June 2025 Security Updates
Security Update
secure@microsoft.com
The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc.
2025-Jun
2025-Jun
Final
1.0
341
2026-05-22T01:45:06
June 2025 Security Updates
2025-06-10T00:00:00
2026-05-22T01:45:06
<h2 id="this-release-consists-of-the-following-72-microsoft-cves">This release consists of the following 72 Microsoft CVEs:</h2>
<table>
<thead>
<tr>
<th>Tag</th>
<th>CVE</th>
<th>Base Score</th>
<th>CVSS Vector</th>
<th>Exploitability</th>
<th>FAQs?</th>
<th>Workarounds?</th>
<th>Mitigations?</th>
</tr>
</thead>
<tbody>
<tr>
<td>Windows Storage Management Provider</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24065">CVE-2025-24065</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Storage Management Provider</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24068">CVE-2025-24068</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Storage Management Provider</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24069">CVE-2025-24069</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Cryptographic Services</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29828">CVE-2025-29828</a></td>
<td>8.1</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>.NET and Visual Studio</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30399">CVE-2025-30399</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Remote Desktop Services</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32710">CVE-2025-32710</a></td>
<td>8.1</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>M365 Copilot</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32711">CVE-2025-32711</a></td>
<td>9.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Win32K - GRFX</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32712">CVE-2025-32712</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Common Log File System Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32713">CVE-2025-32713</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Installer</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32714">CVE-2025-32714</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Remote Desktop Client</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32715">CVE-2025-32715</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Media</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32716">CVE-2025-32716</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Word</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32717">CVE-2025-32717</a></td>
<td>8.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows SMB</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32718">CVE-2025-32718</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Storage Management Provider</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32719">CVE-2025-32719</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Storage Management Provider</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32720">CVE-2025-32720</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Recovery Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32721">CVE-2025-32721</a></td>
<td>7.3</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Storage Port Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32722">CVE-2025-32722</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Local Security Authority Subsystem Service (LSASS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32724">CVE-2025-32724</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows DHCP Server</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32725">CVE-2025-32725</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows DHCP Server</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33050">CVE-2025-33050</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows DWM Core Library</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33052">CVE-2025-33052</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Internet Shortcut Files</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33053">CVE-2025-33053</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td>
<td>Exploitation Detected</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Storage Management Provider</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33055">CVE-2025-33055</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Local Security Authority Server (lsasrv)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33056">CVE-2025-33056</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Local Security Authority (LSA)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33057">CVE-2025-33057</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Storage Management Provider</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33058">CVE-2025-33058</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Storage Management Provider</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33059">CVE-2025-33059</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Storage Management Provider</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33060">CVE-2025-33060</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Storage Management Provider</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33061">CVE-2025-33061</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Storage Management Provider</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33062">CVE-2025-33062</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Storage Management Provider</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33063">CVE-2025-33063</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Routing and Remote Access Service (RRAS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33064">CVE-2025-33064</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Storage Management Provider</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33065">CVE-2025-33065</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Routing and Remote Access Service (RRAS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33066">CVE-2025-33066</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kernel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33067">CVE-2025-33067</a></td>
<td>8.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Standards-Based Storage Management Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33068">CVE-2025-33068</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>App Control for Business (WDAC)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33069">CVE-2025-33069</a></td>
<td>5.1</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Netlogon</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33070">CVE-2025-33070</a></td>
<td>8.1</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows KDC Proxy Service (KPSSVC)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33071">CVE-2025-33071</a></td>
<td>8.1</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows SMB</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33073">CVE-2025-33073</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Installer</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33075">CVE-2025-33075</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Shell</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47160">CVE-2025-47160</a></td>
<td>5.4</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47162">CVE-2025-47162</a></td>
<td>8.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47163">CVE-2025-47163</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47164">CVE-2025-47164</a></td>
<td>8.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47165">CVE-2025-47165</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47166">CVE-2025-47166</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47167">CVE-2025-47167</a></td>
<td>8.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Word</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47168">CVE-2025-47168</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Word</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47169">CVE-2025-47169</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Word</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47170">CVE-2025-47170</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Outlook</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47171">CVE-2025-47171</a></td>
<td>6.7</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47172">CVE-2025-47172</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47173">CVE-2025-47173</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47174">CVE-2025-47174</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office PowerPoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47175">CVE-2025-47175</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Outlook</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47176">CVE-2025-47176</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47182">CVE-2025-47182</a></td>
<td>5.6</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47953">CVE-2025-47953</a></td>
<td>8.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Remote Access Connection Manager</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47955">CVE-2025-47955</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Security App</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47956">CVE-2025-47956</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Word</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47957">CVE-2025-47957</a></td>
<td>8.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Visual Studio</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47959">CVE-2025-47959</a></td>
<td>7.1</td>
<td>CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows SDK</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47962">CVE-2025-47962</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47963">CVE-2025-47963</a></td>
<td>6.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47964">CVE-2025-47964</a></td>
<td>5.4</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Power Automate</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47966">CVE-2025-47966</a></td>
<td>9.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft AutoUpdate (MAU)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47968">CVE-2025-47968</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Hello</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47969">CVE-2025-47969</a></td>
<td>4.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Nuance Digital Engagement Platform</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47977">CVE-2025-47977</a></td>
<td>8.2</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Dynamics 365 FastTrack Implementation Assets</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49715">CVE-2025-49715</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
</tbody>
</table>
<h2 id="we-are-republishing-10-non-microsoft-cves">We are republishing 10 non-Microsoft CVEs:</h2>
<table>
<thead>
<tr>
<th>CNA</th>
<th>Tag</th>
<th>CVE</th>
<th>FAQs?</th>
<th>Workarounds?</th>
<th>Mitigations?</th>
</tr>
</thead>
<tbody>
<tr>
<td>CERT/CC</td>
<td>Windows Secure Boot</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-3052">CVE-2025-3052</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-5068">CVE-2025-5068</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-5419">CVE-2025-5419</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-5958">CVE-2025-5958</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-5959">CVE-2025-5959</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-6191">CVE-2025-6191</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-6192">CVE-2025-6192</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-6555">CVE-2025-6555</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-6556">CVE-2025-6556</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-6557">CVE-2025-6557</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
</tbody>
</table>
<h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2>
<table>
<thead>
<tr>
<th>Date</th>
<th>Blog Post</th>
</tr>
</thead>
<tbody>
<tr>
<td>November 12, 2024</td>
<td><a href="https://aka.ms/MSRC-CSAF-Blog">Toward greater transparency: Publishing machine-readable CSAF files</a></td>
</tr>
<tr>
<td>June 27, 2024</td>
<td><a href="https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves/">Toward greater transparency: Unveiling Cloud Service CVEs</a></td>
</tr>
<tr>
<td>April 9, 2024</td>
<td><a href="https://aka.ms/MSRC-CWE-Blog">Toward greater transparency: Security Update Guide now shares CWEs for CVEs</a></td>
</tr>
<tr>
<td>January 6, 2023</td>
<td><a href="https://msrc.microsoft.com/blog/2023/01/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/">Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API</a></td>
</tr>
<tr>
<td>January 11, 2022</td>
<td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td>
</tr>
<tr>
<td>February 9, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td>
</tr>
<tr>
<td>January 13, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td>
</tr>
<tr>
<td>December 8, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td>
</tr>
<tr>
<td>November 9, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td>
</tr>
</tbody>
</table>
<h2 id="relevant-resources">Relevant Resources</h2>
<ul>
<li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li>
<li>Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li>
<li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li>
<li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li>
<li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li>
<li>Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li>
</ul>
<h2 id="known-issues">Known Issues</h2>
<p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p>
<p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p>
<table>
<thead>
<tr>
<th>KB Article</th>
<th>Applies To</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://support.microsoft.com/help/5002683">5002683</a></td>
<td>Microsoft Office Outlook 2016</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5002735">5002735</a></td>
<td>Excel 2016</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5002736">5002736</a></td>
<td>SharePoint Server Subscription Edition</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5060533">5060533</a></td>
<td>Windows 10, version 21H2, Windows 10, version 22H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5060842">5060842</a></td>
<td>Windows 11, version 24H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5060999">5060999</a></td>
<td>Windows 11, version 22H2, Windows 11, version 23H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5061026">5061026</a></td>
<td>Windows Server 2008 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5061072">5061072</a></td>
<td>Windows Server 2008 (Security-only update)</td>
</tr>
</tbody>
</table>
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2024 for 32-bit editions
Microsoft Office LTSC 2024 for 64-bit editions
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office LTSC for Mac 2021
Microsoft Office for Android
Microsoft Office LTSC for Mac 2024
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft SharePoint Server Subscription Edition
Office Online Server
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2016 (64-bit edition)
Microsoft PowerPoint 2016 (32-bit edition)
Microsoft PowerPoint 2016 (64-bit edition)
Microsoft AutoUpdate for Mac
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server 2025 (Server Core installation)
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows Server 2025
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows App Client for Windows Desktop
Remote Desktop client for Windows Desktop
Windows Security App
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
PowerShell 7.4
PowerShell 7.5
.NET 8.0 installed on Windows
.NET 8.0 installed on Linux
.NET 8.0 installed on Mac OS
.NET 9.0 installed on Linux
.NET 9.0 installed on Mac OS
.NET 9.0 installed on Windows
Microsoft Visual Studio 2022 version 17.12
Microsoft Visual Studio 2022 version 17.8
Microsoft Visual Studio 2022 version 17.10
Microsoft Visual Studio 2022 version 17.14
