10816 10735 Elevation of Privilege 11924 Elevation of Privilege 12086 Elevation of Privilege 11923 Elevation of Privilege 12085 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 11572 Elevation of Privilege 11568 Elevation of Privilege 11571 Elevation of Privilege 11931 Elevation of Privilege 11569 Elevation of Privilege 11929 Elevation of Privilege 12099 Elevation of Privilege 11930 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12390 Elevation of Privilege 12389 Elevation of Privilege 12244 Elevation of Privilege 12436 Elevation of Privilege 10853 Elevation of Privilege 10855 Elevation of Privilege 9318 Elevation of Privilege 10049 Elevation of Privilege 10379 Elevation of Privilege 10729 Elevation of Privilege 10483 Elevation of Privilege 10051 Elevation of Privilege 10287 Elevation of Privilege 9312 Elevation of Privilege 10378 Elevation of Privilege 9344 Elevation of Privilege 10543 Elevation of Privilege 10852 Elevation of Privilege 10816 Elevation of Privilege 10735 Important 11924 Important 12086 Important 11923 Important 12085 Important 12097 Important 12098 Important 11572 Important 11568 Important 11571 Important 11931 Important 11569 Important 11929 Important 12099 Important 11930 Important 12437 Important 12242 Important 12243 Important 12390 Important 12389 Important 12244 Important 12436 Important 10853 Important 10855 Important 9318 Important 10049 Important 10379 Important 10729 Important 10483 Important 10051 Important 10287 Important 9312 Important 10378 Important 9344 Important 10543 Important 10852 Important 10816 Important 10735 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12086 12085 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12086 12085 5062552 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062554 https://support.microsoft.com/help/5062554 12097 12098 11931 11929 12099 11930 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11572 11568 11571 11569 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11572 11568 11571 11569 5062557 5062557 https://support.microsoft.com/help/5062557 11572 11568 11571 11569 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11931 11929 11930 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11931 11929 11930 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12390 12389 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12390 12389 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12390 12389 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10853 10855 10852 10816 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10853 10855 10852 10816 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9318 10287 9312 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9318 10287 9312 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9318 10287 9312 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9318 10287 9312 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9318 10287 9312 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9318 10287 9312 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10049 10051 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10049 10051 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10049 10051 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10049 10051 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10379 10378 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10379 10378 5062592 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Donghyeon Oh JONGHOI KIM 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Input Method Editor (IME) Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker must send the user a malicious file and convince the user to open it.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, successful exploitation of this vulnerability could allow an attacker to perform remote code execution resulting in a Sandbox escape in the imebroker COM (Component Object Model) object.</p> Microsoft Input Method Editor (IME) Microsoft Yes CVE-2025-47972 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 Pwnforr777 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability <p>Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows SSDP Service Microsoft Yes CVE-2025-47976 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows GDI Information Disclosure Vulnerability <p>Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p> Windows GDI Microsoft Yes CVE-2025-47984 Protection Mechanism Failure 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 <a href="https://x.com/gaborseljan">G&#225;bor Selj&#225;n</a> with <a href="https://research.checkpoint.com/">Check Point Research</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Event Tracing Elevation of Privilege Vulnerability <p>Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Event Tracing Microsoft Yes CVE-2025-47985 Untrusted Pointer Dereference 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 <a href="https://x.com/cplearns2h4ck">Chen Le Qi (@cplearns2h4ck)</a> with <a href="https://starlabs.sg/">STAR Labs SG Pte. Ltd.</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Universal Print Management Service Elevation of Privilege Vulnerability <p>Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker could send a specially crafted file to a shared printer. This could result in arbitrary code execution on the system that is sharing the printer.</p> Universal Print Management Service Microsoft Yes CVE-2025-47986 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 R4nger with CyberKunLun &amp; Zhiniang Peng with HUST 1.0 2025-07-08T07:00:00 <p>Information published.</p> Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Cred SSProvider Protocol Microsoft Yes CVE-2025-47987 Heap-based Buffer Overflow Integer Overflow or Wraparound 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Anonymous <a href="https://bsky.app/profile/hexnomad.bsky.social">Erik Egsgard</a> with <a href="https://fieldeffect.com/">Field Effect</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-48824 Heap-based Buffer Overflow 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-49657 Heap-based Buffer Overflow Out-of-bounds Read 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure Vulnerability <p>Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of stack memory.</p> Windows TDX.sys Microsoft Yes CVE-2025-49658 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p>Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2025-49661 Untrusted Pointer Dereference 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Fraunhofer FKIE CA&amp;D Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-49670 Heap-based Buffer Overflow 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-49671 Exposure of Sensitive Information to an Unauthorized Actor Out-of-bounds Read 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-49672 Heap-based Buffer Overflow 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-49674 Heap-based Buffer Overflow 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-49676 Heap-based Buffer Overflow 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Anonymous Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft Brokering File System Elevation of Privilege Vulnerability <p>Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Brokering File System Microsoft Yes CVE-2025-49677 Use After Free 12085 12086 Elevation of Privilege 12085 Elevation of Privilege 12086 Important 12085 Important 12086 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 ChenJian with <a href="https://www.sea.com/security">Sea Security Orca Team</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows TCP/IP Driver Elevation of Privilege Vulnerability <p>Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows TCP/IP Microsoft Yes CVE-2025-49686 NULL Pointer Dereference 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Marat Gayanov with <a href="https://global.ptsecurity.com/">Positive Technologies</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Input Method Editor (IME) Elevation of Privilege Vulnerability <p>Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained (&quot;sandboxed&quot;) execution environment to a Medium Integrity Level or a High Integrity Level.</p> <p>Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> Microsoft Input Method Editor (IME) Microsoft Yes CVE-2025-49687 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 R4nger with CyberKunLun &amp; Zhiniang Peng with HUST 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-49688 Double Free 11571 11572 11923 11924 12437 12244 12436 10816 10855 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10816 10855 5062560 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability <p>Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p> <p>An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Virtual Hard Disk (VHDX) Microsoft Yes CVE-2025-49689 Integer Overflow or Wraparound Out-of-bounds Read Untrusted Pointer Dereference 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 <a href="https://x.com/immortalp0ny">Sergey Tarasov</a> with <a href="https://global.ptsecurity.com/">Positive Technologies</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> 1.1 2025-07-09T07:00:00 <p>Updated acknowledgment. This is an informational change only.</p> Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Capability Access Management Service (camsvc) Microsoft Yes CVE-2025-49690 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Double Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 R4nger with CyberKunLun &amp; Zhiniang Peng with HUST Pwnforr777 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Miracast Wireless Display Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could project to a vulnerable system on the same wireless network that was configured to allow &quot;Projecting to this PC&quot; and marked as &quot;Available Everywhere&quot;. This is not a default configuration.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> Windows Media Microsoft Yes CVE-2025-49691 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 Marin Duroyon 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft Brokering File System Elevation of Privilege Vulnerability <p>Null pointer dereference in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Brokering File System Microsoft Yes CVE-2025-49694 NULL Pointer Dereference 12437 12244 12389 12390 12436 Elevation of Privilege 12437 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 12437 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 hazard 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Input Method Editor (IME) Elevation of Privilege Vulnerability <p>Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, successful exploitation of this vulnerability could allow an attacker to perform remote code execution resulting in a Sandbox escape in the imebroker COM (Component Object Model) object.</p> Microsoft Input Method Editor (IME) Microsoft Yes CVE-2025-47991 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 R4nger with CyberKunLun &amp; Zhiniang Peng with HUST 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft PC Manager Elevation of Privilege Vulnerability <p>Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft PC Manager Microsoft Yes CVE-2025-47993 Improper Access Control 12437 12244 12389 12390 12436 Elevation of Privilege 12437 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 12437 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 Filip Dragovic (@filip_dragovic) working with Trend Zero Day Initiative Filip Dragovic (@filip_dragovic) working with Trend Zero Day Initiative 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft Office Elevation of Privilege Vulnerability <p>Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker can successfully exploit this vulnerability by escaping the Protected View sandbox and running code at Standard User privileges.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). How could an attacker exploit this elevation of privilege vulnerability?</strong></p> <p>This attack involves a compromised Protected View Sandbox sending crafted messages to its trusted user process. This causes the user process to execute arbitrary code originating from the sandbox at higher privileges.</p> Microsoft Office Microsoft Yes CVE-2025-47994 Deserialization of Untrusted Data 11573 11574 11762 11763 11952 11953 12420 12421 10753 10754 Elevation of Privilege 11573 Elevation of Privilege 11574 Elevation of Privilege 11762 Elevation of Privilege 11763 Elevation of Privilege 11952 Elevation of Privilege 11953 Elevation of Privilege 12420 Elevation of Privilege 12421 Elevation of Privilege 10753 Elevation of Privilege 10754 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 12420 Important 12421 Important 10753 Important 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002742 https://www.microsoft.com/en-us/download/details.aspx?id=108252 5002730 10753 10754 Maybe Security Update 16.0.5508.1001 https://support.microsoft.com/help/5002742 10753 10754 5002742 Ben Faull with Microsoft 1.0 2025-07-08T07:00:00 <p>Information published.</p> AMD: CVE-2024-36357 Transient Scheduler Attack in L1 Data Queue <p>The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability.</p> <p>Please see the following for more information:</p> <ul> <li><a href="https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html">AMD-SB-7029</a></li> </ul> <p><strong>Why is this AMD CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability.</p> <p>Please see the following for more information:</p> <ul> <li><a href="https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html">AMD-SB-7029</a></li> </ul> AMD L1 Data Queue AMD Yes CVE-2024-36357 11568 11569 11571 11572 11923 11924 11929 11931 12086 12097 12099 12437 12243 12244 12390 12436 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11931 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11931 Critical 12086 Critical 12097 Critical 12099 Critical 12437 Critical 12243 Critical 12244 Critical 12390 Critical 12436 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11931 12097 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, and Stavros Volos from Microsoft and Flavien Solt from ETH Zurich 1.0 2025-07-08T07:00:00 <p>Information published.</p> 1.1 2025-07-23T07:00:00 <p>Corrected CVE number. This is an informational change only.</p> AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue <p>The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability.</p> <p>Please see the following for more information:</p> <ul> <li><a href="https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html">AMD-SB-7029</a></li> </ul> <p><strong>Why is this AMD CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability.</p> <p>Please see the following for more information:</p> <ul> <li><a href="https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html">AMD-SB-7029</a></li> </ul> AMD Store Queue AMD Yes CVE-2024-36350 11568 11569 11571 11572 11923 11924 11929 11931 12086 12097 12099 12437 12243 12244 12390 12436 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11931 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11931 Critical 12086 Critical 12097 Critical 12099 Critical 12437 Critical 12243 Critical 12244 Critical 12390 Critical 12436 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11931 12097 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, and Stavros Volos from Microsoft and Flavien Solt from ETH Zurich 1.0 2025-07-08T07:00:00 <p>Information published.</p> 1.1 2025-07-16T07:00:00 <p>Corrected CVE number. This is an informational change only.</p> Microsoft Excel Information Disclosure Vulnerability <p>Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> Microsoft Office Excel Microsoft Yes CVE-2025-48812 Out-of-bounds Read 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Information Disclosure 10836 Information Disclosure 11573 Information Disclosure 11574 Information Disclosure 11762 Information Disclosure 11763 Information Disclosure 11951 Information Disclosure 11952 Information Disclosure 11953 Information Disclosure 12420 Information Disclosure 12421 Information Disclosure 12440 Information Disclosure 10739 Information Disclosure 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10836 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11573 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11574 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11762 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11763 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11951 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11952 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11953 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12420 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12421 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12440 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10739 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10740 5002740 https://www.microsoft.com/en-us/download/details.aspx?id=108260 5002728 10836 Maybe Security Update 16.0.10417.20027 https://support.microsoft.com/help/5002740 10836 5002740 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Maybe Security Update 16.99.25071321 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Release Notes Release Notes 12440 Maybe Security Update 16.99.25071321 https://go.microsoft.com/fwlink/p/?linkid=831049 12440 Release Notes 5002749 https://www.microsoft.com/en-us/download/details.aspx?id=108250 5002735 10739 10740 Maybe Security Update 16.0.5508.1001 https://support.microsoft.com/help/5002749 10739 10740 5002749 5002734 https://www.microsoft.com/en-us/download/details.aspx?id=108251 5002716 10739 10740 Maybe Security Update 16.0.5508.1001 https://support.microsoft.com/help/5002734 10739 10740 5002734 Wh1tc with Kunlun Lab & Zhiniang Peng with HUST cdbb6164ddfda2b210fd348442322115 1.0 2025-07-08T07:00:00 <p>Information published.</p> 2.0 2025-07-15T07:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2025-49711 Use After Free 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002740 https://www.microsoft.com/en-us/download/details.aspx?id=108260 5002728 10836 Maybe Security Update 16.0.10417.20027 https://support.microsoft.com/help/5002740 10836 5002740 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Maybe Security Update 16.99.25071321 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Release Notes Release Notes 12440 Maybe Security Update 16.99.25071321 https://go.microsoft.com/fwlink/p/?linkid=831049 12440 Release Notes 5002749 https://www.microsoft.com/en-us/download/details.aspx?id=108250 5002735 10739 10740 Maybe Security Update 16.0.5508.1001 https://support.microsoft.com/help/5002749 10739 10740 5002749 <a href="https://twitter.com/edwardzpeng">wh1tc with Kunlun Lab &amp; Zhiniang Peng</a> with HUST 1.0 2025-07-08T07:00:00 <p>Information published.</p> 2.0 2025-07-15T07:00:00 <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> Windows Netlogon Denial of Service Vulnerability <p>Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.</p> <p><strong>What actions do I need to take to be protected from this vulnerability?</strong></p> <p>To mitigate this vulnerability, a code change was made in the July 2025 Windows Security Updates for all other Server platforms from Windows Server 2008 SP2 to Windows Server 2022, inclusive.</p> <p>After this change, some file and print service software can be affected, including Samba. Samba has released an update to accommodate this change. See <a href="http://https://www.samba.org/samba/history/samba-4.22.3.html">Samba 4.22.3 - Release Notes</a> for more information.</p> <p>To accommodate scenarios where affected third party software cannot be updated, we released additional configuration capability in the August 2025 Windows Security Update.</p> <p>For more information about the releases and the new modes visit: <a href="https://support.microsoft.com/en-us/topic/kb5066014-netlogon-rpc-hardening-cve-2025-49716-38a0bc06-507c-47d4-be0f-ca1acab02c68">https://support.microsoft.com/en-us/topic/kb5066014-netlogon-rpc-hardening-cve-2025-49716-38a0bc06-507c-47d4-be0f-ca1acab02c68</a></p> Windows Netlogon Microsoft Yes CVE-2025-49716 Uncontrolled Resource Consumption 11571 11572 11923 11924 12244 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 12244 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Or Yair <a href="https://www.linkedin.com/in/or-yair">Or Yair</a> with <a href="https://www.safebreach.com/">SafeBreach</a> Shahak Morag <a href="https://www.linkedin.com/in/shahak-morag-6bb51b142/">Shahak Morag</a> with <a href="https://www.safebreach.com/">SafeBreach</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> 1.1 2025-08-18T07:00:00 <p>Updated first FAQ to state that CVE-2020-0674 has now been issued to address this vulnerability. This is an informational change only.</p> Microsoft SQL Server Remote Code Execution Vulnerability <p>Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Version</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5058721</td> <td>Security update for SQL Server 2022 CU19+GDR</td> <td>16.0.4200.1</td> <td>16.0.4003.1 - 16.0.4195.2</td> <td>KB 5054531 - SQL2022 RTM CU19</td> </tr> <tr> <td>5058712</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1140.6</td> <td>16.0.1000.6 - 16.0.1135.2</td> <td>KB 5054833 - SQL2019 RTM CU32</td> </tr> <tr> <td>5058722</td> <td>Security update for SQL Server 2019 CU32+GDR</td> <td>15.0.4435.7</td> <td>15.0.4003.23 - 15.0.4430.1</td> <td>KB 5046365 - SQL2019 RTM CU29</td> </tr> <tr> <td>5058713</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2135.5</td> <td>15.0.2000.5 - 15.0.2130.3</td> <td>KB 5046859 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5058714</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3495.9</td> <td>14.0.3006.16 - 14.0.3490.10</td> <td>KB 5050533 - Previous SQL2017 RTM CU31 GDR</td> </tr> <tr> <td>5058716</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.2075.8</td> <td>14.0.1000.169 - 14.0.2070.1</td> <td>KB 5046857 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5058717</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7055.9</td> <td>13.0.7000.253 - 13.0.7050.2</td> <td>KB 5046856 - Previous SQL2016 Azure Connect Feature Pack GDR</td> </tr> <tr> <td>5058718</td> <td>Security update for SQL Server 2016 SP3 RTM+GDR</td> <td>13.0.6460.7</td> <td>13.0.6300.2 - 13.0.6455.2</td> <td>KB 5046855 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker would need to run a specially crafted query against a vulnerable SQL Server.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow an attacker to escape the context of the SQL server and execute code on the host.</p> SQL Server Microsoft Yes CVE-2025-49717 Heap-based Buffer Overflow 11821 12147 16785 16784 Remote Code Execution 11821 Remote Code Execution 12147 Remote Code Execution 16785 Remote Code Execution 16784 Important 11821 Important 12147 Important 16785 Important 16784 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.5 7.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.5 7.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.5 7.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 16785 8.5 7.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 16784 5058713 https://www.microsoft.com/download/details.aspx?id=108274 5046859 11821 Maybe Security Update 15.0.2135.5 https://support.microsoft.com/help/5058713 11821 5058713 5058712 https://www.microsoft.com/download/details.aspx?id=108269 5046861 12147 Maybe Security Update 16.0.1140.6 https://support.microsoft.com/help/5058712 12147 5058712 5058722 https://www.microsoft.com/download/details.aspx?id=108270 5054833 16785 Maybe 15.0.4435.7 https://support.microsoft.com/help/5058722 16785 5058722 5058721 https://www.microsoft.com/download/details.aspx?id=108268 5054531 16784 Maybe Security Update 16.0.4200.1 https://support.microsoft.com/help/5058721 16784 5058721 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> 1.2 2025-07-11T07:00:00 <p>Updated the severity of the products in the Security Updates table. This is an informational change only.</p> 1.1 2025-07-10T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> 1.3 2025-08-20T07:00:00 <p>Updated product information in the Software Update table. This is an informational change only.</p> GitHub: CVE-2025-27613 Gitk Arguments Vulnerability <p><a href="https://www.cve.org/CVERecord?id=CVE-2025-27613">CVE-2025-27613</a> is regarding a vulnerability in Gitk where when a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option &quot;Support per-file encoding&quot; must have been enabled. The operation &quot;Show origin of this line&quot; is affected as well, regardless of the option being enabled or not. GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in GitK which address this vulnerability.</p> <p>Please see <a href="https://www.cve.org/CVERecord?id=CVE-2025-27613">CVE-2025-27613</a> for more information.</p> Visual Studio Github Yes CVE-2025-27613 12271 12322 12459 16767 11935 11600 12271 12322 12459 16767 11935 11600 12271 12322 12459 16767 11935 11600 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.23 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 12459 Maybe Security Update 17.12.10 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12459 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.14 16767 Maybe Security Update 17.14.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 16767 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.49 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.75 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes 1.0 2025-07-08T07:00:00 <p>Information published.</p> 1.1 2025-08-22T07:00:00 <p>Corrected the CVE Numbering Authority (CNA). This is an informational change only.</p> GitHub: CVE-2025-27614 Gitk Arbitrary Code Execution Vulnerability <p><a href="https://www.cve.org/CVERecord?id=CVE-2025-27614">CVE-2025-27614</a> is regarding a vulnerability in Gitk where a Git repository can be crafted in such a way that a user who has cloned the repository can be tricked into running any script supplied by the attacker by invoking <code>gitk filename</code>, where <code>filename</code> has a particular structure. GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in GitK which address this vulnerability.</p> <p>Please see <a href="https://www.cve.org/CVERecord?id=CVE-2025-27614">CVE-2025-27614</a> for more information.</p> Visual Studio GitHub Yes CVE-2025-27614 12271 12322 12459 16767 11935 11600 12271 12322 12459 16767 11935 11600 12271 12322 12459 16767 11935 11600 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.23 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 12459 Maybe Security Update 17.12.10 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12459 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.14 16767 Maybe Security Update 17.14.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 16767 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.49 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.75 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes 1.0 2025-07-08T07:00:00 <p>Information published.</p> 1.1 2025-08-22T07:00:00 <p>Corrected the CVE Numbering Authority (CNA). This is an informational change only.</p> GitHub: CVE-2025-46334 Git Malicious Shell Vulnerability <p><a href="https://www.cve.org/CVERecord?id=CVE-2025-46334">CVE-2025-46334</a> is regarding a vulnerability in Git GUI (Windows only) where a malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. On Windows, path lookup can find such executables in the worktree. These programs are invoked when the user selects &quot;Git Bash&quot; or &quot;Browse Files&quot; from the menu. GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in GitK which address this vulnerability.</p> <p>Please see <a href="https://www.cve.org/CVERecord?id=CVE-2025-46334">CVE-2025-46334</a> for more information.</p> Visual Studio GitHub Yes CVE-2025-46334 12271 12322 12459 16767 11935 11600 12271 12322 12459 16767 11935 11600 12271 12322 12459 16767 11935 11600 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.23 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 12459 Maybe Security Update 17.12.10 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12459 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.14 16767 Maybe Security Update 17.14.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 16767 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.49 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.75 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes 1.0 2025-07-08T07:00:00 <p>Information published.</p> 1.1 2025-08-22T07:00:00 <p>Corrected the CVE Numbering Authority (CNA). This is an informational change only.</p> GitHub: CVE-2025-46835 Git File Overwrite Vulnerability <p><a href="https://www.cve.org/CVERecord?id=CVE-2025-46835">CVE-2025-46835</a> is regarding a vulnerability in Git GUI where when a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite any writable file. GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in GitK which address this vulnerability.</p> <p>Please see <a href="https://www.cve.org/CVERecord?id=CVE-2025-46835">CVE-2025-46835</a> for more information.</p> Visual Studio GitHub Yes CVE-2025-46835 12271 12322 12459 16767 11935 11600 12271 12322 12459 16767 11935 11600 12271 12322 12459 16767 11935 11600 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.23 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 12459 Maybe Security Update 17.12.10 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12459 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.14 16767 Maybe Security Update 17.14.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 16767 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.49 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.75 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes 1.0 2025-07-08T07:00:00 <p>Information published.