Windows SDK
Microsoft Edge (Chromium-based)
Power Automate for Desktop
Dynamics 365 FastTrack Implementation
Nuance Digital Engagement Platform
Microsoft 365 Copilot
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft PowerPoint 2016 (32-bit edition)
Microsoft PowerPoint 2016 (64-bit edition)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2016 (64-bit edition)
Windows Server 2016
Office Online Server
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016 (Server Core installation)
Microsoft AutoUpdate for Mac
Microsoft SharePoint Enterprise Server 2016
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft SharePoint Server 2019
Microsoft Edge (Chromium-based)
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Remote Desktop client for Windows Desktop
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft SharePoint Server Subscription Edition
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
CBL Mariner 2.0 x64
CBL Mariner 2.0 ARM
Microsoft Office for Android
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
PowerShell 7.4
Microsoft Visual Studio 2022 version 17.8
Microsoft Visual Studio 2022 version 17.10
Azure Linux 3.0 x64
Azure Linux 3.0 ARM
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Power Automate for Desktop
.NET 8.0 installed on Windows
.NET 8.0 installed on Linux
.NET 8.0 installed on Mac OS
Microsoft Office LTSC 2024 for 32-bit editions
Microsoft Office LTSC 2024 for 64-bit editions
.NET 9.0 installed on Linux
.NET 9.0 installed on Mac OS
.NET 9.0 installed on Windows
Windows Server 2025
Windows Server 2025 (Server Core installation)
Microsoft Office LTSC for Mac 2024
Windows App Client for Windows Desktop
Microsoft Visual Studio 2022 version 17.12
Windows SDK
Microsoft 365 Copilot
Windows Security App
Microsoft Visual Studio 2022 version 17.14
Nuance Digital Engagement Platform
Dynamics 365 FastTrack Implementation
PowerShell 7.5
azl3 kernel 6.6.96.1-1 on Azure Linux 3.0
cbl2 kernel 5.15.186.1-1 on CBL Mariner 2.0
cbl2 python-virtualenv 20.26.6-1 on CBL Mariner 2.0
cbl2 clamav 1.0.7-1 on CBL Mariner 2.0
cbl2 python-urllib3 1.26.19-1 on CBL Mariner 2.0
cbl2 hdf5 1.14.4-1 on CBL Mariner 2.0
azl3 mysql 8.0.41-1 on Azure Linux 3.0
azl3 python3 3.12.9-1 on Azure Linux 3.0
azl3 grpc 1.62.3-1 on Azure Linux 3.0
azl3 tensorflow 2.16.1-9 on Azure Linux 3.0
azl3 python-urllib3 2.0.7-1 on Azure Linux 3.0
azl3 hdf5 1.14.4.3-1 on Azure Linux 3.0
azl3 libcontainers-common 20240213-3 on Azure Linux 3.0
cbl2 grpc 1.42.0-11 on CBL Mariner 2.0
cbl2 tcl 8.6.13-3 on CBL Mariner 2.0
azl3 tcl 8.6.13-3 on Azure Linux 3.0
cbl2 libssh 0.10.6-1 on CBL Mariner 2.0
azl3 libssh 0.10.6-1 on Azure Linux 3.0
azl3 gcc 13.2.0-7 on Azure Linux 3.0
cbl2 golang 1.22.7-3 on CBL Mariner 2.0
cbl2 gcc 11.2.0-8 on CBL Mariner 2.0
azl3 gdk-pixbuf2 2.42.10-2 on Azure Linux 3.0
azl3 tidy 5.8.0-6 on Azure Linux 3.0
azl3 libarchive 3.7.7-2 on Azure Linux 3.0
azl3 pytorch 2.2.2-7 on Azure Linux 3.0
azl3 rabbitmq-server 3.13.7-2 on Azure Linux 3.0
azl3 cloud-init 24.3.1-2 on Azure Linux 3.0
azl3 kernel 6.6.92.2-1 on Azure Linux 3.0
azl3 python-requests 2.31.0-3 on Azure Linux 3.0
cm2 cloud-init 23.3-7 on CBL Mariner 2.0
cbl2 python3 3.9.19-14 on CBL Mariner 2.0
cbl2 python3 3.9.19-14 on CBL Mariner 2.0
cm2 python-requests 2.27.1-8 on CBL Mariner 2.0
cm2 reaper 3.1.1-19 on CBL Mariner 2.0
cbl2 clamav 1.0.9-1 on CBL Mariner 2.0
cm2 msft-golang 1.24.1-3 on CBL Mariner 2.0
cm2 sudo 1.9.17-1 on CBL Mariner 2.0
cm2 protobuf 3.17.3-4 on CBL Mariner 2.0
cm2 nbdkit 1.35.3-4 on CBL Mariner 2.0
cm2 coredns 1.11.1-19 on CBL Mariner 2.0
cm2 libxml2 2.10.4-8 on CBL Mariner 2.0
cbl2 ceph 16.2.10-8 on CBL Mariner 2.0
cbl2 libssh 0.10.6-2 on CBL Mariner 2.0
cbl2 pam 1.5.1-8 on CBL Mariner 2.0
cm2 gdk-pixbuf2 2.40.0-7 on CBL Mariner 2.0
azl3 clamav 1.0.9-1 on Azure Linux 3.0
azl3 valkey 8.0.3-3 on Azure Linux 3.0
azl3 sudo 1.9.17-1 on Azure Linux 3.0
azl3 python3 3.12.9-2 on Azure Linux 3.0
azl3 protobuf 25.3-5 on Azure Linux 3.0
azl3 golang 1.23.10-1 on Azure Linux 3.0
azl3 nbdkit 1.35.3-7 on Azure Linux 3.0
azl3 coredns 1.11.4-7 on Azure Linux 3.0
azl3 jq 1.7.1-4 on Azure Linux 3.0
azl3 libtpms 0.9.6-8 on Azure Linux 3.0
azl3 xorg-x11-server-Xwayland 24.1.6-2 on Azure Linux 3.0
azl3 libxml2 2.11.5-6 on Azure Linux 3.0
azl3 python-urllib3 2.0.7-2 on Azure Linux 3.0
azl3 ceph 18.2.2-9 on Azure Linux 3.0
azl3 libssh 0.10.6-2 on Azure Linux 3.0
azl3 qtbase 6.6.3-4 on Azure Linux 3.0
azl3 pam 1.5.3-5 on Azure Linux 3.0
azl3 python3 3.12.9-3 on Azure Linux 3.0
azl3 doxygen 1.9.8-2 on Azure Linux 3.0
azl3 gdk-pixbuf2 2.42.10-3 on Azure Linux 3.0
azl3 ceph 18.2.2-8 on Azure Linux 3.0
cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0
azl3 golang 1.23.9-1 on Azure Linux 3.0
cbl2 python3 3.9.19-13 on CBL Mariner 2.0
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0
azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0
cbl2 kata-containers 3.2.0.azl2-6 on CBL Mariner 2.0
azl3 golang 1.24.3-1 on Azure Linux 3.0
cbl2 libarchive 3.6.1-6 on CBL Mariner 2.0
azl3 kata-containers 3.15.0.aks0-1 on Azure Linux 3.0
cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0
cbl2 gcc 11.2.0-8 on CBL Mariner 2.0
cbl2 msft-golang 1.24.1-2 on CBL Mariner 2.0
cbl2 golang 1.22.7-3 on CBL Mariner 2.0
cbl2 gdk-pixbuf2 2.40.0-6 on CBL Mariner 2.0
cbl2 golang 1.18.8-8 on CBL Mariner 2.0
cbl2 golang 1.18.8-7 on CBL Mariner 2.0
cbl2 ceph 16.2.10-7 on CBL Mariner 2.0
cbl2 python-virtualenv 20.26.6-1 on CBL Mariner 2.0
azl3 ncurses 6.4-2 on Azure Linux 3.0
azl3 kernel 6.6.92.2-2 on Azure Linux 3.0
cbl2 grpc 1.42.0-11 on CBL Mariner 2.0
cbl2 pam 1.5.1-7 on CBL Mariner 2.0
cbl2 pytorch 2.0.0-9 on CBL Mariner 2.0
azl3 clamav 1.0.7-2 on Azure Linux 3.0
cbl2 clamav 1.0.7-1 on CBL Mariner 2.0
cbl2 hdf5 1.14.4-1 on CBL Mariner 2.0
cbl2 keras 2.11.0-3 on CBL Mariner 2.0
azl3 python-pip 24.2-3 on Azure Linux 3.0
cbl2 cmake 3.21.4-18 on CBL Mariner 2.0
cbl2 nodejs18 18.20.3-8 on CBL Mariner 2.0
azl3 cmake 3.30.3-8 on Azure Linux 3.0
cbl2 golang 1.22.7-4 on CBL Mariner 2.0
cbl2 reaper 3.1.1-19 on CBL Mariner 2.0
cbl2 kata-containers-cc 3.2.0.azl2-7 on CBL Mariner 2.0
azl3 kubernetes 1.30.10-9 on Azure Linux 3.0
cbl2 tidy 5.8.0-6 on CBL Mariner 2.0
cbl2 coredns 1.11.1-19 on CBL Mariner 2.0
azl3 golang 1.24.5-1 on Azure Linux 3.0
azl3 golang 1.23.11-1 on Azure Linux 3.0
azl3 cloud-init 24.3.1-1 on Azure Linux 3.0
cbl2 cloud-init 23.3-6 on CBL Mariner 2.0
cbl2 libssh 0.10.6-1 on CBL Mariner 2.0
azl3 golang 1.24.6-1 on Azure Linux 3.0
cbl2 qt5-qtbase 5.12.11-18 on CBL Mariner 2.0
azl3 ruby 3.3.5-4 on Azure Linux 3.0
cbl2 msft-golang 1.24.1-3 on CBL Mariner 2.0
azl3 rubygem-webrick 1.8.1-2 on Azure Linux 3.0
cbl2 ruby 3.1.7-1 on CBL Mariner 2.0
cbl2 rubygem-webrick 1.7.0-2 on CBL Mariner 2.0
cbl2 libxml2 2.10.4-8 on CBL Mariner 2.0
cbl2 python-requests 2.27.1-8 on CBL Mariner 2.0
azl3 kata-containers-cc 3.15.0.aks0-4 on Azure Linux 3.0
cbl2 sudo 1.9.17-1 on CBL Mariner 2.0
cbl2 nbdkit 1.35.3-4 on CBL Mariner 2.0
azl3 glib 2.78.6-3 on Azure Linux 3.0
cbl2 python3 3.9.19-14 on CBL Mariner 2.0
cbl2 erlang 25.3.2.21-2 on CBL Mariner 2.0
azl3 erlang 26.2.5.13-1 on Azure Linux 3.0
cbl2 protobuf 3.17.3-4 on CBL Mariner 2.0
cbl2 tcl 8.6.13-3 on CBL Mariner 2.0
cbl2 python-urllib3 1.26.19-1 on CBL Mariner 2.0
cbl2 xorg-x11-server 1.20.10-16 on CBL Mariner 2.0
cbl2 nodejs18 18.20.3-9 on CBL Mariner 2.0
cbl2 golang 1.22.7-5 on CBL Mariner 2.0
cbl2 libarchive 3.6.1-7 on CBL Mariner 2.0
cbl2 python-urllib3 1.26.19-2 on CBL Mariner 2.0
azl3 kernel 6.6.96.2-2 on Azure Linux 3.0
azl3 kata-containers-cc 3.15.0.aks0-5 on Azure Linux 3.0
azl3 libarchive 3.7.7-3 on Azure Linux 3.0
cbl2 python3 3.9.19-15 on CBL Mariner 2.0
cbl2 cmake 3.21.4-19 on CBL Mariner 2.0
cbl2 python-virtualenv 20.26.6-2 on CBL Mariner 2.0
azl3 kernel 6.6.104.2-4 on Azure Linux 3.0
azl3 python-pip 24.2-4 on Azure Linux 3.0
azl3 erlang 26.2.5.15-1 on Azure Linux 3.0
cbl2 python3 3.9.19-16 on CBL Mariner 2.0
cbl2 libxml2 2.10.4-9 on CBL Mariner 2.0
cbl2 jq 1.6-5 on CBL Mariner 2.0
azl3 kernel 6.6.112.1-2 on Azure Linux 3.0
azl3 python-pip 24.2-5 on Azure Linux 3.0
azl3 libxml2 2.11.5-7 on Azure Linux 3.0
azl3 rabbitmq-server 3.13.7-3 on Azure Linux 3.0
cbl2 python3 3.9.19-17 on CBL Mariner 2.0
cbl2 cmake 3.21.4-20 on CBL Mariner 2.0
azl3 kernel 6.6.117.1-1 on Azure Linux 3.0
azl3 wayland 1.22.0-1 on Azure Linux 3.0
azl3 hdf5 1.14.6-1 on Azure Linux 3.0
cbl2 hdf5 1.14.6-1 on CBL Mariner 2.0
azl3 kernel 6.6.119.3-1 on Azure Linux 3.0
azl3 kernel 6.6.119.3-3 on Azure Linux 3.0
azl3 kata-containers-cc 3.15.0.aks0-6 on Azure Linux 3.0
azl3 kernel 6.6.121.1-1 on Azure Linux 3.0
cbl2 python3 3.9.19-18 on CBL Mariner 2.0
cbl2 kernel 5.15.200.1-1 on CBL Mariner 2.0
cbl2 python3 3.9.19-19 on CBL Mariner 2.0
azl3 kernel 6.6.126.1-1 on Azure Linux 3.0
azl3 kata-containers-cc 3.15.0.aks0-7 on Azure Linux 3.0
azl3 erlang 26.2.5.17-1 on Azure Linux 3.0
cbl2 kernel 5.15.202.1-1 on CBL Mariner 2.0
azl3 kernel 6.6.130.1-3 on Azure Linux 3.0
azl3 erlang 26.2.5.18-1 on Azure Linux 3.0
azl3 kata-containers-cc 3.15.0.aks0-8 on Azure Linux 3.0
azl3 kernel 6.6.134.1-2 on Azure Linux 3.0
azl3 kata-containers-cc 3.15.0.aks0-9 on Azure Linux 3.0
azl3 erlang 26.2.5.20-1 on Azure Linux 3.0
azl3 kernel 6.6.137.1-2 on Azure Linux 3.0
azl3 kernel 6.6.138.1-1 on Azure Linux 3.0
azl3 kernel 6.6.139.1-1 on Azure Linux 3.0
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Bypass extraction filter to modify file metadata outside extraction directory
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
PSF
Yes
CVE-2024-12718
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
17604-17084
17667-17084
19533-16823
19681-17086
17604-17084
17667-17084
19533-16823
19681-17086
Moderate
17604-17084
Moderate
17667-17084
Moderate
19533-16823
Moderate
19681-17086
4.3
4.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U
17604-17084
4.3
4.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U
17667-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
19533-16823
4.3
4.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U
19681-17086
CBL-Mariner Releases
17604-17084
No
Security Update
3.12.9-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17604-17084
CBL-Mariner Releases
CBL-Mariner Releases
17667-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17667-17084
CBL-Mariner Releases
CBL-Mariner Releases
19533-16823
19681-17086
No
Security Update
3.9.19-14
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19533-16823
19681-17086
CBL-Mariner Releases
2.0
2025-07-18T00:00:00
<p>Added python3 to CBL-Mariner 2.0
Added python3 to Azure Linux 3.0</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.1
2026-02-19T01:40:37
<p>Information published.</p>
When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
canonical
Yes
CVE-2024-6174
Improper Authentication
19532-16823
19524-17084
20155-17084
20157-17086
19532-16823
19524-17084
20155-17084
20157-17086
Moderate
19532-16823
Moderate
19524-17084
Moderate
20155-17084
Moderate
20157-17086
8.8
8.8
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19532-16823
8.8
8.8
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19524-17084
7.4
6.8
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
20155-17084
7.4
6.8
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
20157-17086
CBL-Mariner Releases
19532-16823
20157-17086
No
Security Update
23.3-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19532-16823
20157-17086
CBL-Mariner Releases
CBL-Mariner Releases
19524-17084
20155-17084
No
Security Update
24.3.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19524-17084
20155-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2025-07-15T00:00:00
<p>Added cloud-init to Azure Linux 3.0
Added cloud-init to CBL-Mariner 2.0</p>
2.1
2026-02-18T01:07:26
<p>Information published.</p>
ClamAV PDF Scanning Buffer Overflow Vulnerability
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
cisco
Yes
CVE-2025-20260
Heap-based Buffer Overflow
19546-16823
19590-17084
19975-17084
19979-17086
17240-17086
19546-16823
19590-17084
19975-17084
19979-17086
17240-17086
Critical
19546-16823
Critical
19590-17084
Critical
19975-17084
19979-17086
Critical
17240-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19546-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19590-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19975-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19979-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17240-17086
CBL-Mariner Releases
19546-16823
19590-17084
19975-17084
19979-17086
17240-17086
No
Security Update
1.0.9-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19546-16823
19590-17084
19975-17084
19979-17086
17240-17086
CBL-Mariner Releases
2.0
2026-02-18T02:28:55
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38000
17085-17084
19880-17084
17085-17084
19880-17084
Moderate
17085-17084
Moderate
19880-17084
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.0
2025-08-06T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:35:05
<p>Information published.</p>
btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38034
17085-17084
19880-17084
17085-17084
19880-17084
Moderate
17085-17084
Moderate
19880-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.1
2026-02-18T14:56:48
<p>Information published.</p>
1.0
2025-08-06T00:00:00
<p>Information published.</p>
nvmet-tcp: don't restore null sk_state_change
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38035
17085-17084
19880-17084
17085-17084
19880-17084
Important
17085-17084
Important
19880-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.0
2025-08-06T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:44:20
<p>Information published.</p>
firmware: arm_ffa: Set dma_mask for ffa devices
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38043
17085-17084
19880-17084
17085-17084
19880-17084
Moderate
17085-17084
Moderate
19880-17084
6.5
5.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:U/RC:U
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.1
2026-02-18T14:52:30
<p>Information published.</p>
1.0
2025-08-06T00:00:00
<p>Information published.</p>
media: cx231xx: set device_caps for 417
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38044
19880-17084
19880-17084
Low
19880-17084
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
19880-17084
CBL-Mariner Releases
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19880-17084
CBL-Mariner Releases
1.0
2025-08-06T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:42:36
<p>Information published.</p>
smb: client: Fix use-after-free in cifs_fill_dirent
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38051
17085-17084
19880-17084
17085-17084
19880-17084
Important
17085-17084
Important
19880-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.0
2025-08-06T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:02:09
<p>Information published.</p>
genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38062
17085-17084
19880-17084
17087-17086
20925-17086
21093-17086
17085-17084
19880-17084
17087-17086
20925-17086
21093-17086
Important
17085-17084
Important
19880-17084
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19880-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
2.0
2025-12-20T01:01:39
<p>Information published.</p>
2.1
2026-02-18T02:01:09
<p>Information published.</p>
3.0
2026-03-03T14:45:16
<p>Information published.</p>
1.0
2025-08-06T00:00:00
<p>Information published.</p>
4.0
2026-03-31T14:55:51
<p>Information published.</p>
dm: fix unconditional IO throttle caused by REQ_PREFLUSH
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38063
19880-17084
17087-17086
20925-17086
21093-17086
19880-17084
17087-17086
20925-17086
21093-17086
Important
19880-17084
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19880-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
CBL-Mariner Releases
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19880-17084
CBL-Mariner Releases
2.0
2025-12-19T01:01:25
<p>Information published.</p>
2.1
2026-02-18T01:50:56
<p>Information published.</p>
3.0
2026-03-03T14:43:49
<p>Information published.</p>
4.0
2026-03-31T14:53:31
<p>Information published.</p>
1.0
2025-08-06T00:00:00
<p>Information published.</p>
dm cache: prevent BUG_ON by blocking retries on failed device resumes
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38066
Reachable Assertion
19880-17084
19880-17084
Important
19880-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19880-17084
CBL-Mariner Releases
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19880-17084
CBL-Mariner Releases
1.0
2025-08-06T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:53:27
<p>Information published.</p>
x86/mm: Check return value from memblock_phys_alloc_range()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38071
17085-17084
19880-17084
20925-17086
21093-17086
17087-17086
17085-17084
19880-17084
20925-17086
21093-17086
17087-17086
Moderate
17085-17084
Moderate
19880-17084
Moderate
20925-17086
Moderate
21093-17086
Moderate
17087-17086
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
19880-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.0
2025-08-07T00:00:00
<p>Information published.</p>
3.0
2026-03-03T14:44:06
<p>Information published.</p>
4.0
2026-03-31T14:53:53
<p>Information published.</p>
2.0
2025-12-19T01:01:35
<p>Information published.</p>
2.1
2026-02-18T14:47:16
<p>Information published.</p>
scsi: target: iscsi: Fix timeout on deleted connection
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38075
NULL Pointer Dereference
19880-17084
19880-17084
Important
19880-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19880-17084
CBL-Mariner Releases
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19880-17084
CBL-Mariner Releases
1.0
2025-08-07T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:55:55
<p>Information published.</p>
ALSA: pcm: Fix race of buffer access at PCM OSS layer
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38078
19880-17084
19880-17084
Important
19880-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19880-17084
CBL-Mariner Releases
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19880-17084
CBL-Mariner Releases
1.0
2025-08-07T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:53:26
<p>Information published.</p>
crypto: algif_hash - fix double free in hash_accept
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38079
17085-17084
19880-17084
17085-17084
19880-17084
Important
17085-17084
Important
19880-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.0
2025-08-07T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:51:19
<p>Information published.</p>
mm/hugetlb: unshare page tables during VMA split, not before
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38084
17085-17084
19880-17084
17085-17084
19880-17084
Moderate
17085-17084
Moderate
19880-17084
6.3
6.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.0
2025-08-07T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:12:59
<p>Information published.</p>
sunrpc: handle SVC_GARBAGE during svc auth processing as auth error
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38089
17085-17084
19880-17084
17085-17084
19880-17084
Important
17085-17084
Important
19880-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.0
2025-08-07T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:17:29
<p>Information published.</p>
drivers/rapidio/rio_cm.c: prevent possible heap overwrite
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38090
17085-17084
19880-17084
17085-17084
19880-17084
Important
17085-17084
Important
19880-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.0
2025-08-07T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:18:14
<p>Information published.</p>
Unbounded recursion in Python Protobuf
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Google
Yes
CVE-2025-4565
Uncontrolled Recursion
19556-16823
19602-17084
20026-17086
17664-17084
19712-17086
17539-17084
19949-17086
19668-17086
19407-17084
17667-17084
19889-17086
20332-17086
19693-17084
17868-17086
19556-16823
19602-17084
20026-17086
17664-17084
19712-17086
17539-17084
19949-17086
19668-17086
19407-17084
17667-17084
19889-17086
20332-17086
19693-17084
17868-17086
Important
19556-16823
Important
19602-17084
Important
20026-17086
Important
17664-17084
Important
19712-17086
Important
17539-17084
Important
19949-17086
Important
19668-17086
Important
19407-17084
Important
17667-17084
19889-17086
Important
20332-17086
Important
19693-17084
Important
17868-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19556-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19602-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20026-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
17664-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19712-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
17539-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19949-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19668-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19407-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
17667-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19889-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20332-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19693-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
17868-17086
CBL-Mariner Releases
19556-16823
20332-17086
No
Security Update
3.17.3-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19556-16823
20332-17086
CBL-Mariner Releases
CBL-Mariner Releases
19602-17084
No
Security Update
25.3-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19602-17084
CBL-Mariner Releases
CBL-Mariner Releases
20026-17086
17664-17084
19712-17086
17539-17084
19949-17086
19668-17086
19407-17084
17667-17084
19889-17086
19693-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20026-17086
17664-17084
19712-17086
17539-17084
19949-17086
19668-17086
19407-17084
17667-17084
19889-17086
19693-17084
CBL-Mariner Releases
2.0
2025-07-29T00:00:00
<p>Added protobuf to CBL-Mariner 2.0
Added protobuf to Azure Linux 3.0</p>
3.0
2026-02-18T02:13:49
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.1
2025-08-07T00:00:00
<p>Added protobuf to CBL-Mariner 2.0
Added protobuf to Azure Linux 3.0</p>
2.2
2025-08-14T00:00:00
<p>Added protobuf to CBL-Mariner 2.0
Added protobuf to Azure Linux 3.0</p>
Absolute path traversal in zip:unzip/1,2
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
EEF
Yes
CVE-2025-4748
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
20323-17086
20325-17084
20575-17084
20976-17084
21095-17084
21268-17084
20323-17086
20325-17084
20575-17084
20976-17084
21095-17084
21268-17084
Moderate
20323-17086
Moderate
20325-17084
Moderate
20575-17084
Moderate
20976-17084
Moderate
21095-17084
Moderate
21268-17084
CBL-Mariner Releases
20323-17086
No
Security Update
25.3.2.21-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20323-17086
CBL-Mariner Releases
CBL-Mariner Releases
20325-17084
20575-17084
20976-17084
21095-17084
21268-17084
No
Security Update
26.2.5.13-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20325-17084
20575-17084
20976-17084
21095-17084
21268-17084
CBL-Mariner Releases
1.0
2025-08-06T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:04:59
<p>Information published.</p>
2.0
2026-03-04T14:45:57
<p>Information published.</p>
4.0
2026-04-29T14:57:19
<p>Information published.</p>
3.0
2026-03-31T14:36:44
<p>Information published.</p>
CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-47950
Allocation of Resources Without Limits or Throttling
19564-16823
19611-17084
20137-17086
19564-16823
19611-17084
20137-17086
Important
19564-16823
Important
19611-17084
Important
20137-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19564-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19611-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20137-17086
CBL-Mariner Releases
19564-16823
20137-17086
No
Security Update
1.11.1-19
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19564-16823
20137-17086
CBL-Mariner Releases
CBL-Mariner Releases
19611-17084
No
Security Update
1.11.4-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19611-17084
CBL-Mariner Releases
1.1
2026-02-18T14:34:20
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
Libtpms contains a possible out-of-bound access and abort due to HMAC signing issue
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-49133
Out-of-bounds Read
19614-17084
19614-17084
Moderate
19614-17084
5.9
5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
19614-17084
CBL-Mariner Releases
19614-17084
No
Security Update
0.9.6-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19614-17084
CBL-Mariner Releases
1.0
2025-08-07T00:00:00
<p>Information published.</p>
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignore
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-49178
Improper Locking
19615-17084
20351-17086
20749-17084
19615-17084
20351-17086
20749-17084
Moderate
19615-17084
Moderate
20351-17086
Moderate
20749-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19615-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20351-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20749-17084
CBL-Mariner Releases
19615-17084
No
Security Update
24.1.6-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19615-17084
CBL-Mariner Releases
CBL-Mariner Releases
20351-17086
No
Security Update
1.20.10-16
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20351-17086
CBL-Mariner Releases
3.1
2026-02-18T02:32:18
<p>Information published.</p>
1.0
2025-08-06T00:00:00
<p>Information published.</p>
2.0
2025-12-12T01:03:08
<p>Information published.</p>
3.0
2025-12-16T01:36:53
<p>Information published.</p>
urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-50181
URL Redirection to Untrusted Site ('Open Redirect')
19620-17084
19849-17086
17667-17084
20389-17086
20530-17086
20561-17084
20617-17084
20346-17086
19681-17086
20043-17084
17604-17084
17171-17086
19620-17084
19849-17086
17667-17084
20389-17086
20530-17086
20561-17084
20617-17084
20346-17086
19681-17086
19681-17086
20043-17084
17604-17084
17171-17086
Moderate
19620-17084
19849-17086
Moderate
17667-17084
Moderate
20389-17086
Moderate
20530-17086
Moderate
20561-17084
Moderate
20617-17084
20346-17086
Moderate
19681-17086
19681-17086
Moderate
20043-17084
Moderate
17604-17084
Moderate
17171-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
19620-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
19849-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
17667-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
20389-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
20530-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
20561-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
20617-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
20346-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
19681-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
19681-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
20043-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
17604-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
17171-17086
CBL-Mariner Releases
19620-17084
No
Security Update
2.0.7-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19620-17084
CBL-Mariner Releases
CBL-Mariner Releases
19849-17086
20530-17086
17171-17086
No
Security Update
20.26.6-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19849-17086
20530-17086
17171-17086
CBL-Mariner Releases
CBL-Mariner Releases
20389-17086
20346-17086
No
Security Update
1.26.19-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20389-17086
20346-17086
CBL-Mariner Releases
CBL-Mariner Releases
20561-17084
20043-17084
No
Security Update
24.2-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20561-17084
20043-17084
CBL-Mariner Releases
CBL-Mariner Releases
20617-17084
No
Security Update
24.2-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20617-17084
CBL-Mariner Releases
CBL-Mariner Releases
17604-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17604-17084
CBL-Mariner Releases
1.0
2025-07-18T00:00:00
<p>Information published.</p>
2.0
2025-08-07T00:00:00
<p>Added python-urllib3 to Azure Linux 3.0
Added python3 to CBL-Mariner 2.0</p>
2.1
2026-02-18T02:26:12
<p>Information published.</p>
CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-52555
Improper Privilege Management
19622-17084
19666-17084
19622-17084
19666-17084
Moderate
19622-17084
Moderate
19666-17084
6.5
6.5
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
19622-17084
6.5
5.7
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
19666-17084
CBL-Mariner Releases
19622-17084
19666-17084
No
Security Update
18.2.2-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19622-17084
19666-17084
CBL-Mariner Releases
1.0
2025-09-03T22:54:54
<p>Information published.</p>
1.1
2026-02-18T01:14:55
<p>Information published.</p>
Libssh: out-of-bounds read in sftp_handle()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-5318
Out-of-bounds Read
19574-16823
19623-17084
18214-17084
20179-17086
18208-17086
19574-16823
19623-17084
18214-17084
20179-17086
18208-17086
Moderate
19574-16823
Moderate
19623-17084
Moderate
18214-17084
20179-17086
Moderate
18208-17086
5.4
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
19574-16823
5.4
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
19623-17084
5.4
5.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U
18214-17084
5.4
5.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U
20179-17086
5.4
5.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U
18208-17086
CBL-Mariner Releases
19574-16823
19623-17084
18214-17084
20179-17086
18208-17086
No
Security Update
0.10.6-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19574-16823
19623-17084
18214-17084
20179-17086
18208-17086
CBL-Mariner Releases
1.0
2025-07-17T00:00:00
<p>Information published.</p>
2.0
2025-07-18T00:00:00
<p>Added libssh to CBL-Mariner 2.0
Added libssh to Azure Linux 3.0</p>
3.0
2026-02-18T01:09:36
<p>Information published.</p>
Linux-pam: linux-pam directory traversal
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-6020
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
19580-16823
19627-17084
19916-17086
19580-16823
19627-17084
19916-17086
Important
19580-16823
Important
19627-17084
Important
19916-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19580-16823
7.8
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
19627-17084
7.8
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
19916-17086
CBL-Mariner Releases
19580-16823
19916-17086
No
Security Update
1.5.1-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19580-16823
19916-17086
CBL-Mariner Releases
CBL-Mariner Releases
19627-17084
No
Security Update
1.5.3-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19627-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2025-07-16T00:00:00
<p>Added pam to CBL-Mariner 2.0
Added pam to Azure Linux 3.0</p>
2.1
2026-02-18T02:21:07
<p>Information published.</p>
Gdk-pixbuf: uninitialized memory disclosure in gdkpixbuf gif lzw decoder
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-6199
Exposure of Sensitive Information to an Unauthorized Actor
19581-16823
19630-17084
18843-17084
19751-17086
19581-16823
19630-17084
18843-17084
19751-17086
Low
19581-16823
Low
19630-17084
Low
18843-17084
Low
19751-17086
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
19581-16823
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
19630-17084
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
18843-17084
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
19751-17086
CBL-Mariner Releases
19581-16823
19751-17086
No
Security Update
2.40.0-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19581-16823
19751-17086
CBL-Mariner Releases
CBL-Mariner Releases
19630-17084
18843-17084
No
Security Update
2.42.10-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19630-17084
18843-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2025-07-15T00:00:00
<p>Added gdk-pixbuf2 to Azure Linux 3.0
Added gdk-pixbuf2 to CBL-Mariner 2.0</p>
2.1
2026-02-18T02:06:59
<p>Information published.</p>
Libxml2: stack buffer overflow in xmllint interactive shell command handling
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-6170
Stack-based Buffer Overflow
19569-16823
19618-17084
20212-17086
19569-16823
19618-17084
20212-17086
Low
19569-16823
Low
19618-17084
Low
20212-17086
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