</p> 1.1 2025-08-22T07:00:00 <p>Corrected the CVE Numbering Authority (CNA). This is an informational change only.</p> GitHub: CVE-2025-48384 Git Symlink Vulnerability <p><a href="https://www.cve.org/CVERecord?id=CVE-2025-48384">CVE-2025-48384</a> is regarding a vulnerability in Git where when reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in Git which address this vulnerability.</p> <p>Please see <a href="https://www.cve.org/CVERecord?id=CVE-2025-48384">CVE-2025-48384</a> for more information.</p> Visual Studio MITRE Yes CVE-2025-48384 12271 12322 12459 16767 11935 11600 12271 12322 12459 16767 11935 11600 12271 12322 12459 16767 11935 11600 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.23 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 12459 Maybe Security Update 17.12.10 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12459 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.14 16767 Maybe Security Update 17.14.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 16767 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.49 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.75 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes 1.0 2025-07-08T07:00:00 <p>Information published.</p> 1.1 2025-08-22T07:00:00 <p>Corrected the CVE Numbering Authority (CNA). This is an informational change only.</p> GitHub: CVE-2025-48385 Git Protocol Injection Vulnerability <p><a href="https://www.cve.org/CVERecord?id=CVE-2025-48385">CVE-2025-48385</a> is regarding a vulnerability in Git where when cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.</p> <p>This protocol injection can cause the client to write the fetched bundle to a location controlled by the adversary. The fetched content is fully controlled by the server, which can in the worst case lead to arbitrary code execution.</p> <p>GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in Git which address this vulnerability. Please see <a href="https://www.cve.org/CVERecord?id=CVE-2025-48385">CVE-2025-48385</a> for more information.</p> Visual Studio GitHub Yes CVE-2025-48385 12271 12459 16767 11935 12322 12271 12459 16767 11935 12322 12271 12459 16767 11935 12322 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.23 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 12459 Maybe Security Update 17.12.10 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12459 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.14 16767 Maybe Security Update 17.14.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 16767 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.49 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes 1.0 2025-07-08T07:00:00 <p>Information published.</p> 1.1 2025-08-22T07:00:00 <p>Corrected the CVE Numbering Authority (CNA). This is an informational change only.</p> GitHub: CVE-2025-48386 Git Credential Helper Vulnerability <p><a href="https://www.cve.org/CVERecord?id=CVE-2025-48386">CVE-2025-48386</a> is regarding a vulnerability in Git where the wincred credential helper uses a static buffer (<code>target</code>) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with <code>wcsncat()</code>, leading to potential buffer overflows. GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in Git which address this vulnerability.</p> <p>Please see <a href="https://www.cve.org/CVERecord?id=CVE-2025-48386">CVE-2025-48386</a> for more information.</p> Visual Studio GitHub Yes CVE-2025-48386 12322 16767 11935 11600 12271 12459 12322 16767 11935 11600 12271 12459 12322 16767 11935 11600 12271 12459 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.14 16767 Maybe Security Update 17.14.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 16767 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.49 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.75 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.23 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 12459 Maybe Security Update 17.12.10 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12459 Release Notes 1.0 2025-07-08T07:00:00 <p>Information published.</p> 1.1 2025-08-22T07:00:00 <p>Corrected the CVE Numbering Authority (CNA). This is an informational change only.</p> Microsoft SQL Server Information Disclosure Vulnerability <p>Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Version</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5058721</td> <td>Security update for SQL Server 2022 CU19+GDR</td> <td>16.0.4200.1</td> <td>16.0.4003.1 - 16.0.4195.2</td> <td>KB 5054531 - SQL2022 RTM CU19</td> </tr> <tr> <td>5058712</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1140.6</td> <td>16.0.1000.6 - 16.0.1135.2</td> <td>KB 5054833 - SQL2019 RTM CU32</td> </tr> <tr> <td>5058722</td> <td>Security update for SQL Server 2019 CU32+GDR</td> <td>15.0.4435.7</td> <td>15.0.4003.23 - 15.0.4430.1</td> <td>KB 5046365 - SQL2019 RTM CU29</td> </tr> <tr> <td>5058713</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2135.5</td> <td>15.0.2000.5 - 15.0.2130.3</td> <td>KB 5046859 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5058714</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3495.9</td> <td>14.0.3006.16 - 14.0.3490.10</td> <td>KB 5050533 - Previous SQL2017 RTM CU31 GDR</td> </tr> <tr> <td>5058716</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.2075.8</td> <td>14.0.1000.169 - 14.0.2070.1</td> <td>KB 5046857 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5058717</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7055.9</td> <td>13.0.7000.253 - 13.0.7050.2</td> <td>KB 5046856 - Previous SQL2016 Azure Connect Feature Pack GDR</td> </tr> <tr> <td>5058718</td> <td>Security update for SQL Server 2016 SP3 RTM+GDR</td> <td>13.0.6460.7</td> <td>13.0.6300.2 - 13.0.6455.2</td> <td>KB 5046855 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p> SQL Server Microsoft Yes CVE-2025-49719 Improper Input Validation 11478 11555 11821 12053 12145 12147 16785 16784 Information Disclosure 11478 Information Disclosure 11555 Information Disclosure 11821 Information Disclosure 12053 Information Disclosure 12145 Information Disclosure 12147 Information Disclosure 16785 Information Disclosure 16784 Important 11478 Important 11555 Important 11821 Important 12053 Important 12145 Important 12147 Important 16785 Important 16784 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11478 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11555 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11821 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12053 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12145 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12147 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 16785 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 16784 5058716 https://www.microsoft.com/download/details.aspx?id=108271 5046857 11478 Maybe Security Update 14.0.2075.8 https://support.microsoft.com/help/5058716 11478 5058716 5058718 https://www.microsoft.com/download/details.aspx?id=108275 5046855 11555 Maybe Security Update 13.0.6460.7 https://support.microsoft.com/help/5058718 11555 5058718 5058713 https://www.microsoft.com/download/details.aspx?id=108274 5046859 11821 Maybe Security Update 15.0.2135.5 https://support.microsoft.com/help/5058713 11821 5058713 5058717 https://www.microsoft.com/download/details.aspx?id=108273 5046856 12053 Maybe Security Update 13.0.7055.9 https://support.microsoft.com/help/5058717 12053 5058717 5058714 https://www.microsoft.com/download/details.aspx?id=108272 5050533 12145 Maybe Security Update 14.0.3495.9 https://support.microsoft.com/help/5058714 12145 5058714 5058712 https://www.microsoft.com/download/details.aspx?id=108269 5046861 12147 Maybe Security Update 16.0.1140.6 https://support.microsoft.com/help/5058712 12147 5058712 5058722 https://www.microsoft.com/download/details.aspx?id=108270 5054833 16785 Maybe 15.0.4435.7 https://support.microsoft.com/help/5058722 16785 5058722 5058721 https://www.microsoft.com/download/details.aspx?id=108268 5054531 16784 Maybe Security Update 16.0.4200.1 https://support.microsoft.com/help/5058721 16784 5058721 Vladimir Aleksic with Microsoft 1.0 2025-07-08T07:00:00 <p>Information published.</p> 1.1 2025-07-10T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> 1.2 2025-08-03T07:00:00 <p>Updated product information in the Software Update table. This is an informational change only.</p> Windows Fast FAT File System Driver Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p> <p>An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Fast FAT Driver Microsoft Yes CVE-2025-49721 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 <a href="https://twitter.com/kkokkokye">JeongOh Kyea</a> with <a href="https://theori.io/">THEORI</a> <a href="https://x.com/kaligulasec">Kaligula Armblessed (@KaligulaSec)</a> with <a href="https://starlabs.sg/">STAR Labs SG Pte. Ltd.</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows StateRepository API Server file Tampering Vulnerability <p>Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by leveraging a function that lacks proper privilege checks to delete items in a specific table. This allows the attacker to escape the sandbox and delete entries belonging to other users.</p> Windows StateRepository API Microsoft Yes CVE-2025-49723 Missing Authorization 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Tampering 11568 Tampering 11569 Tampering 11571 Tampering 11572 Tampering 11923 Tampering 11924 Tampering 11929 Tampering 11930 Tampering 11931 Tampering 12085 Tampering 12086 Tampering 12097 Tampering 12098 Tampering 12099 Tampering 12437 Tampering 12242 Tampering 12243 Tampering 12244 Tampering 12389 Tampering 12390 Tampering 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 R4nger with CyberKunLun &amp; Zhiniang Peng with HUST 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Notification Elevation of Privilege Vulnerability <p>Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user.</p> Windows Notification Microsoft Yes CVE-2025-49726 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 Zhiniang Peng with HUST &amp; R4nger with CyberKunLun 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft Teams Elevation of Privilege Vulnerability <p>Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> Microsoft Teams Microsoft Yes CVE-2025-49731 Improper Handling of Insufficient Permissions or Privileges 12007 11858 12182 Elevation of Privilege 12007 Elevation of Privilege 11858 Elevation of Privilege 12182 Important 12007 Important 11858 Important 12182 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12007 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11858 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12182 Release Notes https://play.google.com/store/apps/details?id=com.microsoft.teams 12007 Maybe Security Update 1.0.0.2025112902 https://play.google.com/store/apps/details?id=com.microsoft.teams 12007 Release Notes Release Notes https://apps.apple.com/us/app/microsoft-teams/id1113153706 11858 Maybe Security Update 7.10.1 (100772025102901) https://apps.apple.com/us/app/microsoft-teams/id1113153706 11858 Release Notes Release Notes https://docs.microsoft.com/en-us/microsoftteams/teams-client-update 12182 Maybe Security Update 25060212643 https://docs.microsoft.com/en-us/microsoftteams/teams-client-update 12182 Release Notes <a href="https://www.linkedin.com/in/mohammedalqi/">Muhammad Alqi Fahrezi</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability <p>Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.</p> <p><strong>Are all Windows Servers affected by this vulnerability?</strong></p> <p>This vulnerability only affects Windows Servers that are configured as a <a href="https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-kkdcp/5bcebb8d-b747-4ee5-9453-428aec1c5c38">[MS-KKDCP]: Kerberos Key Distribution Center (KDC) Proxy Protocol</a> server. Domain controllers are not affected.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could use a specially crafted application to leverage a cryptographic protocol vulnerability in Kerberos Key Distribution Center Proxy Service to perform remote code execution against the target.</p> Windows KDC Proxy Service (KPSSVC) Microsoft Yes CVE-2025-49735 Use After Free 11571 11572 11923 11924 12437 12244 12436 10816 10855 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 12437 Critical 12244 Critical 12436 Critical 10816 Critical 10855 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5060531 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531 5058392 11571 11572 Yes Security Update 10.0.17763.7434 https://support.microsoft.com/help/5060531 11571 11572 5060531 5060526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526 5058385 11923 11924 Yes Security Update 10.0.20348.3807 https://support.microsoft.com/help/5060526 11923 11924 5060526 5060842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842 12437 12436 Yes Security Update 10.0.26200.4349 https://support.microsoft.com/help/5060842 12437 12436 5060842 5060842 https://support.microsoft.com/help/5060842 12437 12436 5060118 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118 5058384 12244 Yes Security Update 10.0.25398.1665 https://support.microsoft.com/help/5060118 12244 5060118 5061010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010 5058383 10816 10855 Yes Security Update 10.0.14393.8148 https://support.microsoft.com/help/5061010 10816 10855 5061010 5061059 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061059 5058451 10378 10379 Yes Monthly Rollup 6.2.9200.25522 https://support.microsoft.com/help/5061059 10378 10379 5061059 5061018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018 5058403 10483 10543 Yes Monthly Rollup 6.3.9600.22620 https://support.microsoft.com/help/5061018 10483 10543 5061018 ʌ!ɔ⊥ojv with Kunlun Lab 1.0 2025-07-08T07:00:00 <p>Information published.</p> 1.2 2025-07-15T07:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> 1.1 2025-07-14T07:00:00 <p>Information published. This CVE was addressed by updates that were released in June 2025, but the CVE was inadvertently omitted from the June 2025 Security Updates. This is an informational change only. Customers who have already installed the June 2025 updates do not need to take any further action.</p> 1.3 2025-07-17T07:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> Microsoft Configuration Manager Remote Code Execution Vulnerability <p>Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability simply requires the attacker or targeted user to leverage a Microsoft Access application to automatically talk to a SQL Server while utilizing a remote SQL Server address that they control.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker can run arbitrary SQL queries as the SMS service (with sysadmin privileges). Since the injection happens during a user permission check, even users with read-only RBAC roles can exploit it. Any local SMS Admins group member on the SMS Provider host can also take advantage of this vulnerability.</p> Microsoft Configuration Manager Microsoft Yes CVE-2025-47178 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 16788 Remote Code Execution 16788 Important 16788 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16788 KB31909343 https://learn.microsoft.com/en-us/mem/configmgr/core/servers/manage/install-in-console-updates 16788 No Security Update 5.00.9135.1003 https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2503/31909343 16788 KB31909343 <a href="https://twitter.com/kalimer0x00">Mehdi Elyassa</a> with <a href="https://www.synacktiv.com/">Synacktiv</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability <p>Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires an authenticated client to click a link so that an unauthenticated attacker can initiate remote code execution.</p> <p><strong>How could an attacker exploit this vulnerability via the Network?</strong></p> <p>An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>138.0.3351.65</td> <td>7/01/2025</td> <td>138.0.7204.96/.97</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2025-49713 Access of Resource Using Incompatible Type ('Type Confusion') 11655 Remote Code Execution 11655 Important 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 138.0.3351.65 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://x.com/eternalsakura13">Nan Wang(@eternalsakura13) and Ziling Chen</a> 1.0 2025-07-02T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-49753 Heap-based Buffer Overflow 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Office Developer Platform Security Feature Bypass Vulnerability <p>Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>To successfully exploit this vulnerability, an attacker would need to gain elevated privileges enabling them to perform file operations in directories they would not normally be able to access or perform.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L), privileges are required (PR:L) and user interaction is required (UI:R). How could an attacker exploit this security feature bypass vulnerability?</strong></p> <p>The attack itself is carried out locally by a user with authentication to the targeted system. An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker is only able to compromise files that they were allowed access to as part of their initial privilege but cannot affect the availability of the browser.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass the Office Visual Basic for Applications (VBA) signature scheme.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Office Developer Platform Microsoft Yes CVE-2025-49756 Use of a Broken or Risky Cryptographic Algorithm 11762 11763 Security Feature Bypass 11762 Security Feature Bypass 11763 Important 11762 Important 11763 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 3.3 2.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11762 3.3 2.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11763 Click to Run 11762 11763 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates 11762 11763 Click to Run Anonymous with Microsoft 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Storage Spoofing Vulnerability <p>External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker with low privileges creates a scheduled task that is set to run when a user logs on and spoofs interfaces that belong to many services so the victim can connect to the attacker's server instead of the original.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> Windows Storage Microsoft Yes CVE-2025-49760 External Control of File Name or Path 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Spoofing 11568 Spoofing 11569 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12437 Spoofing 12242 Spoofing 12243 Spoofing 12244 Spoofing 12389 Spoofing 12390 Spoofing 12436 Spoofing 10729 Spoofing 10735 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 10855 Moderate 11568 Moderate 11569 Moderate 11571 Moderate 11572 Moderate 11923 Moderate 11924 Moderate 11929 Moderate 11930 Moderate 11931 Moderate 12085 Moderate 12086 Moderate 12097 Moderate 12098 Moderate 12099 Moderate 12437 Moderate 12242 Moderate 12243 Moderate 12244 Moderate 12389 Moderate 12390 Moderate 12436 Moderate 10729 Moderate 10735 Moderate 10852 Moderate 10853 Moderate 10816 Moderate 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11568 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11569 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11571 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11572 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11923 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11924 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11929 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11930 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11931 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12085 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12086 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12097 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12098 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12099 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12437 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12242 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12243 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12244 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12389 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12390 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12436 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10729 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10735 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10852 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10853 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10816 3.5 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 <a href="https://x.com/ronb_y">Ron Ben Yizhak</a> with <a href="https://www.safebreach.com/">SafeBreach</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p>Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>Are the two new CVEs that were released related to the two SharePoint vulnerabilities that were documented by CVE-2025-49704 and CVE-2025-49706?</strong></p> <p>Yes, the update for CVE-2025-53770 includes more robust protections than the update for CVE-2025-49704. The update for CVE-2025-53771 includes more robust protections than the update for CVE-2025-49706.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> Microsoft Office SharePoint Microsoft Yes CVE-2025-53771 Improper Authentication 10950 11585 11961 Spoofing 10950 Spoofing 11585 Spoofing 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10950 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 11585 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 11961 5002760 https://www.microsoft.com/en-us/download/details.aspx?id=108288 10950 Maybe Security Update 16.0.5513.1001 https://support.microsoft.com/help/5002760 10950 5002760 5002760 https://support.microsoft.com/help/5002760 10950 5002759 https://www.microsoft.com/en-us/download/details.aspx?id=108289 5002743 10950 Maybe Security Update 16.0.5513.1001 https://support.microsoft.com/help/5002759 10950 5002759 5002754 https://www.microsoft.com/en-us/download/details.aspx?id=108286 11585 Maybe Security Update 16.0.10417.20037 https://www.microsoft.com/en-us/download/details.aspx?id=108286 11585 5002754 5002754 https://www.microsoft.com/en-us/download/details.aspx?id=108286 11585 5002753 https://www.microsoft.com/en-us/download/details.aspx?id=108287 5002739 11585 Maybe Security Update 16.0.10417.20037 https://support.microsoft.com/help/5002753 11585 5002753 5002768 https://www.microsoft.com/en-us/download/details.aspx?id=108285 11961 Maybe Security Update 16.0.18526.20508 https://www.microsoft.com/en-us/download/details.aspx?id=108285 11961 5002768 5002768 https://www.microsoft.com/en-us/download/details.aspx?id=108285 11961 fb8a5048b1d8827e8ae96f410d40bf00cc313e3cc307da0df9e18099c9398b51 Anonymous Viettel Cyber Security with Trend Zero Day Initiative 2.0 2025-07-20T07:00:00 <p>The security update is available for Microsoft SharePoint Server 2019. Microsoft strongly encourages customers running this version of SharePoint to install this update as soon as possible.</p> 3.2 2025-07-21T07:00:00 <p>Added an acknowledgement. This is an informational change only.</p> 3.4 2025-07-22T07:00:00 <p>Updated CWE value. This is an informational change only.</p> 1.0 2025-07-20T07:00:00 <p>Information published.</p> 3.1 2025-07-21T07:00:00 <p>Added an FAQ and updated the CVSS score. This is an informational change only.</p> 3.0 2025-07-21T07:00:00 <p>The security update is available for Microsoft SharePoint Server Subscription Edition. Microsoft strongly encourages customers running this version of SharePoint to install this update as soon as possible.</p> 3.3 2025-07-22T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> 3.4 2025-07-24T07:00:00 <p>Corrected the Download and Article links in the Security Updates table. This is an informational change only.</p> 3.5 2025-07-31T07:00:00 <p>Updated the executive summary with current information. This is an informational change only.</p> 3.6 2025-07-31T07:00:00 <p>Added an FAQ to explain that the security update KB for SharePoint Server 2016 applies to both Microsoft SharePoint Server 2016 and Microsoft SharePoint Enterprise Server 2016. This is an informational change only.</p> Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability <p>Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p> <p>An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Virtual Hard Disk (VHDX) Microsoft Yes CVE-2025-47973 Buffer Over-read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Seungjin Oh (@seungjin01) with 78ResearchLab Donghyeon Oh JONGHOI KIM Seungjin Oh (@seungjin01) with 78ResearchLab 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability <p>Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> Windows SSDP Service Microsoft Yes CVE-2025-47975 Double Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Kerberos Denial of Service Vulnerability <p>Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.</p> Windows Kerberos Microsoft Yes CVE-2025-47978 Out-of-bounds Read 11923 11924 12437 12244 12436 Denial of Service 11923 Denial of Service 11924 Denial of Service 12437 Denial of Service 12244 Denial of Service 12436 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 <a href="https://www.linkedin.com/in/eliran-partush-22248710/">Eliran Partush </a> with <a href="https://www.silverfort.com/">Silverfort</a> <a href="https://www.linkedin.com/in/dorsegal/">Dor Segal</a> with <a href="https://www.silverfort.com/">Silverfort</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Imaging Component Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows Imaging Component Microsoft Yes CVE-2025-47980 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Mark Riehm 1.0 2025-07-08T07:00:00 <p>Information published.</p> SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by sending a malicious message to the server, potentially leading to remote code execution.</p> <p><strong>What is SPNEGO Extended Negotiation?</strong></p> <p>The SPNEGO Extended Negotiation Security Mechanism (NEGOEX) extends Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) described in [RFC4178]. Please see <a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-negoex/77c795cf-e522-4678-b0f1-2063c5c0561c">SPNEGO Overview</a> for more information.</p> Windows SPNEGO Extended Negotiation Microsoft Yes CVE-2025-47981 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 <p>The following mitigating factors might be helpful in your situation:</p> <p>This vulnerability affects Windows client machines running Windows 10, version 1607 and above, due to the following GPO being enabled by default on these operating systems: &quot;<em>Network security: Allow PKU2U authentication requests to this computer to use online identities</em>&quot;.</p> <a href="https://twitter.com/guhe120">Yuki Chen</a> Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Storage VSP Driver Elevation of Privilege Vulnerability <p>Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Storage VSP Driver Microsoft Yes CVE-2025-47982 Improper Input Validation Untrusted Pointer Dereference 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 OUYANG FEI 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows MBT Transport Driver Elevation of Privilege Vulnerability <p>Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows MBT Transport driver Microsoft Yes CVE-2025-47996 Integer Underflow (Wrap or Wraparound) Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-47998 Heap-based Buffer Overflow Integer Overflow or Wraparound 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Connected Devices Platform Service Elevation of Privilege Vulnerability <p>Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to Local Service.</p> Windows Connected Devices Platform Service Microsoft Yes CVE-2025-48000 Use After Free Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 <a href="https://twitter.com/hillstone_lab">Zhang WangJunJie, He YiSheng</a> with <a href="https://www.hillstonenet.com/">Hillstone Networks</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows BitLocker Security Feature Bypass Vulnerability <p>Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p> Windows BitLocker Microsoft Yes CVE-2025-48001 Time-of-check Time-of-use (TOCTOU) Race Condition 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Netanel Ben Simon and <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft Offensive Research & Security Engineering (MORSE) 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Hyper-V Information Disclosure Vulnerability <p>Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> Role: Windows Hyper-V Microsoft Yes CVE-2025-48002 Integer Overflow or Wraparound Out-of-bounds Read 12437 12389 12390 12436 Information Disclosure 12437 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Important 12437 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows BitLocker Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p> Windows BitLocker Microsoft Yes CVE-2025-48003 Protection Mechanism Failure 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 Netanel Ben Simon with Microsoft Offensive Research &amp; Security Engineering (MORSE) <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft Offensive Research &amp; Security Engineering (MORSE) 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Update Service Elevation of Privilege Vulnerability <p>Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could create, modify, or delete files in the security context of the &quot;NT AUTHORITY\SYSTEM&quot; account.