19569-16823
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
19618-17084
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20212-17086
CBL-Mariner Releases
19569-16823
20212-17086
No
Security Update
2.10.4-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19569-16823
20212-17086
CBL-Mariner Releases
CBL-Mariner Releases
19618-17084
No
Security Update
2.11.5-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19618-17084
CBL-Mariner Releases
1.0
2025-07-29T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:25:08
<p>Information published.</p>
HDF5 H5Cimage.c H5C__reconstruct_cache_entry heap-based overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-6269
Heap-based Buffer Overflow
17741-17084
19980-17086
17336-17086
20762-17086
20755-17084
17741-17084
19980-17086
17336-17086
20762-17086
20755-17084
Moderate
17741-17084
19980-17086
Moderate
17336-17086
Moderate
20762-17086
Moderate
20755-17084
5.3
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
17741-17084
5.3
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
19980-17086
5.3
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
17336-17086
5.3
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
20762-17086
5.3
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
20755-17084
CBL-Mariner Releases
17741-17084
17336-17086
20762-17086
20755-17084
No
Security Update
1.14.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17741-17084
17336-17086
20762-17086
20755-17084
CBL-Mariner Releases
1.0
2025-09-03T21:52:17
<p>Information published.</p>
3.0
2025-12-20T01:37:00
<p>Information published.</p>
5.0
2026-01-08T14:39:09
<p>Information published.</p>
2.0
2025-12-16T01:36:35
<p>Information published.</p>
4.0
2026-01-02T14:37:44
<p>Information published.</p>
Nodes can bypass dynamic resource allocation authorization checks
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
kubernetes
Yes
CVE-2025-4563
Improper Input Validation
20133-17084
20133-17084
Low
20133-17084
2.7
2.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U
20133-17084
CBL-Mariner Releases
20133-17084
No
Security Update
1.30.10-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20133-17084
CBL-Mariner Releases
1.0
2025-09-03T22:06:56
<p>Information published.</p>
1.1
2026-02-18T01:04:47
<p>Information published.</p>
HTACG tidy-html5 alloc.c defaultAlloc memory leak
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-6498
Missing Release of Memory after Effective Lifetime
20136-17086
19087-17084
20136-17086
19087-17084
Low
20136-17086
Low
19087-17084
3.3
3.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P
20136-17086
3.3
3.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P
19087-17084
1.0
2025-09-03T22:10:38
<p>Information published.</p>
HTACG tidy-html5 parser.c prvTidyParseNamespace assertion
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-6497
Reachable Assertion
20136-17086
19087-17084
20136-17086
19087-17084
Low
20136-17086
Low
19087-17084
3.3
3.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P
20136-17086
3.3
3.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P
19087-17084
1.0
2025-09-03T22:14:40
<p>Information published.</p>
Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Go
Yes
CVE-2025-0913
Improper Link Resolution Before File Access ('Link Following')
19785-17086
19747-17086
19697-17084
19693-17084
19730-17086
19712-17086
19668-17086
19679-17084
17667-17084
18444-17086
19785-17086
19747-17086
19697-17084
19693-17084
19730-17086
19712-17086
19668-17086
19679-17084
17667-17084
18444-17086
Moderate
19785-17086
19747-17086
Moderate
19697-17084
Moderate
19693-17084
Moderate
19730-17086
Moderate
19712-17086
Moderate
19668-17086
Moderate
19679-17084
Moderate
17667-17084
Moderate
18444-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
19785-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
19747-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
19697-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
19693-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
19730-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
19712-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
19668-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
19679-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
17667-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
18444-17086
2.0
2026-02-18T14:37:28
<p>Information published.</p>
1.0
2025-09-03T22:32:05
<p>Information published.</p>
Podman: podman missing tls verification
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-6032
Improper Certificate Validation
17793-17084
17793-17084
Important
17793-17084
8.3
8.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
17793-17084
1.0
2025-09-03T22:57:29
<p>Information published.</p>
1.1
2026-02-18T01:15:34
<p>Information published.</p>
HDF5 H5Centry.c H5C__flush_single_entry null pointer dereference
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-6858
NULL Pointer Dereference
17741-17084
17336-17086
19980-17086
20762-17086
20755-17084
17741-17084
17336-17086
19980-17086
20762-17086
20755-17084
Moderate
17741-17084
Moderate
17336-17086
19980-17086
Moderate
20762-17086
Moderate
20755-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17741-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17336-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
19980-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
20762-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
20755-17084
CBL-Mariner Releases
17741-17084
17336-17086
20762-17086
20755-17084
No
Security Update
1.14.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17741-17084
17336-17086
20762-17086
20755-17084
CBL-Mariner Releases
1.0
2025-09-03T23:14:28
<p>Information published.</p>
2.0
2025-12-16T01:36:43
<p>Information published.</p>
3.0
2025-12-20T01:37:09
<p>Information published.</p>
4.0
2026-01-02T14:37:49
<p>Information published.</p>
5.0
2026-01-08T14:39:31
<p>Information published.</p>
Libarchive: reading past eof may be triggered for piped file streams
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-5918
Out-of-bounds Read
20119-17084
19277-17084
19704-17086
20388-17086
20422-17084
20529-17086
20047-17086
20692-17086
20119-17084
19277-17084
19704-17086
20388-17086
20422-17084
20529-17086
20047-17086
20692-17086
Low
20119-17084
19277-17084
19704-17086
Low
20388-17086
Low
20422-17084
Low
20529-17086
Low
20047-17086
Low
20692-17086
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
20119-17084
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
19277-17084
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
19704-17086
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
20388-17086
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
20422-17084
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
20529-17086
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
20047-17086
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
20692-17086
CBL-Mariner Releases
20119-17084
No
Security Update
3.30.3-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20119-17084
CBL-Mariner Releases
CBL-Mariner Releases
19277-17084
20422-17084
No
Security Update
3.7.7-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19277-17084
20422-17084
CBL-Mariner Releases
CBL-Mariner Releases
19704-17086
20388-17086
No
Security Update
3.6.1-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19704-17086
20388-17086
CBL-Mariner Releases
CBL-Mariner Releases
20529-17086
20692-17086
No
Security Update
3.21.4-20
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20529-17086
20692-17086
CBL-Mariner Releases
1.0
2025-09-03T23:17:35
<p>Information published.</p>
2.0
2025-12-06T14:36:36
<p>Information published.</p>
2.1
2026-02-18T14:43:28
<p>Information published.</p>
Libarchive: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-5917
Out-of-bounds Write
20119-17084
19277-17084
20047-17086
19704-17086
20422-17084
20529-17086
20692-17086
20388-17086
20119-17084
19277-17084
20047-17086
19704-17086
20422-17084
20529-17086
20692-17086
20388-17086
Low
20119-17084
19277-17084
Low
20047-17086
19704-17086
Low
20422-17084
Low
20529-17086
Low
20692-17086
Low
20388-17086
2.8
2.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
20119-17084
2.8
2.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
19277-17084
2.8
2.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
20047-17086
2.8
2.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
19704-17086
2.8
2.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
20422-17084
2.8
2.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
20529-17086
2.8
2.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
20692-17086
2.8
2.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
20388-17086
CBL-Mariner Releases
20119-17084
No
Security Update
3.30.3-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20119-17084
CBL-Mariner Releases
CBL-Mariner Releases
19277-17084
20422-17084
No
Security Update
3.7.7-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19277-17084
20422-17084
CBL-Mariner Releases
CBL-Mariner Releases
19704-17086
20388-17086
No
Security Update
3.6.1-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19704-17086
20388-17086
CBL-Mariner Releases
CBL-Mariner Releases
20529-17086
20692-17086
No
Security Update
3.21.4-20
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20529-17086
20692-17086
CBL-Mariner Releases
1.0
2025-09-03T23:25:48
<p>Information published.</p>
2.0
2025-12-06T14:36:30
<p>Information published.</p>
2.1
2026-02-18T14:44:45
<p>Information published.</p>
HDF5 H5Ofsinfo.c H5O__fsinfo_encode heap-based overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-6816
Heap-based Buffer Overflow
19980-17086
17741-17084
20755-17084
17336-17086
20762-17086
19980-17086
17741-17084
20755-17084
17336-17086
20762-17086
19980-17086
Moderate
17741-17084
Moderate
20755-17084
Moderate
17336-17086
Moderate
20762-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
19980-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17741-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
20755-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17336-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
20762-17086
CBL-Mariner Releases
17741-17084
20755-17084
17336-17086
20762-17086
No
Security Update
1.14.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17741-17084
20755-17084
17336-17086
20762-17086
CBL-Mariner Releases
1.0
2025-09-03T23:25:02
<p>Information published.</p>
2.0
2025-12-16T01:37:04
<p>Information published.</p>
3.0
2025-12-20T01:37:26
<p>Information published.</p>
5.0
2026-01-08T14:40:04
<p>Information published.</p>
4.0
2026-01-02T14:38:00
<p>Information published.</p>
HDF5 H5Centry.c H5C__load_entry resource consumption
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-6817
Uncontrolled Resource Consumption
19980-17086
17741-17084
17336-17086
19980-17086
17741-17084
17336-17086
19980-17086
Moderate
17741-17084
Moderate
17336-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
19980-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17741-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17336-17086
1.0
2025-09-03T23:30:01
<p>Information published.</p>
Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-5916
Integer Overflow or Wraparound
20119-17084
19277-17084
19704-17086
20422-17084
20529-17086
20047-17086
20388-17086
20692-17086
20119-17084
19277-17084
19704-17086
20422-17084
20529-17086
20047-17086
20388-17086
20692-17086
Low
20119-17084
19277-17084
19704-17086
Low
20422-17084
Low
20529-17086
Low
20047-17086
Low
20388-17086
Low
20692-17086
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
20119-17084
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
19277-17084
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
19704-17086
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
20422-17084
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
20529-17086
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
20047-17086
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
20388-17086
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
20692-17086
CBL-Mariner Releases
20119-17084
No
Security Update
3.30.3-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20119-17084
CBL-Mariner Releases
CBL-Mariner Releases
19277-17084
20422-17084
No
Security Update
3.7.7-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19277-17084
20422-17084
CBL-Mariner Releases
CBL-Mariner Releases
19704-17086
20388-17086
No
Security Update
3.6.1-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19704-17086
20388-17086
CBL-Mariner Releases
CBL-Mariner Releases
20529-17086
20692-17086
No
Security Update
3.21.4-20
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20529-17086
20692-17086
CBL-Mariner Releases
2.1
2026-02-18T14:46:01
<p>Information published.</p>
1.0
2025-09-03T23:34:22
<p>Information published.</p>
2.0
2025-12-06T14:36:42
<p>Information published.</p>
HDF5 H5FL.c H5FL__reg_gc_list use after free
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-6856
Use After Free
19980-17086
17336-17086
17741-17084
19980-17086
17336-17086
17741-17084
19980-17086
Moderate
17336-17086
Moderate
17741-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
19980-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17336-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17741-17084
CBL-Mariner Releases
17741-17084
No
Security Update
1.14.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17741-17084
CBL-Mariner Releases
1.0
2025-09-03T23:34:37
<p>Information published.</p>
2.0
2025-12-16T01:37:20
<p>Information published.</p>
HDF5 H5Omtime.c H5O__mtime_new_encode heap-based overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-6750
Heap-based Buffer Overflow
19980-17086
17741-17084
17336-17086
20762-17086
20755-17084
19980-17086
17741-17084
17336-17086
20762-17086
20755-17084
19980-17086
Moderate
17741-17084
Moderate
17336-17086
Moderate
20762-17086
Moderate
20755-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
19980-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17741-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17336-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
20762-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
20755-17084
CBL-Mariner Releases
17741-17084
17336-17086
20762-17086
20755-17084
No
Security Update
1.14.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17741-17084
17336-17086
20762-17086
20755-17084
CBL-Mariner Releases
2.0
2025-12-16T01:37:13
<p>Information published.</p>
3.0
2025-12-20T01:37:35
<p>Information published.</p>
5.0
2026-01-08T14:40:16
<p>Information published.</p>
1.0
2025-09-03T23:39:00
<p>Information published.</p>
4.0
2026-01-02T14:38:06
<p>Information published.</p>
HDF5 H5Gnode.c H5G__node_cmp3 stack-based overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-6857
Stack-based Buffer Overflow
19980-17086
17336-17086
20755-17084
17741-17084
20762-17086
19980-17086
17336-17086
20755-17084
17741-17084
20762-17086
19980-17086
Moderate
17336-17086
Moderate
20755-17084
Moderate
17741-17084
Moderate
20762-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
19980-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17336-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
20755-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17741-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
20762-17086
CBL-Mariner Releases
17336-17086
20755-17084
17741-17084
20762-17086
No
Security Update
1.14.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17336-17086
20755-17084
17741-17084
20762-17086
CBL-Mariner Releases
1.0
2025-09-03T23:44:00
<p>Information published.</p>
3.0
2025-12-20T01:37:44
<p>Information published.</p>
5.0
2026-01-08T14:39:42
<p>Information published.</p>
2.0
2025-12-16T01:36:50
<p>Information published.</p>
4.0
2026-01-02T14:38:12
<p>Information published.</p>
Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-5914
Double Free
20388-17086
19277-17084
19704-17086
20422-17084
20388-17086
19277-17084
19704-17086
20422-17084
Low
20388-17086
19277-17084
19704-17086
Low
20422-17084
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
20388-17086
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