</p> Windows Update Service Microsoft Yes CVE-2025-48799 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12389 12390 12436 10852 10853 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Important 11568 Important 11569 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 5062560 <a href="https://twitter.com/filip_dragovic">Filip Dragović</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows BitLocker Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p> Windows BitLocker Microsoft Yes CVE-2025-48800 Protection Mechanism Failure 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft Offensive Research &amp; Security Engineering (MORSE) Netanel Ben Simon with Microsoft Offensive Research &amp; Security Engineering (MORSE) 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows SMB Server Spoofing Vulnerability <p>Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network.</p> Windows SMB Microsoft Yes CVE-2025-48802 Improper Certificate Validation 11923 11924 12085 12086 12242 12243 12244 Spoofing 11923 Spoofing 11924 Spoofing 12085 Spoofing 12086 Spoofing 12242 Spoofing 12243 Spoofing 12244 Important 11923 Important 11924 Important 12085 Important 12086 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12244 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability <p>Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain Virtual Trust Level 1 (VTL1) privileges.</p> Windows Virtualization-Based Security (VBS) Enclave Microsoft Yes CVE-2025-48803 Missing Support for Integrity Check 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows BitLocker Security Feature Bypass Vulnerability <p>Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by loading a WinRE.wim file while the OS volume is unlocked, granting access to BitLocker encrypted data.</p> <p><strong>Are there any further actions I need to take to be protected from this boot manager rollback vulnerability?</strong></p> <p>Boot manager Secure Version Number/SVN has been incremented and optional Bootmgr SVN revision DBXUpdate has been included in updates released on or after July 9, 2024 security update. Refer to <a href="https://support.microsoft.com/en-us/topic/how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d">How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932</a> for guidance on how to apply these revocations to get full protection from boot manager rollback vulnerabilities.</p> Windows BitLocker Microsoft Yes CVE-2025-48804 Acceptance of Extraneous Untrusted Data With Trusted Data 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Netanel Ben Simon with Microsoft Offensive Research &amp; Security Engineering (MORSE) <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft Offensive Research &amp; Security Engineering (MORSE) 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Microsoft MPEG-2 Video Extension Microsoft Yes CVE-2025-48805 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability <p>Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Microsoft MPEG-2 Video Extension Microsoft Yes CVE-2025-48806 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> Windows Kernel Microsoft Yes CVE-2025-48808 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Arjun Vasudeva with MSRC V&M 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Secure Kernel Mode Information Disclosure Vulnerability <p>Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain kernel memory content.</p> Windows Kernel Microsoft Yes CVE-2025-48809 Processor Optimization Removal or Modification of Security-critical Code 12437 12389 12436 Information Disclosure 12437 Information Disclosure 12389 Information Disclosure 12436 Important 12437 Important 12389 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12436 Windows Kernel Virtualization &amp; Security Team 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Secure Kernel Mode Information Disclosure Vulnerability <p>Processor optimization removal or modification of security-critical code in Windows Secure Kernel Mode allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain kernel memory content.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> Windows Secure Kernel Mode Microsoft Yes CVE-2025-48810 Processor Optimization Removal or Modification of Security-critical Code 12437 12389 12436 Information Disclosure 12437 Information Disclosure 12389 Information Disclosure 12436 Important 12437 Important 12389 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12436 Windows Kernel, Virtualization &amp; Silicon Team 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability <p>Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain Virtual Trust Level 1 (VTL1) privileges.</p> Windows Virtualization-Based Security (VBS) Enclave Microsoft Yes CVE-2025-48811 Missing Support for Integrity Check 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 Praveen with Microsoft Corp. 1.0 2025-07-08T07:00:00 <p>Information published.</p> Remote Desktop Licensing Service Security Feature Bypass Vulnerability <p>Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.</p> <p><strong>What security feature is being bypassed?</strong></p> <p>An attacker with a machine-in-the-middle (MitM) position who successfully exploited this vulnerability could bypass the certificate validation performed when a targeted user connects to a trusted server.</p> Windows Remote Desktop Licensing Service Microsoft Yes CVE-2025-48814 Missing Authentication for Critical Function 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 5062572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Philemon Orphee Favrod with Microsoft Ray Reskusich with Microsoft Josh Watson with Microsoft 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability <p>Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user.</p> Windows SSDP Service Microsoft Yes CVE-2025-48815 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> HID Class Driver Elevation of Privilege Vulnerability <p>Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p> HID class driver Microsoft Yes CVE-2025-48816 Integer Overflow or Wraparound Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Remote Desktop Client Remote Code Execution Vulnerability <p>Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacker's server with the vulnerable Remote Desktop Client.</p> Remote Desktop Client Microsoft Yes CVE-2025-48817 Relative Path Traversal Improper Access Control 12457 11568 11569 11571 11572 11849 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 12457 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11849 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 12457 Important 11568 Important 11569 Important 11571 Important 11572 Important 11849 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12457 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11849 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 Release Notes https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 Maybe 2.0.559.0 https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 Release Notes 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 Release Notes https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-1263530 11849 Maybe Security Update 1.2.6353.0 https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-1263530 11849 Release Notes 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows BitLocker Security Feature Bypass Vulnerability <p>Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p> Windows BitLocker Microsoft Yes CVE-2025-48818 Time-of-check Time-of-use (TOCTOU) Race Condition 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 Netanel Ben Simon with Microsoft Offensive Research &amp; Security Engineering (MORSE) <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft Offensive Research &amp; Security Engineering (MORSE) 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability <p>Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker could exploit this vulnerability with LAN access.</p> Windows Universal Plug and Play (UPnP) Device Host Microsoft Yes CVE-2025-48819 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows AppX Deployment Service Elevation of Privilege Vulnerability <p>Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An authenticated attacker would be able to delete targeted files on a system which could result in them gaining SYSTEM privileges.</p> Windows AppX Deployment Service Microsoft Yes CVE-2025-48820 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 Simon Zuckerbraun of Trend Zero Day Initiative 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability <p>Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker could exploit this vulnerability with LAN access.</p> Windows Universal Plug and Play (UPnP) Device Host Microsoft Yes CVE-2025-48821 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability <p>Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user needs to be tricked into importing an INF file.</p> Role: Windows Hyper-V Microsoft Yes CVE-2025-48822 Out-of-bounds Read 11569 11571 11572 11923 11924 11931 12085 12086 12097 12437 12242 12243 12244 12389 12390 12436 10853 10816 10855 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Critical 10853 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11931 12097 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10853 10816 10855 5062560 Axel Andrejs 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Cryptographic Services Information Disclosure Vulnerability <p>Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability</strong></p> <p>To exploit this vulnerability, an attacker would need to target an application by persisting encrypted secrets that are using specific old cryptography and Windows APIs.</p> <p><strong>What type of information could be disclosed by this vulnerability</strong></p> <p>If the attacker has both the ability to modify the encrypted secret where it is stored and to observe the precise timing for the secret being decrypted by the application, the attacker could infer the original secret across many decryption attempts.</p> Windows Cryptographic Services Microsoft Yes CVE-2025-48823 CWE CATEGORY: Cryptographic Issues 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability <p>Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows TDX.sys Microsoft Yes CVE-2025-49659 Buffer Over-read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Event Tracing Elevation of Privilege Vulnerability <p>Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Event Tracing Microsoft Yes CVE-2025-49660 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 <a href="https://x.com/cplearns2h4ck">Chen Le Qi (@cplearns2h4ck)</a> with <a href="https://starlabs.sg/">STAR Labs SG Pte. Ltd.</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-49663 Heap-based Buffer Overflow 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows User-Mode Driver Framework Host Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> Windows User-Mode Driver Framework Host Microsoft Yes CVE-2025-49664 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 <a href="https://www.linkedin.com/in/kdj-abysslab">Dongjun Kim (smlijun)</a> with <a href="https://www.enki.co.kr/">Ajou University, and working at ENKI WhiteHat</a> <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37)</a> with <a href="https://www.enki.co.kr/">Ajou University, and working at ENKI WhiteHat</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Workspace Broker Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user.</p> Workspace Broker Microsoft Yes CVE-2025-49665 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 R4nger with CyberKunLun & Zhiniang Peng with HUST 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Server Setup and Boot Event Collection Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Kernel allows an authorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>To successfully exploit this vulnerability, an attacker or the targeted user would need to achieve a high level of control over a machine, as the attack requires access to processes typically restricted from average users.</p> <p>Essentially, the exploitation necessitates elevated privileges on the compromised machine due to the requirement of manipulating processes beyond the reach of standard user permissions.</p> Windows Kernel Microsoft Yes CVE-2025-49666 Heap-based Buffer Overflow 11571 11572 11923 11924 12437 12244 12436 10816 10855 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10816 10855 5062560 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability <p>Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32K - ICOMP Microsoft Yes CVE-2025-49667 Double Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Hussein Alrubaye with Microsoft 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-49668 Heap-based Buffer Overflow 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-49669 Heap-based Buffer Overflow 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-49673 Heap-based Buffer Overflow 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability <p>Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Kernel Streaming WOW Thunk Service Driver Microsoft Yes CVE-2025-49675 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> NTFS Elevation of Privilege Vulnerability <p>Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows NTFS Microsoft Yes CVE-2025-49678 NULL Pointer Dereference Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Bruno Botelho 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Shell Elevation of Privilege Vulnerability <p>Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Shell Microsoft Yes CVE-2025-49679 Numeric Truncation Error 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 YanZiShuang@BigCJTeam of cyberkl 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Performance Recorder (WPR) Denial of Service Vulnerability <p>Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this attack requires a local attacker to create arbitrary directories. User interaction is necessary as the attacker relies on an Administrator to run wprui.exe for the first time.</p> Windows Performance Recorder Microsoft Yes CVE-2025-49680 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 <a href="https://twitter.com/crispr56338851">BochengXiang(@Crispr)</a> with <a href="https://secsys.fudan.edu.cn/">FDU</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-49681 Out-of-bounds Read 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Media Elevation of Privilege Vulnerability <p>Use after free in Windows Media allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability</strong></p> <p>An authorized attacker with privileges could send controlled inputs to exploit this vulnerability. User interaction is required because the vulnerable function is typically triggered through a diagnostic workflow, such as launching a video troubleshooting tool or initiating a certificate validation process. These actions often involve user-initiated steps like opening a UI or selecting a monitor.</p> Windows Media Microsoft Yes CVE-2025-49682 Use After Free 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 <a href="https://www.linkedin.com/in/halrubaye/">Hussein Alrubaye</a> with Microsoft 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft Virtual Hard Disk Remote Code Execution Vulnerability <p>Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p> <p>An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.</p> <p><strong>Why could an attacker achieve remote code execution on affected versions of Window Server 2008, but only cause denial of service on systems running Window Server 2008 R2 or newer versions of Windows?</strong></p> <p>In Windows 7 and newer, an existing mechanism prevents an attacker from achieving remote code execution. They could only use this vulnerability to cause denial of service.</p> Virtual Hard Disk (VHDX) Microsoft Yes CVE-2025-49683 Integer Overflow or Wraparound Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Low 11568 Low 11569 Low 11571 Low 11572 Low 11923 Low 11924 Low 11929 Low 11930 Low 11931 Low 12085 Low 12086 Low 12097 Low 12098 Low 12099 Low 12437 Low 12242 Low 12243 Low 12244 Low 12389 Low 12390 Low 12436 Low 10729 Low 10735 Low 10852 Low 10853 Low 10816 Low 10855 Important 9312 Important 10287 Important 9318 Important 9344 Low 10051 Low 10049 Low 10378 Low 10379 Low 10483 Low 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 <a href="https://x.com/kaligulasec">Cherie-Anne Lee (@KaligulaSec)</a> with <a href="https://starlabs.sg/">STAR Labs SG Pte. Ltd.</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Storage Port Driver Information Disclosure Vulnerability <p>Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is a small amount of kernel memory which could be leaked back to the attacker.</p> Storage Port Driver Microsoft Yes CVE-2025-49684 Buffer Over-read 11568 11569 11571 11572 11923 11924 11929 11931 12086 12097 12099 12437 12243 12244 12390 12436 10729 10735 10852 10853 10816 10855 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11931 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11931 Important 12086 Important 12097 Important 12099 Important 12437 Important 12243 Important 12244 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11931 12097 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 <a href="https://www.zoemurmure.top/">zoemurmure</a> with <a href="https://qingteng.cn/">Qingteng</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Search Service Elevation of Privilege Vulnerability <p>Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>For an attacker to exploit this vulnerability, they would need to have knowledge of a specific operation that triggers a memory allocation failure, specifically a use after free.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Windows Search Component Microsoft Yes CVE-2025-49685 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft Brokering File System Elevation of Privilege Vulnerability <p>Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Brokering File System Microsoft Yes CVE-2025-49693 Double Free 12085 12086 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 12085 Important 12086 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 ChenJian with <a href="https://www.sea.com/security">Sea Security Orca Team</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft Office Remote Code Execution Vulnerability <p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> Microsoft Office Microsoft Yes CVE-2025-49695 Use After Free 11573 11574 11762 11763 11951 11952 11953 12155 12420 12421 12440 10753 10754 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12155 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12155 Critical 12420 Critical 12421 Critical 12440 Critical 10753 Critical 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12155 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Maybe Security Update 16.99.25071321 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Release Notes Release Notes https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow 12155 Maybe Security Update 16.0.19029.20000 https://support.google.com/googleplay/answer/113412?hl=en 12155 Release Notes Release Notes 12440 Maybe Security Update 16.99.25071321 https://go.microsoft.com/fwlink/p/?linkid=831049 12440 Release Notes 5002742 https://www.microsoft.com/en-us/download/details.aspx?id=108252 5002730 10753 10754 Maybe Security Update 16.0.5508.1001 https://support.microsoft.com/help/5002742 10753 10754 5002742 Li Shuang and willJ with Vulnerability Research Institute 2.0 2025-07-15T07:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft Office Remote Code Execution Vulnerability <p>Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> Microsoft Office Microsoft Yes CVE-2025-49696 Out-of-bounds Read Heap-based Buffer Overflow 11573 11574 11762 11763 11951 11952 11953 12155 12420 12421 12440 10753 10754 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12155 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12155 Critical 12420 Critical 12421 Critical 12440 Critical 10753 Critical 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12155 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Maybe Security Update 16.99.25071321 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Release Notes Release Notes https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow 12155 Maybe Security Update 16.0.19029.20000 https://support.google.com/googleplay/answer/113412?hl=en 12155 Release Notes Release Notes 12440 Maybe Security Update 16.99.25071321 https://go.microsoft.com/fwlink/p/?linkid=831049 12440 Release Notes 5002742 https://www.microsoft.com/en-us/download/details.aspx?id=108252 5002730 10753 10754 Maybe Security Update 16.0.5508.1001 https://support.microsoft.com/help/5002742 10753 10754 5002742 0x140ce 2.0 2025-07-15T07:00:00 <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft Office Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> Microsoft Office Microsoft Yes CVE-2025-49697 Heap-based Buffer Overflow 11573 11574 11762 11763 11951 11952 11953 12155 12420 12421 12440 10753 10754 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12155 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Remote Code Execution 10836 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12155 Critical 12420 Critical 12421 Critical 12440 Critical 10753 Critical 10754 Critical 10836 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12155 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Maybe Security Update 16.99.25071321 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Release Notes Release Notes https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow 12155 Maybe Security Update 16.0.19029.20000 https://support.google.com/googleplay/answer/113412?hl=en 12155 Release Notes Release Notes 12440 Maybe Security Update 16.99.25071321 https://go.microsoft.com/fwlink/p/?linkid=831049 12440 Release Notes 5002742 https://www.microsoft.com/en-us/download/details.aspx?id=108252 5002730 10753 10754 Maybe Security Update 16.0.5508.1001 https://support.microsoft.com/help/5002742 10753 10754 5002742 5002749 https://www.microsoft.com/en-us/download/details.aspx?id=108250 5002735 10753 10754 Maybe Security Update 16.0.5508.1001 https://support.microsoft.com/help/5002749 10753 10754 5002749 5002740 https://www.microsoft.com/en-us/download/details.aspx?id=108260 5002728 10836 Maybe Security Update 16.0.10417.20027 https://support.microsoft.com/help/5002740 10836 5002740 0x140ce 2.0 2025-07-15T07:00:00 <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft Word Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> Microsoft Office Word Microsoft Yes CVE-2025-49698 Use After Free 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10746 10747 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10746 Remote Code Execution 10747 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12420 Critical 12421 Critical 12440 Critical 10746 Critical 10747 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Maybe Security Update 16.99.25071321 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Release Notes Release Notes 12440 Maybe Security Update 16.99.25071321 https://go.microsoft.com/fwlink/p/?linkid=831049 12440 Release Notes 5002742 https://www.microsoft.com/en-us/download/details.aspx?id=108252 5002730 10746 10747 Maybe Security Update 16.0.5508.1001 https://support.microsoft.com/help/5002742 10746 10747 5002742 Zhiniang Peng with HUST, devoke with HUST, wh1tc with Kunlun Lab 2.0 2025-07-15T07:00:00 <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft Office Remote Code Execution Vulnerability <p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Microsoft Office Microsoft Yes CVE-2025-49699 Use After Free 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10741 10742 10746 10747 10765 10766 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10741 Remote Code Execution 10742 Remote Code Execution 10746 Remote Code Execution 10747 Remote Code Execution 10765 Remote Code Execution 10766 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10741 Important 10742 Important 10746 Important 10747 Important 10765 Important 10766 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10741 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10742 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10765 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10766 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Maybe Security Update 16.99.25071321 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Release Notes Release Notes 12440 Maybe Security Update 16.99.25071321 https://go.microsoft.com/fwlink/p/?linkid=831049 12440 Release Notes 5002746 https://www.microsoft.com/en-us/download/details.aspx?id=108254 5002689 10741 10742 Maybe Security Update 16.0.5508.1000 https://support.microsoft.com/help/5002746 10741 10742 5002746 5001941 https://www.microsoft.com/en-us/download/details.aspx?id=108249 4462117 10746 10747 Maybe Security Update 16.0.5508.1000 https://support.microsoft.com/help/5001941 10746 10747 5001941 4464583 https://www.microsoft.com/en-us/download/details.aspx?id=108255 4464538 10746 10747 Maybe Security Update 16.0.5508.1000 https://support.microsoft.com/help/4464583 10746 10747 4464583 5002747 https://www.microsoft.com/en-us/download/details.aspx?id=108237 10765 10766 Maybe Security Update 16.0.5508.1002 https://support.microsoft.com/help/5002747 10765 10766 5002747 Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a> 2.0 2025-07-15T07:00:00 <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft Word Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> Microsoft Office Word Microsoft Yes CVE-2025-49700 Use After Free 11573 11574 11762 11763 11952 11953 12420 12421 10746 10747 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 10746 Remote Code Execution 10747 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 12420 Important 12421 Important 10746 Important 10747 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002742 https://www.microsoft.com/en-us/download/details.aspx?id=108252 5002730 10746 10747 Maybe Security Update 16.0.5508.1001 https://support.microsoft.com/help/5002742 10746 10747 5002742 5002655 https://www.microsoft.com/en-us/download/details.aspx?id=108253 5002635 10746 10747 Maybe Security Update 16.0.5508.1000 https://support.microsoft.com/help/5002655 10746 10747 5002655 Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft SharePoint Remote Code Execution Vulnerability <p>Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?</strong></p> <p>The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>In a network-based attack, an attacker authenticated as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server.</p> Microsoft Office SharePoint Microsoft Yes CVE-2025-49701 Improper Authorization 10950 11585 11961 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 5002744 https://www.microsoft.com/en-us/download/details.aspx?id=108257 5002732 10950 Maybe Security Update 16.0.5508.1000 https://support.microsoft.com/help/5002744 10950 5002744 5002741 https://www.microsoft.com/en-us/download/details.aspx?id=108259 5002729 11585 Maybe Security Update 16.0.10417.20027 https://support.microsoft.com/help/5002741 11585 5002741 5002751 https://www.microsoft.com/en-us/download/details.aspx?id=108262 5002736 11961 Maybe Security Update 16.0.18526.20424 https://support.microsoft.com/help/5002751 11961 5002751 cjm00n with Kunlun Lab &amp; Zhiniang Peng 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft Office Remote Code Execution Vulnerability <p>Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> Microsoft Office Microsoft Yes CVE-2025-49702 Access of Resource Using Incompatible Type ('Type Confusion') 11573 11574 11762 11763 11951 11952 11953 12155 12420 12421 12440 10753 10754 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12155 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12155 Critical 12420 Critical 12421 Critical 12440 Critical 10753 Critical 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12155 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Maybe Security Update 16.99.25071321 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Release Notes Release Notes https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow 12155 Maybe Security Update 16.0.19029.20000 https://support.google.com/googleplay/answer/113412?hl=en 12155 Release Notes Release Notes 12440 Maybe Security Update 16.99.25071321 https://go.microsoft.com/fwlink/p/?linkid=831049 12440 Release Notes 5002742 https://www.microsoft.com/en-us/download/details.aspx?id=108252 5002730 10753 10754 Maybe Security Update 16.0.5508.1001 https://support.microsoft.com/help/5002742 10753 10754 5002742 0x140ce 2.0 2025-07-15T07:00:00 <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft Word Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> Microsoft Office Word Microsoft Yes CVE-2025-49703 Use After Free 10950 11585 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10746 10747 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10746 Remote Code Execution 10747 Critical 10950 Critical 11585 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12420 Critical 12421 Critical 12440 Critical 10746 Critical 10747 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 5002744 https://www.microsoft.com/en-us/download/details.aspx?id=108257 5002732 10950 Maybe Security Update 16.0.5508.1000 https://support.microsoft.com/help/5002744 10950 5002744 5002743 https://www.microsoft.com/en-us/download/details.aspx?id=108258 5002731 10950 Maybe Security Update 16.0.5508.1000 https://support.microsoft.com/help/5002743 10950 5002743 5002741 https://www.microsoft.com/en-us/download/details.aspx?id=108259 5002729 11585 Maybe Security Update 16.0.10417.20027 https://support.microsoft.com/help/5002741 11585 5002741 5002739 https://www.microsoft.com/en-us/download/details.aspx?id=108261 5002727 11585 Maybe Security Update 16.0.10417.20027 https://support.microsoft.com/help/5002739 11585 5002739 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Maybe Security Update 16.99.25071321 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Release Notes Release Notes 12440 Maybe Security Update 16.99.25071321 https://go.microsoft.com/fwlink/p/?linkid=831049 12440 Release Notes 5002745 https://www.microsoft.com/en-us/download/details.aspx?id=108256 5002710 10746 10747 Maybe Security Update 16.0.5508.1000 https://support.microsoft.com/help/5002745 10746 10747 5002745 cdbb6164ddfda2b210fd348442322115 2.0 2025-07-15T07:00:00 <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft SharePoint Remote Code Execution Vulnerability <p>Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?