19277-17084
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
19704-17086
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
20422-17084
CBL-Mariner Releases
20388-17086
19704-17086
No
Security Update
3.6.1-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20388-17086
19704-17086
CBL-Mariner Releases
CBL-Mariner Releases
19277-17084
20422-17084
No
Security Update
3.7.7-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19277-17084
20422-17084
CBL-Mariner Releases
1.0
2025-09-03T23:49:02
<p>Information published.</p>
juliangruber brace-expansion index.js expand redos
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-5889
Inefficient Regular Expression Complexity
20056-17086
19712-17086
20367-17086
19693-17084
20124-17086
20056-17086
19712-17086
20367-17086
19693-17084
20124-17086
20056-17086
19712-17086
Low
20367-17086
19693-17084
Low
20124-17086
3.1
2.8
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
20056-17086
3.1
2.8
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
19712-17086
3.1
2.8
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
20367-17086
3.1
2.8
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
19693-17084
3.1
2.8
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
20124-17086
CBL-Mariner Releases
20056-17086
20367-17086
No
Security Update
18.20.3-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20056-17086
20367-17086
CBL-Mariner Releases
1.0
2025-09-04T00:10:37
<p>Information published.</p>
1.1
2026-02-18T14:50:58
<p>Information published.</p>
Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-6052
Integer Overflow or Wraparound
20272-17084
20272-17084
Low
20272-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
20272-17084
CBL-Mariner Releases
20272-17084
No
Security Update
2.78.6-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20272-17084
CBL-Mariner Releases
1.0
2025-09-04T00:13:38
<p>Information published.</p>
1.1
2026-02-18T14:51:28
<p>Information published.</p>
PCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38069
20412-17084
19683-17084
20553-17084
17087-17086
20412-17084
19683-17084
20553-17084
17087-17086
Moderate
20412-17084
19683-17084
Moderate
20553-17084
Important
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
1.0
2025-09-04T00:25:27
<p>Information published.</p>
2.0
2025-11-25T01:37:12
<p>Information published.</p>
RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38022
19683-17084
20613-17084
17087-17086
20725-17084
20823-17084
20860-17084
20925-17086
21093-17086
20412-17084
20553-17084
20788-17084
19683-17084
20613-17084
17087-17086
20725-17084
20823-17084
20860-17084
20925-17086
21093-17086
20412-17084
20553-17084
20788-17084
19683-17084
Moderate
20613-17084
Important
17087-17086
Moderate
20725-17084
Moderate
20823-17084
Moderate
20860-17084
Important
20925-17086
Important
21093-17086
Moderate
20412-17084
Moderate
20553-17084
Moderate
20788-17084
5.1
5.1
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
19683-17084
5.1
5.1
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
20613-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
5.1
5.1
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
20725-17084
5.1
5.1
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
20823-17084
5.1
5.1
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
20860-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20925-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21093-17086
5.1
5.1
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
20412-17084
5.1
5.1
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
20553-17084
5.1
5.1
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
20788-17084
1.0
2025-09-04T00:31:51
<p>Information published.</p>
2.0
2025-12-07T01:41:11
<p>Information published.</p>
3.0
2026-01-08T14:38:13
<p>Information published.</p>
4.0
2026-01-20T14:50:59
<p>Information published.</p>
5.0
2026-02-18T14:55:04
<p>Information published.</p>
7.0
2026-03-31T14:44:23
<p>Information published.</p>
6.0
2026-03-03T15:03:52
<p>Information published.</p>
espintcp: fix skb leaks
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38057
20412-17084
20613-17084
19683-17084
20553-17084
17087-17086
20412-17084
20613-17084
19683-17084
20553-17084
17087-17086
Moderate
20412-17084
Moderate
20613-17084
19683-17084
Moderate
20553-17084
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-09-04T00:47:07
<p>Information published.</p>
2.0
2025-11-25T01:36:41
<p>Information published.</p>
x86/fred: Fix system hang during S4 resume with FRED enabled
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38047
19880-17084
19880-17084
Moderate
19880-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19880-17084
1.0
2025-09-04T00:56:21
<p>Information published.</p>
1.1
2026-02-18T14:45:25
<p>Information published.</p>
clk: sunxi-ng: h616: Reparent GPU clock during frequency changes
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38041
19683-17084
20412-17084
20613-17084
17087-17086
20823-17084
20860-17084
20925-17086
21094-17084
21093-17086
21248-17084
21332-17084
20553-17084
20725-17084
20788-17084
20956-17084
21308-17084
21344-17084
19683-17084
20412-17084
20613-17084
17087-17086
20823-17084
20860-17084
20925-17086
21094-17084
21093-17086
21248-17084
21332-17084
20553-17084
20725-17084
20788-17084
20956-17084
21308-17084
21344-17084
19683-17084
Important
20412-17084
Important
20613-17084
Moderate
17087-17086
Important
20823-17084
Important
20860-17084
Moderate
20925-17086
Important
21094-17084
Moderate
21093-17086
Important
21248-17084
Important
21332-17084
Important
20553-17084
Important
20725-17084
Important
20788-17084
Important
20956-17084
Important
21308-17084
Moderate
21344-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19683-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20412-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20823-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21094-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21248-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21332-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20553-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20725-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20788-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20956-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21308-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2025-12-07T01:41:32
<p>Information published.</p>
3.0
2026-01-08T14:38:23
<p>Information published.</p>
4.0
2026-01-20T14:51:08
<p>Information published.</p>
6.0
2026-03-03T15:04:21
<p>Information published.</p>
7.0
2026-03-04T14:45:34
<p>Information published.</p>
8.0
2026-03-31T15:19:10
<p>Information published.</p>
9.0
2026-04-29T14:56:37
<p>Information published.</p>
10.0
2026-05-06T14:50:32
<p>Information published.</p>
12.1
2026-05-22T01:44:52
<p>Information published.</p>
1.0
2025-09-04T01:05:50
<p>Information published.</p>
5.0
2026-02-18T14:46:30
<p>Information published.</p>
11.0
2026-05-11T01:48:34
<p>Information published.</p>
12.0
2026-05-17T14:49:33
<p>Information published.</p>
bpf: copy_verifier_state() should copy 'loop_entry' field
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38060
19683-17084
19683-17084
Important
19683-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19683-17084
CBL-Mariner Releases
19683-17084
No
Security Update
6.6.96.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19683-17084
CBL-Mariner Releases
1.0
2025-09-04T01:15:43
<p>Information published.</p>
1.1
2026-02-18T14:48:32
<p>Information published.</p>
cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38038
17085-17084
17085-17084
Important
17085-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17085-17084
1.0
2025-09-04T01:29:23
<p>Information published.</p>
1.1
2026-02-18T14:50:51
<p>Information published.</p>
arm64: set UXN on swapper page tables
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-50232
20412-17084
19683-17084
20412-17084
19683-17084
Moderate
20412-17084
19683-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20412-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
19683-17084
1.1
2026-02-18T14:51:45
<p>Information published.</p>
1.0
2025-09-04T01:37:56
<p>Information published.</p>
drm/amdgpu: csa unmap use uninterruptible lock
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38011
20613-17084
20725-17084
20788-17084
20823-17084
20860-17084
19683-17084
20412-17084
20553-17084
20613-17084
20725-17084
20788-17084
20823-17084
20860-17084
19683-17084
20412-17084
20553-17084
Moderate
20613-17084
Moderate
20725-17084
Moderate
20788-17084
Moderate
20823-17084
Moderate
20860-17084
19683-17084
Moderate
20412-17084
Moderate
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
2.0
2025-12-07T01:41:52
<p>Information published.</p>
5.0
2026-02-18T14:53:16
<p>Information published.</p>
6.0
2026-02-27T14:35:42
<p>Information published.</p>
1.0
2025-09-04T01:44:30
<p>Information published.</p>
3.0
2026-01-08T14:38:42
<p>Information published.</p>
4.0
2026-01-20T14:51:24
<p>Information published.</p>
drm/xe/vf: Perform early GT MMIO initialization to read GMDID
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38036
19529-17084
19529-17084
19529-17084
1.0
2025-09-04T01:49:55
<p>Information published.</p>
kasan: avoid sleepable page allocation from atomic context
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38029
20553-17084
20613-17084
20725-17084
20860-17084
21094-17084
21093-17086
21248-17084
19683-17084
20412-17084
17087-17086
20788-17084
20823-17084
20925-17086
20956-17084
21308-17084
21332-17084
21344-17084
20553-17084
20613-17084
20725-17084
20860-17084
21094-17084
21093-17086
21248-17084
19683-17084
20412-17084
17087-17086
20788-17084
20823-17084
20925-17086
20956-17084
21308-17084
21332-17084
21344-17084
Low
20553-17084
Low
20613-17084
Low
20725-17084
Low
20860-17084
Low
21094-17084
Low
21093-17086
Low
21248-17084
19683-17084
Low
20412-17084
Low
17087-17086
Low
20788-17084
Low
20823-17084
Low
20925-17086
Low
20956-17084
Low
21308-17084
Low
21332-17084
Moderate
21344-17084
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
20553-17084
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
20613-17084
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
20725-17084
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
20860-17084
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
21094-17084
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
21093-17086
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
21248-17084
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
19683-17084
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
20412-17084
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
17087-17086
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
20788-17084
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
20823-17084
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
20925-17086
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
20956-17084
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
21308-17084
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
21332-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2025-09-04T02:14:45
<p>Information published.</p>
3.0
2026-01-08T14:38:52
<p>Information published.</p>
4.0
2026-01-20T14:51:33
<p>Information published.</p>
5.0
2026-02-18T01:54:50
<p>Information published.</p>
6.0
2026-03-03T15:04:09
<p>Information published.</p>
7.0
2026-03-04T14:45:48
<p>Information published.</p>
8.0
2026-03-31T15:19:26
<p>Information published.</p>
9.0
2026-04-29T14:57:03
<p>Information published.</p>
12.1
2026-05-22T01:45:06
<p>Information published.</p>
2.0
2025-12-07T01:42:02
<p>Information published.</p>
10.0
2026-05-06T14:50:48
<p>Information published.</p>
11.0
2026-05-11T01:48:52
<p>Information published.</p>
12.0
2026-05-17T14:49:51
<p>Information published.</p>
ASoC: sma1307: Add NULL check in sma1307_setting_loaded()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38070
NULL Pointer Dereference
19529-17084
19529-17084
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
1.0
2025-09-04T02:22:58
<p>Information published.</p>
Tarfile extracts filtered members when errorlevel=0
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
PSF
Yes
CVE-2025-4435
Incorrect Calculation
20315-17086
17667-17084
17604-17084
20685-17086
20937-17086
19533-17086
20528-17086
20603-17086
20916-17086
20315-17086
17667-17084
17604-17084
20685-17086
20937-17086
19533-17086
20528-17086
20603-17086
20916-17086
20315-17086
Moderate
17667-17084
Moderate
17604-17084
Moderate
20685-17086
Moderate
20937-17086
Moderate
19533-17086
Moderate
20528-17086
Moderate
20603-17086
Moderate
20916-17086
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U
20315-17086
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U
17667-17084
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U
17604-17084
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U
20685-17086
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U
20937-17086
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U
19533-17086
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U
20528-17086
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U
20603-17086
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U
20916-17086
CBL-Mariner Releases
17604-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17604-17084
CBL-Mariner Releases
1.0
2025-09-04T03:03:02
<p>Information published.</p>
2.0
2025-12-06T14:36:23
<p>Information published.</p>
3.0
2026-02-19T01:40:09
<p>Information published.</p>
4.0
2026-03-03T14:37:18
<p>Information published.</p>
Libxml: null pointer dereference leads to denial of service (dos)
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-49795
Expired Pointer Dereference
20212-17086
19618-17084
20622-17084
20604-17086
20212-17086
19618-17084
20622-17084
20604-17086
Moderate
20212-17086
Moderate
19618-17084
Moderate
20622-17084
Moderate
20604-17086
7.5
6.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
20212-17086
7.5
6.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
19618-17084
7.5
6.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
20622-17084
7.5
6.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
20604-17086
CBL-Mariner Releases
20212-17086
20604-17086
No
Security Update
2.10.4-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20212-17086
20604-17086
CBL-Mariner Releases
CBL-Mariner Releases
19618-17084
20622-17084
No
Security Update
2.11.5-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19618-17084
20622-17084
CBL-Mariner Releases
1.0
2025-09-04T03:44:32
<p>Information published.</p>
RabbitMQ Node can log Basic Auth header from an HTTP request
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-50200
Insertion of Sensitive Information into Log File
20623-17084
19440-17084
20623-17084
19440-17084
Moderate
20623-17084
Moderate
19440-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
20623-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
19440-17084
CBL-Mariner Releases
20623-17084
19440-17084
No
Security Update
3.13.7-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20623-17084
19440-17084
CBL-Mariner Releases
1.0
2025-09-04T04:09:13
<p>Information published.</p>
urllib3 does not control redirects in browsers and Node.js
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-50182
URL Redirection to Untrusted Site ('Open Redirect')
20346-17086
17714-17084
17305-17086
17667-17084
20346-17086
17714-17084
17305-17086
17667-17084
20346-17086
Moderate
17714-17084
Moderate
17305-17086
Moderate
17667-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
20346-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
17714-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
17305-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
17667-17084
1.0
2025-09-04T05:22:54
<p>Information published.</p>
2.0
2026-02-18T02:36:36
<p>Information published.</p>
powerpc/rtas: Fix RTAS MSR[HV] handling for Cell
Mariner
Linux
Yes
CVE-2022-49955
NULL Pointer Dereference
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-11-16T01:01:31
<p>Information published.</p>
2.0
2025-11-25T01:35:40
<p>Information published.</p>
bpf: Fix a data-race around bpf_jit_limit.
Mariner
Linux
Yes
CVE-2022-49967
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
17087-17086
17087-17086
Moderate
17087-17086
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
2.0
2025-11-18T01:37:32
<p>Information published.</p>
1.0
2025-11-16T01:01:42
<p>Information published.</p>
3.0
2025-11-25T01:35:46
<p>Information published.</p>
net: lantiq_xrx200: restore buffer if memory allocation failed
Mariner
Linux
Yes
CVE-2022-49997
Missing Release of Memory after Effective Lifetime
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-11-16T01:01:52
<p>Information published.</p>
2.0
2025-11-25T01:35:52
<p>Information published.</p>
ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot
Mariner
Linux
Yes
CVE-2022-50015
NULL Pointer Dereference
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
6.6
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U
17087-17086
6.6
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U
20925-17086
6.6
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U
21093-17086
2.0
2025-11-18T01:37:37
<p>Information published.</p>
4.0
2026-03-31T14:43:13
<p>Information published.</p>
1.0
2025-11-16T01:02:03
<p>Information published.</p>
3.0
2026-03-03T15:03:03
<p>Information published.</p>
f2fs: fix null-ptr-deref in f2fs_get_dnode_of_data
Mariner
Linux
Yes
CVE-2022-50009
NULL Pointer Dereference
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
2.0
2025-11-25T01:35:57
<p>Information published.</p>
1.0
2025-11-16T01:01:58
<p>Information published.</p>
ASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot
Mariner
Linux
Yes
CVE-2022-50016
NULL Pointer Dereference
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
3.0
2025-11-25T01:36:03
<p>Information published.</p>
1.0
2025-11-16T01:02:09
<p>Information published.</p>
2.0
2025-11-18T01:37:42
<p>Information published.</p>
net: mctp: Don't access ifa_index when missing
Mariner
Linux
Yes
CVE-2025-38006
Use of Uninitialized Resource
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-11-16T01:05:45
<p>Information published.</p>
2.0
2025-11-18T01:38:12
<p>Information published.</p>
3.0
2025-11-25T01:36:52
<p>Information published.</p>
dmaengine: idxd: Refactor remove call with idxd_cleanup() helper
Mariner
Linux
Yes
CVE-2025-38014
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-11-16T01:05:50
<p>Information published.</p>
2.0
2025-11-25T01:36:57
<p>Information published.</p>
net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null
Mariner
Linux
Yes
CVE-2022-50073
NULL Pointer Dereference
17087-17086
21093-17086
20925-17086
17087-17086
21093-17086
20925-17086
Moderate
17087-17086
Moderate
21093-17086
Moderate
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
1.0
2025-11-19T01:01:27
<p>Information published.</p>
2.0
2026-03-03T14:37:38
<p>Information published.</p>
3.0
2026-03-31T14:46:48
<p>Information published.</p>
tty: n_gsm: fix deadlock and link starvation in outgoing data path
Mariner
Linux
Yes
CVE-2022-50116
Improper Locking
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
2.0
2026-03-03T14:40:15
<p>Information published.</p>
3.0
2026-03-31T14:50:28
<p>Information published.</p>
1.0
2025-11-20T01:01:18
<p>Information published.</p>
Ruby WEBrick read_header HTTP Request Smuggling Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2025-6442
https://nvd.nist.gov/vuln/detail/CVE-2025-6442
https://nvd.nist.gov/vuln/detail/CVE-2025-6442
https://nvd.nist.gov/vuln/detail/CVE-2025-6442
https://nvd.nist.gov/vuln/detail/CVE-2025-6442
https://nvd.nist.gov/vuln/detail/CVE-2025-6442
https://nvd.nist.gov/vuln/detail/CVE-2025-6442
https://nvd.nist.gov/vuln/detail/CVE-2025-6442
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
zdi
Yes
CVE-2025-6442
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
12139
12140
12356
12357
20198-17084
20201-17086
20208-17086
20193-17084
12139
12140
12356
12357
20198-17084
20201-17086
20208-17086
20193-17084
12139
12140
12356
12357
Important
20198-17084
Important
20201-17086
Important
20208-17086
Important
20193-17084
6.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
12139
6.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
12140
6.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
12356
6.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
12357
7.7
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U
20198-17084
7.7
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U
20201-17086
7.7
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U
20208-17086
7.7
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U
20193-17084
ruby
12139
ruby-3.1.7-2.cm2.x86_64.rpm
0001-01-01T00:00:00
rubygems-3.3.26-2.cm2.noarch.rpm
0001-01-01T00:00:00
rubygems-devel-3.3.26-2.cm2.noarch.rpm
0001-01-01T00:00:00
CBL-Mariner
3.1.7-2
https://nvd.nist.gov/vuln/detail/CVE-2025-6442
12139
ruby
rubygem-webrick
12139
rubygem-webrick-1.7.0-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.7.0-2
https://nvd.nist.gov/vuln/detail/CVE-2025-6442
12139
rubygem-webrick
ruby
12140
ruby-3.1.7-2.cm2.aarch64.rpm
0001-01-01T00:00:00
rubygems-3.3.26-2.cm2.noarch.rpm
0001-01-01T00:00:00
rubygems-devel-3.3.26-2.cm2.noarch.rpm
0001-01-01T00:00:00
CBL-Mariner
3.1.7-2
https://nvd.nist.gov/vuln/detail/CVE-2025-6442
12140
ruby
rubygem-webrick
12140
rubygem-webrick-1.7.0-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.7.0-2
https://nvd.nist.gov/vuln/detail/CVE-2025-6442
12140
rubygem-webrick
ruby
12356
ruby-3.3.5-4.azl3.x86_64.rpm
0001-01-01T00:00:00
rubygems-3.5.22-4.azl3.noarch.rpm
0001-01-01T00:00:00
rubygems-devel-3.5.22-4.azl3.noarch.rpm
0001-01-01T00:00:00
ruby-debuginfo-3.3.5-4.azl3.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
3.3.5-4
https://nvd.nist.gov/vuln/detail/CVE-2025-6442
12356
ruby
rubygem-webrick
12356
rubygem-webrick-1.8.1-2.azl3.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.8.1-2
https://nvd.nist.gov/vuln/detail/CVE-2025-6442
12356
rubygem-webrick
ruby
12357
ruby-3.3.5-4.azl3.aarch64.rpm
0001-01-01T00:00:00
rubygems-3.5.22-4.azl3.noarch.rpm
0001-01-01T00:00:00
rubygems-devel-3.5.22-4.azl3.noarch.rpm
0001-01-01T00:00:00
ruby-debuginfo-3.3.5-4.azl3.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
3.3.5-4
https://nvd.nist.gov/vuln/detail/CVE-2025-6442
12357
ruby
rubygem-webrick
12357
rubygem-webrick-1.8.1-2.azl3.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.8.1-2
https://nvd.nist.gov/vuln/detail/CVE-2025-6442
12357
rubygem-webrick
CBL-Mariner Releases
20198-17084
No
Security Update
1.8.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20198-17084
CBL-Mariner Releases
CBL-Mariner Releases
20201-17086
No
Security Update
3.1.7-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20201-17086
CBL-Mariner Releases
CBL-Mariner Releases
20208-17086
No
Security Update
1.7.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20208-17086
CBL-Mariner Releases
CBL-Mariner Releases
20193-17084
No
Security Update
3.3.5-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20193-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2025-07-16T00:00:00
<p>Added ruby to CBL-Mariner 2.0
Added rubygem-webrick to CBL-Mariner 2.0
Added ruby to Azure Linux 3.0
Added rubygem-webrick to Azure Linux 3.0</p>
2.1
2026-02-18T01:12:22
<p>Information published.</p>
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2025-32462
19550-16823
19595-17084
20260-17086
19550-16823
19595-17084
20260-17086
Low
19550-16823
Low
19595-17084
Low
20260-17086
2.8
2.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
19550-16823
2.8
2.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
19595-17084
2.8
2.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
20260-17086
CBL-Mariner Releases
19550-16823
19595-17084
20260-17086
No
Security Update
1.9.17-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19550-16823
19595-17084
20260-17086
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2025-07-17T00:00:00
<p>Added sudo to CBL-Mariner 2.0
Added sudo to Azure Linux 3.0</p>
1.2
2026-02-18T01:23:11
<p>Information published.</p>
cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
canonical
Yes
CVE-2024-11584
Incorrect Permission Assignment for Critical Resource
19524-17084
20155-17084
19532-16823
20157-17086
19524-17084
20155-17084
19532-16823
20157-17086
Moderate
19524-17084
Moderate
20155-17084
Moderate
19532-16823
Moderate
20157-17086
5.9
5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19524-17084
5.9
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U
20155-17084
5.9
5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19532-16823
5.9
5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
20157-17086
CBL-Mariner Releases
19524-17084
20155-17084
No
Security Update
24.3.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19524-17084
20155-17084
CBL-Mariner Releases
CBL-Mariner Releases
19532-16823
20157-17086
No
Security Update
23.3-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19532-16823
20157-17086
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2025-07-15T00:00:00
<p>Added cloud-init to Azure Linux 3.0
Added cloud-init to CBL-Mariner 2.0</p>
2.1
2026-02-18T01:08:28
<p>Information published.</p>
Requests vulnerable to .netrc credentials leak via malicious URLs
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2024-47081
Insufficiently Protected Credentials
19530-17084
20231-17086
17667-17084
19849-17086
17171-17086
19539-16823
19530-17084
20231-17086
17667-17084
19849-17086
17171-17086
19539-16823
Moderate
19530-17084
Moderate
20231-17086
Moderate
17667-17084
19849-17086
Moderate
17171-17086
Moderate
19539-16823
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
19530-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
20231-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
17667-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
19849-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
17171-17086
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
19539-16823
CBL-Mariner Releases
19530-17084
No
Security Update
2.31.0-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19530-17084
CBL-Mariner Releases
CBL-Mariner Releases
20231-17086
19539-16823
No
Security Update
2.27.1-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20231-17086
19539-16823
CBL-Mariner Releases
CBL-Mariner Releases
17667-17084
19849-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17667-17084
19849-17086
CBL-Mariner Releases
2.0
2026-02-18T14:41:59
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
Usage of ExtKeyUsageAny disables policy validation in crypto/x509
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Go
Yes
CVE-2025-22874
19548-16823
20180-17084
18315-17084
19693-17084
17667-17084
19718-17086
20196-17086
19712-17086
19668-17086
18447-17086
19548-16823
20180-17084
18315-17084
19693-17084
17667-17084
19718-17086
20196-17086
19712-17086
19668-17086
18447-17086
Important
19548-16823
Important
20180-17084
Important
18315-17084
Important
19693-17084
Important
17667-17084
19718-17086
Important
20196-17086
Important
19712-17086
Important
19668-17086
Important
18447-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
19548-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
20180-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
18315-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
19693-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
17667-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
19718-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
20196-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
19712-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
19668-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
18447-17086
CBL-Mariner Releases
19548-16823
20196-17086
No
Security Update
1.24.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19548-16823
20196-17086
CBL-Mariner Releases
CBL-Mariner Releases
20180-17084
18315-17084
19693-17084
17667-17084
19718-17086
19712-17086
19668-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20180-17084
18315-17084
19693-17084
17667-17084
19718-17086
19712-17086
19668-17086
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2026-02-18T14:39:04
<p>Information published.</p>
Sudo before 1.9.17p1 allows local users to obtain root access
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2025-32463
19550-16823
19595-17084
20260-17086
19550-16823
19595-17084
20260-17086
Critical
19550-16823
Critical
19595-17084
Critical
20260-17086
9.3
9.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
19550-16823
9.3
9.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
19595-17084
9.3
9.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
20260-17086
CBL-Mariner Releases
19550-16823
19595-17084
20260-17086
No
Security Update
1.9.17-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19550-16823
19595-17084
20260-17086
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2025-07-17T00:00:00
<p>Added sudo to CBL-Mariner 2.0
Added sudo to Azure Linux 3.0</p>
1.2
2026-02-18T01:24:11
<p>Information published.</p>
net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38001
Loop with Unreachable Exit Condition ('Infinite Loop')
17085-17084
19880-17084
17085-17084
19880-17084
Important
17085-17084
Important
19880-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17085-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.0
2025-08-06T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:34:40
<p>Information published.</p>
can: bcm: add missing rcu read protection for procfs content
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38003
17085-17084
19880-17084
17085-17084
19880-17084
Moderate
17085-17084
Moderate
19880-17084
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.1
2026-02-18T14:35:46
<p>Information published.</p>
1.0
2025-08-06T00:00:00
<p>Information published.</p>
can: bcm: add locking for bcm_op runtime updates
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38004
17085-17084
19880-17084
17085-17084
19880-17084
Moderate
17085-17084
Moderate
19880-17084
6.3
6.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.0
2025-08-06T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:35:26
<p>Information published.</p>
vxlan: Annotate FDB data races
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38037
19880-17084
19880-17084
Low
19880-17084
1.9
1.9
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
19880-17084
CBL-Mariner Releases
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19880-17084
CBL-Mariner Releases
1.1
2026-02-18T14:53:46
<p>Information published.</p>
1.0
2025-08-06T00:00:00
<p>Information published.</p>
net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38039
19880-17084
17087-17086
19880-17084
17087-17086
Low
19880-17084
Moderate
17087-17086
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
19880-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-08-06T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:57:16
<p>Information published.</p>
serial: mctrl_gpio: split disable_ms into sync and no_sync APIs
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38040
17085-17084
19880-17084
17087-17086
20925-17086
21093-17086
17085-17084
19880-17084
17087-17086
20925-17086
21093-17086
Important
17085-17084
Important
19880-17084
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19880-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
2.0
2025-12-20T01:01:34
<p>Information published.</p>
2.1
2026-02-18T14:52:50
<p>Information published.</p>
3.0
2026-03-03T14:44:57
<p>Information published.</p>
4.0
2026-03-31T14:55:28
<p>Information published.</p>
1.0
2025-08-06T00:00:00
<p>Information published.</p>
wifi: iwlwifi: fix debug actions order
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38045
17085-17084
20925-17086
21093-17086
19880-17084
17087-17086
17085-17084
20925-17086
21093-17086
19880-17084
17087-17086
Low
17085-17084
Moderate
20925-17086