</strong></p> <p>The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>In a network-based attack, an attacker authenticated as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server.</p> Microsoft Office SharePoint Microsoft Yes CVE-2025-49704 Improper Control of Generation of Code ('Code Injection') 10950 11585 Remote Code Execution 10950 Remote Code Execution 11585 Critical 10950 Critical 11585 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 5002744 https://www.microsoft.com/en-us/download/details.aspx?id=108257 5002732 10950 Maybe Security Update 16.0.5508.1000 https://support.microsoft.com/help/5002744 10950 5002744 5002741 https://www.microsoft.com/en-us/download/details.aspx?id=108259 5002729 11585 Maybe Security Update 16.0.10417.20027 https://support.microsoft.com/help/5002741 11585 5002741 Viettel Cyber Security working with <a href="https://www.zerodayinitiative.com/">Trend Zero Day Initiative</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft PowerPoint Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office PowerPoint Microsoft Yes CVE-2025-49705 Heap-based Buffer Overflow 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10741 10742 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10741 Remote Code Execution 10742 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10741 Important 10742 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10741 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10742 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Maybe Security Update 16.99.25071321 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Release Notes Release Notes 12440 Maybe Security Update 16.99.25071321 https://go.microsoft.com/fwlink/p/?linkid=831049 12440 Release Notes 5002746 https://www.microsoft.com/en-us/download/details.aspx?id=108254 5002689 10741 10742 Maybe Security Update 16.0.5508.1000 https://support.microsoft.com/help/5002746 10741 10742 5002746 Guang Gong, Li Shuang and willJ with Vulnerability Research Institute 2.0 2025-07-15T07:00:00 <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p>Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and some loss of integrity (I:L), but no loss of availability (A:N). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view sensitive information, a token in this scenario (Confidentiality), and make some changes to disclosed information (Integrity), but they would not be able to affect Availability.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> Microsoft Office SharePoint Microsoft Yes CVE-2025-49706 Improper Authentication 10950 11585 11961 Spoofing 10950 Spoofing 11585 Spoofing 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C 10950 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C 11585 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C 11961 5002744 https://www.microsoft.com/en-us/download/details.aspx?id=108257 5002732 10950 Maybe Security Update 16.0.5508.1000 https://support.microsoft.com/help/5002744 10950 5002744 5002741 https://www.microsoft.com/en-us/download/details.aspx?id=108259 5002729 11585 Maybe Security Update 16.0.10417.20027 https://support.microsoft.com/help/5002741 11585 5002741 5002751 https://www.microsoft.com/en-us/download/details.aspx?id=108262 5002736 11961 Maybe Security Update 16.0.18526.20424 https://support.microsoft.com/help/5002751 11961 5002751 Viettel Cyber Security with Trend Zero Day Initiative 1.0 2025-07-08T07:00:00 <p>Information published.</p> 1.1 2025-07-21T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> 1.2 2025-07-22T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> 1.3 2025-07-24T07:00:00 <p>Corrected the Download and Article links in the Security Updates table. This is an informational change only.</p> 1.4 2025-07-31T07:00:00 <p>Added an FAQ to explain that the security update KB for SharePoint Server 2016 applies to both Microsoft SharePoint Server 2016 and Microsoft SharePoint Enterprise Server 2016. This is an informational change only.</p> Visual Studio Code Python Extension Remote Code Execution Vulnerability <p>Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally.</p> Visual Studio Code - Python extension Microsoft Yes CVE-2025-49714 Trust Boundary Violation 11873 Remote Code Execution 11873 Important 11873 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11873 Release Notes https://marketplace.visualstudio.com/items?itemName=ms-python.python 11873 Maybe 2025.8.1 https://github.com/microsoft/vscode-python/blob/master/CHANGELOG.md 11873 Release Notes Eakasit Tangmunchittham with <a href="https://www.secure-d.tech/">Secure-D Center</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft SQL Server Information Disclosure Vulnerability <p>Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Version</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5058721</td> <td>Security update for SQL Server 2022 CU19+GDR</td> <td>16.0.4200.1</td> <td>16.0.4003.1 - 16.0.4195.2</td> <td>KB 5054531 - SQL2022 RTM CU19</td> </tr> <tr> <td>5058712</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1140.6</td> <td>16.0.1000.6 - 16.0.1135.2</td> <td>KB 5054833 - SQL2019 RTM CU32</td> </tr> <tr> <td>5058722</td> <td>Security update for SQL Server 2019 CU32+GDR</td> <td>15.0.4435.7</td> <td>15.0.4003.23 - 15.0.4430.1</td> <td>KB 5046365 - SQL2019 RTM CU29</td> </tr> <tr> <td>5058713</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2135.5</td> <td>15.0.2000.5 - 15.0.2130.3</td> <td>KB 5046859 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5058714</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3495.9</td> <td>14.0.3006.16 - 14.0.3490.10</td> <td>KB 5050533 - Previous SQL2017 RTM CU31 GDR</td> </tr> <tr> <td>5058716</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.2075.8</td> <td>14.0.1000.169 - 14.0.2070.1</td> <td>KB 5046857 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5058717</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7055.9</td> <td>13.0.7000.253 - 13.0.7050.2</td> <td>KB 5046856 - Previous SQL2016 Azure Connect Feature Pack GDR</td> </tr> <tr> <td>5058718</td> <td>Security update for SQL Server 2016 SP3 RTM+GDR</td> <td>13.0.6460.7</td> <td>13.0.6300.2 - 13.0.6455.2</td> <td>KB 5046855 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.</p> SQL Server Microsoft Yes CVE-2025-49718 Use of Uninitialized Resource 11821 12147 16784 16785 Information Disclosure 11821 Information Disclosure 12147 Information Disclosure 16784 Information Disclosure 16785 Important 11821 Important 12147 Important 16784 Important 16785 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11821 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12147 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 16784 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 16785 5058713 https://www.microsoft.com/download/details.aspx?id=108274 5046859 11821 Maybe Security Update 15.0.2135.5 https://support.microsoft.com/help/5058713 11821 5058713 5058712 https://www.microsoft.com/download/details.aspx?id=108269 5046861 12147 Maybe Security Update 16.0.1140.6 https://support.microsoft.com/help/5058712 12147 5058712 5058721 https://www.microsoft.com/download/details.aspx?id=108268 5054531 16784 Maybe Security Update 16.0.4200.1 https://support.microsoft.com/help/5058721 16784 5058721 5058722 https://www.microsoft.com/download/details.aspx?id=108270 5054833 16785 Maybe 15.0.4435.7 https://support.microsoft.com/help/5058722 16785 5058722 Ravi Shetye with Microsoft 1.2 2025-08-20T07:00:00 <p>Updated product information in the Software Update table. This is an informational change only.</p> 1.0 2025-07-08T07:00:00 <p>Information published.</p> 1.1 2025-07-10T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> Windows Print Spooler Denial of Service Vulnerability <p>Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.</p> <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p> Windows Print Spooler Components Microsoft Yes CVE-2025-49722 Uncontrolled Resource Consumption 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 <a href="https://www.linkedin.com/in/or-yair">Or Yair</a> with <a href="https://www.safebreach.com/">SafeBreach</a> <a href="https://www.linkedin.com/in/shahak-morag-6bb51b142/">Shahak Morag</a> with <a href="https://www.safebreach.com/">SafeBreach</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Connected Devices Platform Service Remote Code Execution Vulnerability <p>Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, a remote unauthenticated attacker would need to send specially crafted traffic to a system with the &quot;Nearby Sharing&quot; feature enabled and to convince a user to take specific actions.</p> Windows Connected Devices Platform Service Microsoft Yes CVE-2025-49724 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 <p>The following mitigating factors might be helpful in your situation:</p> <p>There is a feature in Windows 10 and 11 called Nearby Sharing. This feature is not enabled by default. To protect from this vulnerability, you should disable the Nearby Sharing feature if it is not already.</p> <p>See <a href="https://support.microsoft.com/en-us/windows/share-things-with-nearby-devices-in-windows-0efbfe40-e3e2-581b-13f4-1a0e9936c2d9">Share things with nearby devices in Windows</a> for more information.</p> <a href="https://twitter.com/lewislee53">Lewis Lee</a> <a href="https://twitter.com/ver0759">Chunyang Han</a> <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> with <a href="https://english.hust.edu.cn/">HUST</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Notification Elevation of Privilege Vulnerability <p>Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user.</p> Windows Notification Microsoft Yes CVE-2025-49725 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 R4nger with CyberKunLun &amp; Zhiniang Peng with HUST 1.0 2025-07-08T07:00:00 <p>Information published.</p> Win32k Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32K - GRFX Microsoft Yes CVE-2025-49727 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Marcin Wiazowski with Trend Zero Day Initiative 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-49729 Heap-based Buffer Overflow 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Anonymous 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability <p>Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Windows QoS scheduler Microsoft Yes CVE-2025-49730 Time-of-check Time-of-use (TOCTOU) Race Condition Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Fraunhofer FKIE CA&amp;D 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). What does this mean for this vulnerability?</strong></p> <p>The attacker would have to be an authenticated user logged on to the vulnerable system to be able to exploit this vulnerability.</p> Microsoft Graphics Component Microsoft Yes CVE-2025-49732 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Marcin Wiazowski working with Trend Zero Day Initiative 1.0 2025-07-08T07:00:00 <p>Information published.</p> Win32k Elevation of Privilege Vulnerability <p>Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver.</p> Windows Win32K - ICOMP Microsoft Yes CVE-2025-49733 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 Mathias Vorreiter Pedersen with Microsoft Devin Jensen with Microsoft Benjamin Rodes with Microsoft George Hughey with Microsoft 1.0 2025-07-08T07:00:00 <p>Information published.</p> 1.1 2025-07-23T07:00:00 <p>Added an acknowledgement. This is an informational change only.</p> Windows Hyper-V Denial of Service Vulnerability <p>Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.</p> Role: Windows Hyper-V Microsoft Yes CVE-2025-47999 Missing Synchronization 11569 11571 11572 11923 11924 11931 12085 12086 12097 12437 12242 12243 12244 12389 12390 12436 10853 10816 10855 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11931 Important 12085 Important 12086 Important 12097 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11931 12097 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10853 10816 10855 5062560 <a href="https://twitter.com/rthhh17">HongZhenhao</a> with <a href="https://twitter.com/tiangonglab">TianGong Team of Legendsec at Qi&#39;anxin Group</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft Teams Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Teams Microsoft Yes CVE-2025-49737 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 12216 Elevation of Privilege 12216 Important 12216 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12216 Release Notes 12216 No Security Update 25163.3001.3726.6503 https://learn.microsoft.com/en-us/officeupdates/teams-app-versioning 12216 Release Notes <a href="https://www.linkedin.com/in/omer-dahan-07404320b/">Omer Dahan</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft PC Manager Elevation of Privilege Vulnerability <p>Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft PC Manager Microsoft Yes CVE-2025-49738 Improper Link Resolution Before File Access ('Link Following') 12441 Elevation of Privilege 12441 Important 12441 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12441 Release Notes https://apps.microsoft.com/detail/9pm860492szd?hl=en-us&gl=US 12441 Maybe Security Update 3.17.4 https://apps.microsoft.com/detail/9pm860492szd?hl=en-us&gl=US 12441 Release Notes <a href="https://twitter.com/sim0nsecurity">Simon (@sim0nsecurity)</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Visual Studio Elevation of Privilege Vulnerability <p>Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Visual Studio Microsoft Yes CVE-2025-49739 Improper Link Resolution Before File Access ('Link Following') 11600 11935 12459 12271 12322 10577 16767 Elevation of Privilege 11600 Elevation of Privilege 11935 Elevation of Privilege 12459 Elevation of Privilege 12271 Elevation of Privilege 12322 Elevation of Privilege 10577 Elevation of Privilege 16767 Important 11600 Important 11935 Important 12459 Important 12271 Important 12322 Important 10577 Important 16767 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11600 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12459 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12271 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12322 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10577 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16767 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.75 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.49 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 12459 Maybe Security Update 17.12.10 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12459 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.23 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes 5063035 https://aka.ms/vs/14/release/5063035 5045536 10577 Maybe Security Update 14.0.27564.0 https://support.microsoft.com/help/5063035 10577 5063035 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.14 16767 Maybe Security Update 17.14.