Moderate
21093-17086
Low
19880-17084
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
2.3
2.3
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
19880-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.0
2025-08-06T00:00:00
<p>Information published.</p>
2.0
2025-11-18T01:38:17
<p>Information published.</p>
2.1
2026-02-18T02:03:36
<p>Information published.</p>
4.0
2026-03-31T14:44:46
<p>Information published.</p>
3.0
2026-03-03T15:04:30
<p>Information published.</p>
virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38048
19880-17084
19880-17084
Low
19880-17084
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
19880-17084
1.1
2026-02-18T14:50:26
<p>Information published.</p>
1.0
2025-08-06T00:00:00
<p>Information published.</p>
net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38052
Use After Free
17085-17084
19880-17084
17085-17084
19880-17084
Moderate
17085-17084
Moderate
19880-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17085-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.1
2026-02-18T14:51:58
<p>Information published.</p>
1.0
2025-08-06T00:00:00
<p>Information published.</p>
__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38058
17085-17084
19880-17084
17085-17084
19880-17084
Low
17085-17084
Low
19880-17084
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.0
2025-08-06T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:52:12
<p>Information published.</p>
btrfs: avoid NULL pointer dereference if no valid csum tree
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38059
19880-17084
17087-17086
20925-17086
21093-17086
19880-17084
17087-17086
20925-17086
21093-17086
Moderate
19880-17084
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19880-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
CBL-Mariner Releases
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19880-17084
CBL-Mariner Releases
2.1
2026-02-18T14:55:44
<p>Information published.</p>
1.0
2025-08-06T00:00:00
<p>Information published.</p>
2.0
2025-11-18T01:38:22
<p>Information published.</p>
3.0
2026-03-03T14:36:05
<p>Information published.</p>
4.0
2026-03-31T14:45:11
<p>Information published.</p>
net: pktgen: fix access outside of user given buffer in pktgen_thread_write()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38061
19880-17084
19880-17084
Moderate
19880-17084
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
19880-17084
CBL-Mariner Releases
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19880-17084
CBL-Mariner Releases
1.0
2025-08-06T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:49:28
<p>Information published.</p>
orangefs: Do not truncate file size
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38065
19880-17084
19880-17084
Important
19880-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19880-17084
CBL-Mariner Releases
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19880-17084
CBL-Mariner Releases
1.1
2026-02-18T14:48:59
<p>Information published.</p>
1.0
2025-08-06T00:00:00
<p>Information published.</p>
crypto: lzo - Fix compression buffer overrun
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38068
17085-17084
19880-17084
17085-17084
19880-17084
Moderate
17085-17084
Moderate
19880-17084
7.8
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:U
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.0
2025-08-07T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:59:57
<p>Information published.</p>
libnvdimm/labels: Fix divide error in nd_label_data_init()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38072
17085-17084
19880-17084
17085-17084
19880-17084
Moderate
17085-17084
Moderate
19880-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.0
2025-08-07T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:53:00
<p>Information published.</p>
vhost-scsi: protect vq->log_used with vq->mutex
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38074
17087-17086
19529-17084
17087-17086
19529-17084
Moderate
17087-17086
Moderate
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
19529-17084
1.0
2025-08-07T00:00:00
<p>Information published.</p>
2.0
2025-12-19T01:01:40
<p>Information published.</p>
3.0
2026-01-13T01:40:09
<p>Information published.</p>
3.1
2026-02-18T14:56:21
<p>Information published.</p>
platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38077
19880-17084
19880-17084
Moderate
19880-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19880-17084
CBL-Mariner Releases
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19880-17084
CBL-Mariner Releases
1.0
2025-08-07T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:49:58
<p>Information published.</p>
drm/amd/display: Increase block_sequence array size
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38080
17085-17084
17087-17086
20925-17086
21093-17086
19880-17084
17085-17084
17087-17086
20925-17086
21093-17086
19880-17084
Important
17085-17084
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
Important
19880-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
2.0
2025-11-18T01:38:37
<p>Information published.</p>
2.1
2026-02-18T14:43:19
<p>Information published.</p>
4.0
2026-03-31T14:45:35
<p>Information published.</p>
1.0
2025-08-07T00:00:00
<p>Information published.</p>
3.0
2026-03-03T14:36:43
<p>Information published.</p>
spi-rockchip: Fix register out of bounds access
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38081
Out-of-bounds Read
17085-17084
19880-17084
17087-17086
21093-17086
20925-17086
17085-17084
19880-17084
17087-17086
21093-17086
20925-17086
Moderate
17085-17084
Moderate
19880-17084
Important
17087-17086
Important
21093-17086
Important
20925-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17085-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
19880-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17087-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
21093-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20925-17086
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.0
2025-08-07T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:54:29
<p>Information published.</p>
2.0
2026-03-03T14:37:00
<p>Information published.</p>
3.0
2026-03-31T14:45:59
<p>Information published.</p>
net_sched: prio: fix a race in prio_tune()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38083
17085-17084
19880-17084
17085-17084
19880-17084
Important
17085-17084
Important
19880-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.0
2025-08-07T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:29:40
<p>Information published.</p>
mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38085
17085-17084
19880-17084
17085-17084
19880-17084
Moderate
17085-17084
Moderate
19880-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.0
2025-08-07T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:13:38
<p>Information published.</p>
net: ch9200: fix uninitialised access during mii_nway_restart
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38086
Use of Uninitialized Resource
17085-17084
19880-17084
17085-17084
19880-17084
Moderate
17085-17084
Moderate
19880-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17085-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.0
2025-08-07T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:14:16
<p>Information published.</p>
net/sched: fix use-after-free in taprio_dev_notifier
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38087
17085-17084
19880-17084
17085-17084
19880-17084
Moderate
17085-17084
Moderate
19880-17084
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.1
2026-02-18T01:16:48
<p>Information published.</p>
1.0
2025-08-07T00:00:00
<p>Information published.</p>
powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38088
19529-17084
19529-17084
Moderate
19529-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
19529-17084
1.1
2026-02-18T01:16:08
<p>Information published.</p>
1.0
2025-08-07T00:00:00
<p>Information published.</p>
Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
PSF
Yes
CVE-2025-4138
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
19533-16823
17667-17084
19681-17086
17604-17084
19533-16823
17667-17084
19681-17086
17604-17084
Important
19533-16823
Important
17667-17084
Important
19681-17086
Important
17604-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19533-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
17667-17084
8.1
7.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U
19681-17086
8.1
7.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U
17604-17084
CBL-Mariner Releases
19533-16823
19681-17086
No
Security Update
3.9.19-14
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19533-16823
19681-17086
CBL-Mariner Releases
CBL-Mariner Releases
17667-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17667-17084
CBL-Mariner Releases
CBL-Mariner Releases
17604-17084
No
Security Update
3.12.9-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17604-17084
CBL-Mariner Releases
2.0
2025-07-18T00:00:00
<p>Added python3 to CBL-Mariner 2.0
Added python3 to Azure Linux 3.0</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.1
2026-02-19T01:41:53
<p>Information published.</p>
Extraction filter bypass for linking outside extraction directory
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
PSF
Yes
CVE-2025-4330
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
19533-16823
17667-17084
17604-17084
19681-17086
19533-16823
17667-17084
17604-17084
19681-17086
Important
19533-16823
Important
17667-17084
Important
17604-17084
Important
19681-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
19533-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
17667-17084
8.1
7.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U
17604-17084
8.1
7.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U
19681-17086
CBL-Mariner Releases
19533-16823
19681-17086
No
Security Update
3.9.19-14
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19533-16823
19681-17086
CBL-Mariner Releases
CBL-Mariner Releases
17604-17084
No
Security Update
3.12.9-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17604-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.1
2026-02-19T01:41:05
<p>Information published.</p>
2.0
2025-07-18T00:00:00
<p>Added python3 to CBL-Mariner 2.0
Added python3 to Azure Linux 3.0</p>
Arbitrary writes via tarfile realpath overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
PSF
Yes
CVE-2025-4517
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
19533-16823
19601-17084
19681-17086
17667-17084
19533-16823
19601-17084
19681-17086
17667-17084
Important
19533-16823
Important
19601-17084
Important
19681-17086
Important
17667-17084
9.4
9.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
19533-16823
8.8
8.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U
19601-17084
8.8
8.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U
19681-17086
8.8
8.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U
17667-17084
CBL-Mariner Releases
19533-16823
19681-17086
No
Security Update
3.9.19-14
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19533-16823
19681-17086
CBL-Mariner Releases
CBL-Mariner Releases
19601-17084
No
Security Update
3.12.9-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19601-17084
CBL-Mariner Releases
CBL-Mariner Releases
17667-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17667-17084
CBL-Mariner Releases
2.1
2026-02-19T01:42:12
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2025-07-18T00:00:00
<p>Added python3 to CBL-Mariner 2.0
Added python3 to Azure Linux 3.0</p>
Sensitive headers not cleared on cross-origin redirect in net/http
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Go
Yes
CVE-2025-4673
19548-16823
19606-17084
19755-17086
20123-17086
20138-17084
19693-17084
17667-17084
19718-17086
20196-17086
19712-17086
19668-17086
20387-17086
18447-17086
20145-17084
18315-17084
19548-16823
19606-17084
19755-17086
20123-17086
20138-17084
19693-17084
17667-17084
19718-17086
20196-17086
19712-17086
19668-17086
20387-17086
18447-17086
20145-17084
18315-17084
Moderate
19548-16823
Moderate
19606-17084
Moderate
19755-17086
20123-17086
Moderate
20138-17084
Moderate
19693-17084
Moderate
17667-17084
19718-17086
Moderate
20196-17086
Moderate
19712-17086
Moderate
19668-17086
Moderate
20387-17086
Moderate
18447-17086
Moderate
20145-17084
Moderate
18315-17084
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
19548-16823
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
19606-17084
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
19755-17086
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
20123-17086
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
20138-17084
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
19693-17084
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
17667-17084
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
19718-17086
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
20196-17086
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
19712-17086
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
19668-17086
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
20387-17086
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
18447-17086
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
20145-17084
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
18315-17084
CBL-Mariner Releases
19548-16823
20196-17086
No
Security Update
1.24.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19548-16823
20196-17086
CBL-Mariner Releases
CBL-Mariner Releases
19606-17084
No
Security Update
1.23.10-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19606-17084
CBL-Mariner Releases
CBL-Mariner Releases
19755-17086
No
Security Update
1.18.8-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19755-17086
CBL-Mariner Releases
CBL-Mariner Releases
20123-17086
20387-17086
No
Security Update
1.22.7-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20123-17086
20387-17086
CBL-Mariner Releases
CBL-Mariner Releases
20138-17084
19693-17084
17667-17084
19718-17086
19712-17086
19668-17086
20145-17084
18315-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20138-17084
19693-17084
17667-17084
19718-17086
19712-17086
19668-17086
20145-17084
18315-17084
CBL-Mariner Releases
2.0
2026-02-18T14:41:09
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
Nbdkit: nbdkit-server: off-by-one error when processing block status may lead to a denial of service
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-47711
Off-by-one Error
19563-16823
19610-17084
20266-17086
19563-16823
19610-17084
20266-17086
Moderate
19563-16823
Moderate
19610-17084
Moderate
20266-17086
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
19563-16823
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
19610-17084
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
20266-17086
CBL-Mariner Releases
19563-16823
20266-17086
No
Security Update
1.35.3-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19563-16823
20266-17086
CBL-Mariner Releases
CBL-Mariner Releases
19610-17084
No
Security Update
1.35.3-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19610-17084
CBL-Mariner Releases
1.1
2026-02-18T14:50:03
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
Nbd: nbdkit: integer overflow triggers an assertion resulting in denial of service
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-47712
Integer Overflow or Wraparound
19563-16823
19610-17084
20266-17086
19563-16823
19610-17084
20266-17086
Moderate
19563-16823
Moderate
19610-17084
Moderate
20266-17086
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
19563-16823
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
19610-17084
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
20266-17086
CBL-Mariner Releases
19563-16823
20266-17086
No
Security Update
1.35.3-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19563-16823