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 16767 Release Notes <a href="https://twitter.com/sim0nsecurity">Simon (@sim0nsecurity)</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows SmartScreen Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could evade Mark of the Web (MOTW) defenses.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this security feature bypass vulnerability, an attacker would need to convince a user to launch malicious files using a launcher application that requests that no UI be shown.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user needs to be tricked into running malicious files.</p> Windows SmartScreen Microsoft Yes CVE-2025-49740 Protection Mechanism Failure 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 Simon Zuckerbraun of Trend Zero Day Initiative <a href="https://infosec.exchange/@wdormann">Will Dormann</a> with <a href="https://vu.ls/">Vul Labs</a> 1.0 2025-07-08T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Information Disclosure Vulnerability <p>No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>135.0.3179.98</td> <td>4/25/2025</td> <td>135.0.7049.114/.115</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2025-49741 Privilege Chaining 11655 Information Disclosure 11655 Important 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.4 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No 135.0.3179.98 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://twitter.com/shhnjk">Jun Kokatsu</a> 1.0 2025-07-01T07:00:00 <p>Information published.</p> Windows Graphics Component Remote Code Execution Vulnerability <p>Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Microsoft Graphics Component Microsoft Yes CVE-2025-49742 Integer Overflow or Wraparound Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Marcin Wiazowski working with Trend Zero Day Initiative 1.0 2025-07-08T07:00:00 <p>Information published.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>To successfully exploit this vulnerability, an attacker would need to gain elevated privileges enabling them to perform file operations in directories they would not normally be able to access or perform.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p> Microsoft Graphics Component Microsoft Yes CVE-2025-49744 Heap-based Buffer Overflow Integer Underflow (Wrap or Wraparound) Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 12243 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 12243 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 1.0 2025-07-08T07:00:00 <p>Information published.</p> Chromium: CVE-2025-6554 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information. Google is aware that an exploit for CVE-2025-6554 exists in the wild.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>138.0.3351.65</td> <td>7/01/2025</td> <td>138.0.7204.96/.97</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-6554 11655 11655 11655 Release Notes 11655 No Security Update 138.0.3351.65 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-07-01T17:00:44 <p>Information published.</p> Chromium: CVE-2025-7657 Use after free in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>138.0.3351.95</td> <td>7/16/2025</td> <td>138.0.7204.157/.158</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-7657 11655 11655 11655 Release Notes 11655 No Security Update 138.0.3351.95 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-07-16T16:31:06 <p>Information published.</p> Chromium: CVE-2025-6558 Incorrect validation of untrusted input in ANGLE and GPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information. Google is aware that an exploit for CVE-2025-6558 exists in the wild.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>138.0.3351.95</td> <td>7/16/2025</td> <td>138.0.7204.157/.158</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-6558 11655 11655 11655 Release Notes 11655 No Security Update 138.0.3351.95 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-07-16T16:31:05 <p>Information published.</p> Chromium: CVE-2025-7656 Integer overflow in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>138.0.3351.95</td> <td>7/16/2025</td> <td>138.0.7204.157/.158</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-7656 11655 11655 11655 Release Notes 11655 No Security Update 138.0.3351.95 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-07-16T16:31:02 <p>Information published.</p> Azure Machine Learning Elevation of Privilege Vulnerability <p>Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Machine Learning Microsoft No CVE-2025-49747 Missing Authorization 12152 Elevation of Privilege 12152 Critical 12152 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12152 Daniel Santos with Microsoft 1.0 2025-07-18T07:00:00 <p>Information published.</p> Azure Machine Learning Elevation of Privilege Vulnerability <p>Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Machine Learning Microsoft No CVE-2025-49746 Improper Authorization 12152 Elevation of Privilege 12152 Critical 12152 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12152 Daniel Santos with <a href="https://www.microsoft.com/">Microsoft</a> 1.0 2025-07-18T07:00:00 <p>Information published.</p> Azure Machine Learning Elevation of Privilege Vulnerability <p>Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Machine Learning Microsoft No CVE-2025-47995 Weak Authentication 12152 Elevation of Privilege 12152 Critical 12152 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12152 Daniel Santos with Microsoft 1.0 2025-07-18T07:00:00 <p>Information published.</p> Azure DevOps Server Elevation of Privilege Vulnerability <p>Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.</p> Azure DevOps Microsoft No CVE-2025-47158 Authentication Bypass by Assumed-Immutable Data 11998 Elevation of Privilege 11998 Critical 11998 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 9.0 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11998 <a href="https://www.linkedin.com/company/binarysecurity">Christian August Holm Hansen</a> with <a href="https://www.linkedin.com/company/binarysecurity">Binary Security</a> 1.0 2025-07-18T07:00:00 <p>Information published.</p> Microsoft Purview Elevation of Privilege Vulnerability <p>Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Microsoft Purview Microsoft No CVE-2025-53762 Permissive List of Allowed Inputs 12352 Elevation of Privilege 12352 Critical 12352 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 8.7 7.6 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12352 Anonymous 1.0 2025-07-18T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Remote Code Execution Vulnerability <p>Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.</p> <p>Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild.</p> <p>Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.</p> <p><strong>7/20/2025 Update:</strong> Updates are now available for Microsoft SharePoint Server Subscription Edition and Microsoft SharePoint Server 2019.</p> <p><strong>Why are there no links to the update to protect from this vulnerability?</strong></p> <p>Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. This page will be updated when an update is available.</p> <p><strong>Is there anything else that I can do to protect from exploitation?</strong></p> <p>If enabling AMSI is not an option, you should remove access to the internet from the SharePoint server. These two options protect from unauthenticated attacks.</p> <p><strong>Does this affect Microsoft 365 SharePoint Online?</strong></p> <p>No, Microsoft 365 SharePoint Online is not vulnerable to this issue.</p> <p><strong>Is there more information about this?</strong></p> <p>Yes, please see <a href="https://aka.ms/CVE-2025-53770Blog">Customer guidance for SharePoint vulnerability CVE-2025-53770</a> for more information.</p> <p><strong>Are the two new CVEs that were released related to the two SharePoint vulnerabilities that were documented by CVE-2025-49704 and CVE-2025-49706?</strong></p> <p>Yes, the update for CVE-2025-53770 includes more robust protections than the update for CVE-2025-49704. The update for CVE-2025-53771 includes more robust protections than the update for CVE-2025-49706.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> Microsoft Office SharePoint Microsoft Yes CVE-2025-53770 Deserialization of Untrusted Data 10950 11585 11961 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11961 Critical 10950 Critical 11585 Critical 11961 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 9.8 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C 10950 9.8 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C 11585 9.8 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C 11961 5002760 https://www.microsoft.com/en-us/download/details.aspx?id=108288 10950 Maybe Security Update 16.0.5513.1001 https://support.microsoft.com/help/5002760 10950 5002760 5002760 https://support.microsoft.com/help/5002760 10950 5002759 https://www.microsoft.com/en-us/download/details.aspx?id=108289 5002743 10950 Maybe Security Update 16.0.5513.1001 https://support.microsoft.com/help/5002759 10950 5002759 5002754 https://www.microsoft.com/en-us/download/details.aspx?id=108286 11585 Maybe Security Update 16.0.10417.20037 https://www.microsoft.com/en-us/download/details.aspx?id=108286 11585 5002754 5002754 https://www.microsoft.com/en-us/download/details.aspx?id=108286 11585 5002753 https://www.microsoft.com/en-us/download/details.aspx?id=108287 5002739 11585 Maybe Security Update 16.0.10417.20037 https://support.microsoft.com/help/5002753 11585 5002753 5002768 https://www.microsoft.com/en-us/download/details.aspx?id=108285 11961 Maybe Security Update 16.0.18526.20508 https://www.microsoft.com/en-us/download/details.aspx?id=108285 11961 5002768 5002768 https://www.microsoft.com/en-us/download/details.aspx?id=108285 11961 <p><strong>The following mitigating factors might be helpful in your situation:</strong></p> <p>Customers who have enabled the AMSI integration feature and use Microsoft Defender across their SharePoint Server farm(s) are protected from this vulnerability. For more information, see <a href="https://learn.microsoft.com/sharepoint/security-for-sharepoint-server/configure-amsi-integration">Configure AMSI integration with SharePoint Server</a>.</p> Viettel Cyber Security with Trend Zero Day Initiative <a href="https://twitter.com/_l0gg">khoadha</a> with <a href="https://viettelsecurity.com/">vcslab of Viettel Cyber Security</a> fb8a5048b1d8827e8ae96f410d40bf00cc313e3cc307da0df9e18099c9398b51 1.0 2025-07-19T07:00:00 <p>Information published.</p> 1.1 2025-07-19T07:00:00 <p>Updated acknowledgment. This is an informational change only.</p> 3.0 2025-07-20T07:00:00 <p>The security update is available for Microsoft SharePoint Server 2019. Microsoft strongly encourages customers running this version of SharePoint to install this update as soon as possible.</p> 2.0 2025-07-20T07:00:00 <p>The security update is available for Microsoft SharePoint Server Subscription Edition. Microsoft strongly encourages customers running this version of SharePoint to install this update as soon as possible.</p> 3.1 2025-07-21T07:00:00 <p>Added an FAQ and updated the CVSS score. This is an informational change only.</p> 3.3 2025-08-06T07:00:00 <p>Acknowledgement added. This is an informational change only.</p> Chromium: CVE-2025-8011 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>138.0.3351.109</td> <td>7/25/2025</td> <td>138.0.7204.168/.169</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-8011 11655 11655 11655 Release Notes 11655 No Security Update 138.0.3351.109 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-07-25T17:50:09 <p>Information published.</p> Chromium: CVE-2025-8010 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>138.0.3351.109</td> <td>7/25/2025</td> <td>138.0.7204.168/.169</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-8010 11655 11655 11655 Release Notes 11655 No Security Update 138.0.3351.109 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-07-25T17:50:05 <p>Information published.</p> Chromium: CVE-2025-8292 Use after free in Media Stream <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>138.0.3351.121</td> <td>7/31/2025</td> <td>138.0.7204.183/.184</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-8292 11655 11655 11655 Release Notes 11655 No Security Update 138.0.3351.121 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-07-31T18:54:11 <p>Information published.</p> Azure Monitor Agent Remote Code Execution Vulnerability <p>Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network.</p> <p><strong>What actions do customers need to take to protect themselves from this vulnerability?</strong></p> <p>Customers who have disabled <a href="https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-extension-upgrade">Automatic Extension Upgrades</a> or would like to upgrade an extension immediately must manually update their Azure Monitor Agent to the latest version. For more information on how to perform a manual update, see <a href="https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal#update">Manage Azure Monitor Agent</a>.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation depends on the vulnerable troubleshooting script in the Azure monitoring agent on the victim’s machine being executed by the user in an on-premises environment.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A) and privilege required is none (PR:N). What is the target used in the context of the remote code execution?</strong></p> <p>An attacker within the same network subnet as the victim machine could take advantage of a vulnerability in the troubleshooting script of the Azure monitoring agent extension installed on it and perform remote code execution (RCE). By successfully exploiting this vulnerability, the attacker could run arbitrary code on the victim’s target machine.</p> Azure Monitor Agent Microsoft Yes CVE-2025-47988 Improper Control of Generation of Code ('Code Injection') 12331 Remote Code Execution 12331 Important 12331 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12331 Release Notes https://learn.microsoft.com/en-us/azure/azure-arc/servers/manage-agent?tabs=windows#install-a-specific-version-of-the-agent 12331 No Security Update 1.35.1 https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-extension-versions 12331 Release Notes Michal Kamensky with Microsoft 1.0 2025-07-08T07:00:00 <p>Information published.</p>