20266-17086
CBL-Mariner Releases
CBL-Mariner Releases
19610-17084
No
Security Update
1.35.3-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19610-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:49:21
<p>Information published.</p>
tar-fs has issue where extract can write outside the specified dir with a specific tarball
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-48387
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
19542-16823
20124-17086
19542-16823
20124-17086
Important
19542-16823
Important
20124-17086
8.2
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U
20124-17086
CBL-Mariner Releases
19542-16823
20124-17086
No
Security Update
3.1.1-19
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19542-16823
20124-17086
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-19T01:39:45
<p>Information published.</p>
setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2025-49112
19592-17084
19592-17084
Low
19592-17084
3.1
2.9
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U
19592-17084
CBL-Mariner Releases
19592-17084
No
Security Update
8.0.3-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19592-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: out-of-bounds read in x rendering extension animated cursors
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-49175
Out-of-bounds Read
19615-17084
20351-17086
20749-17084
19615-17084
20351-17086
20749-17084
Moderate
19615-17084
Moderate
20351-17086
Moderate
20749-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19615-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20351-17086
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
20749-17084
CBL-Mariner Releases
19615-17084
No
Security Update
24.1.6-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19615-17084
CBL-Mariner Releases
CBL-Mariner Releases
20351-17086
No
Security Update
1.20.10-16
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20351-17086
CBL-Mariner Releases
2.1
2026-02-18T02:33:47
<p>Information published.</p>
1.0
2025-08-06T00:00:00
<p>Information published.</p>
2.0
2025-12-12T01:02:48
<p>Information published.</p>
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-49176
Integer Overflow or Wraparound
20351-17086
20749-17084
20351-17086
20749-17084
Moderate
20351-17086
Important
20749-17084
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
20351-17086
7.3
7.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
20749-17084
CBL-Mariner Releases
20351-17086
No
Security Update
1.20.10-16
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20351-17086
CBL-Mariner Releases
2.1
2026-02-18T02:32:55
<p>Information published.</p>
1.0
2025-08-06T00:00:00
<p>Information published.</p>
2.0
2025-12-12T01:03:03
<p>Information published.</p>
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: data leak in xfixes extension's xfixessetclientdisconnectmode
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-49177
Exposure of Sensitive Information to an Unauthorized Actor
19615-17084
20749-17084
19615-17084
20749-17084
Moderate
19615-17084
Moderate
20749-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
19615-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
20749-17084
CBL-Mariner Releases
19615-17084
No
Security Update
24.1.6-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19615-17084
CBL-Mariner Releases
1.0
2025-08-07T00:00:00
<p>Information published.</p>
2.0
2025-12-12T01:02:58
<p>Information published.</p>
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x record extension
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-49179
Integer Overflow or Wraparound
19615-17084
20749-17084
20351-17086
19615-17084
20749-17084
20351-17086
Moderate
19615-17084
Important
20749-17084
Moderate
20351-17086
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
19615-17084
7.3
7.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
20749-17084
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
20351-17086
CBL-Mariner Releases
19615-17084
No
Security Update
24.1.6-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19615-17084
CBL-Mariner Releases
CBL-Mariner Releases
20351-17086
No
Security Update
1.20.10-16
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20351-17086
CBL-Mariner Releases
2.0
2025-12-12T01:02:52
<p>Information published.</p>
2.1
2026-02-18T02:34:42
<p>Information published.</p>
1.0
2025-08-06T00:00:00
<p>Information published.</p>
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-49180
Integer Overflow or Wraparound
19615-17084
20749-17084
20351-17086
19615-17084
20749-17084
20351-17086
Moderate
19615-17084
Important
20749-17084
Moderate
20351-17086
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
19615-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20749-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
20351-17086
CBL-Mariner Releases
19615-17084
No
Security Update
24.1.6-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19615-17084
CBL-Mariner Releases
CBL-Mariner Releases
20351-17086
No
Security Update
1.20.10-16
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20351-17086
CBL-Mariner Releases
2.0
2025-12-12T01:03:13
<p>Information published.</p>
3.0
2025-12-16T01:36:59
<p>Information published.</p>
3.1
2026-02-18T02:30:58
<p>Information published.</p>
1.0
2025-08-06T00:00:00
<p>Information published.</p>
Libxml: heap use after free (uaf) leads to denial of service (dos)
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-49794
Expired Pointer Dereference
19569-16823
19618-17084
20212-17086
19569-16823
19618-17084
20212-17086
Critical
19569-16823
Critical
19618-17084
Critical
20212-17086
9.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
19569-16823
9.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
19618-17084
9.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
20212-17086
CBL-Mariner Releases
19569-16823
20212-17086
No
Security Update
2.10.4-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19569-16823
20212-17086
CBL-Mariner Releases
CBL-Mariner Releases
19618-17084
No
Security Update
2.11.5-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19618-17084
CBL-Mariner Releases
1.0
2025-07-29T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:17:52
<p>Information published.</p>
Libxml: type confusion leads to denial of service (dos)
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-49796
Out-of-bounds Read
19569-16823
19618-17084
20212-17086
19569-16823
19618-17084
20212-17086
Critical
19569-16823
Critical
19618-17084
Critical
20212-17086
9.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
19569-16823
9.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
19618-17084
9.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
20212-17086
CBL-Mariner Releases
19569-16823
20212-17086
No
Security Update
2.10.4-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19569-16823
20212-17086
CBL-Mariner Releases
CBL-Mariner Releases
19618-17084
No
Security Update
2.11.5-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19618-17084
CBL-Mariner Releases
1.0
2025-07-29T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:16:31
<p>Information published.</p>
Potential heap-buffer overflow vulnerability in NotepadNext
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GovTech CSG
Yes
CVE-2025-52939
Out-of-bounds Write
19573-16823
19814-17086
19573-16823
19814-17086
Critical
19573-16823
Critical
19814-17086
CBL-Mariner Releases
19573-16823
19814-17086
No
Security Update
16.2.10-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19573-16823
19814-17086
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:18:53
<p>Information published.</p>
Possible denial of service when passing malformed data in a URL to qDecodeDataUrl
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
TQtC
Yes
CVE-2025-5455
Improper Input Validation
19626-17084
20185-17086
19626-17084
20185-17086
Moderate
19626-17084
Moderate
20185-17086
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U
19626-17084
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U
20185-17086
CBL-Mariner Releases
19626-17084
No
Security Update
6.6.3-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19626-17084
CBL-Mariner Releases
CBL-Mariner Releases
20185-17086
No
Security Update
5.12.11-18
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20185-17086
CBL-Mariner Releases
1.0
2025-08-06T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:10:32
<p>Information published.</p>
Users: `root` appended to group listings
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-5791
Incorrect Privilege Assignment
20253-17084
19695-17086
20421-17084
20824-17084
20971-17084
21252-17084
19711-17084
20126-17086
21129-17084
20253-17084
19695-17086
20421-17084
20824-17084
20971-17084
21252-17084
19711-17084
20126-17086
21129-17084
20253-17084
Important
19695-17086
Moderate
20421-17084
Moderate
20824-17084
Moderate
20971-17084
Moderate
21252-17084
Important
19711-17084
Moderate
20126-17086
Moderate
21129-17084
7.1
6.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P
20253-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
19695-17086
7.1
6.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P
20421-17084
7.1
6.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P
20824-17084
7.1
6.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P
20971-17084
7.1
6.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P
21252-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
19711-17084
7.1
6.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P
20126-17086
7.1
6.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P
21129-17084
CBL-Mariner Releases
20126-17086
No
Security Update
3.2.0.azl2-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20126-17086
CBL-Mariner Releases
2.0
2026-01-20T14:50:51
<p>Information published.</p>
2.1
2026-02-18T14:47:20
<p>Information published.</p>
3.0
2026-03-04T14:45:28
<p>Information published.</p>
4.0
2026-03-31T15:18:51
<p>Information published.</p>
5.0
2026-04-29T14:56:26
<p>Information published.</p>
1.0
2025-08-06T00:00:00
<p>Information published.</p>
Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-6021
Stack-based Buffer Overflow
19569-16823
19618-17084
20212-17086
19569-16823
19618-17084
20212-17086
Moderate
19569-16823
Moderate
19618-17084
Moderate
20212-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19569-16823
7.5
6.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
19618-17084
7.5
6.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
20212-17086
CBL-Mariner Releases
19569-16823
20212-17086
No
Security Update
2.10.4-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19569-16823
20212-17086
CBL-Mariner Releases
CBL-Mariner Releases
19618-17084
No
Security Update
2.11.5-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19618-17084
CBL-Mariner Releases
1.0
2025-07-29T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:19:57
<p>Information published.</p>
HTMLParser quadratic complexity when processing malformed inputs
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
PSF
Yes
CVE-2025-6069
Inefficient Regular Expression Complexity
19533-16823
19628-17084
19681-17086
17667-17084
19533-16823
19628-17084
19681-17086
17667-17084
Moderate
19533-16823
Moderate
19628-17084
Moderate
19681-17086
Moderate
17667-17084
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
19533-16823
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
19628-17084
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
19681-17086
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
17667-17084
CBL-Mariner Releases
19533-16823
19681-17086
No
Security Update
3.9.19-14
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19533-16823
19681-17086
CBL-Mariner Releases
CBL-Mariner Releases
19628-17084
No
Security Update
3.12.9-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19628-17084
CBL-Mariner Releases
CBL-Mariner Releases
17667-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17667-17084
CBL-Mariner Releases
1.0
2025-07-18T00:00:00
<p>Information published.</p>
2.0
2025-08-07T00:00:00
<p>Added python3 to Azure Linux 3.0
Added python3 to CBL-Mariner 2.0</p>
2.1
2026-02-18T02:27:44
<p>Information published.</p>
spdlog pattern_formatter-inl.h scoped_padder resource consumption
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-6140
Uncontrolled Resource Consumption
19629-17084
19629-17084
Moderate
19629-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
19629-17084
CBL-Mariner Releases
19629-17084
No
Security Update
1.9.8-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19629-17084
CBL-Mariner Releases
1.0
2025-08-06T00:00:00
<p>Information published.</p>
HDF5 H5FSsection.c H5FS__sect_find_node heap-based overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-6270
Heap-based Buffer Overflow
17741-17084
20755-17084
19980-17086
17336-17086
20762-17086
17741-17084
20755-17084
19980-17086
17336-17086
20762-17086
Moderate
17741-17084
Moderate
20755-17084
19980-17086
Moderate
17336-17086
Moderate
20762-17086
5.3
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
17741-17084
5.3
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
20755-17084
5.3
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
19980-17086
5.3
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
17336-17086
5.3
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
20762-17086
3.0
2026-01-08T14:39:19
<p>Information published.</p>
1.0
2025-09-03T21:56:58
<p>Information published.</p>
2.0
2026-01-02T14:37:38
<p>Information published.</p>
HDF5 H5Fint.c H5F_addr_decode_len heap-based overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-6516
Heap-based Buffer Overflow
19980-17086
17741-17084
17336-17086
19980-17086
17741-17084
17336-17086
19980-17086
Moderate
17741-17084
Moderate
17336-17086
5.3
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P
19980-17086
5.3
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P
17741-17084
5.3
5.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P
17336-17086
1.0
2025-09-03T22:29:38
<p>Information published.</p>
HDF5 H5Ochunk.c H5O__chunk_protect heap-based overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-6818
Heap-based Buffer Overflow
19980-17086
17741-17084
17336-17086
20762-17086
20755-17084
19980-17086
17741-17084
17336-17086
20762-17086
20755-17084
19980-17086
Moderate
17741-17084
Moderate
17336-17086
Moderate
20762-17086
Moderate
20755-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
19980-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17741-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17336-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
20762-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
20755-17084
CBL-Mariner Releases
17741-17084
17336-17086
20762-17086
20755-17084
No
Security Update
1.14.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17741-17084
17336-17086
20762-17086
20755-17084
CBL-Mariner Releases
1.0
2025-09-03T23:20:07
<p>Information published.</p>
3.0
2025-12-20T01:37:18
<p>Information published.</p>
2.0
2025-12-16T01:36:57
<p>Information published.</p>
4.0
2026-01-02T14:37:55
<p>Information published.</p>
5.0
2026-01-08T14:39:53
<p>Information published.</p>
Libarchive: heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-5915
Heap-based Buffer Overflow
19277-17084
19704-17086
20388-17086
20422-17084
19277-17084
19704-17086
20388-17086
20422-17084
19277-17084
19704-17086
Low
20388-17086
Low
20422-17084
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
19277-17084
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
19704-17086
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
20388-17086
3.9
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
20422-17084
CBL-Mariner Releases
19277-17084
20422-17084
No
Security Update
3.7.7-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19277-17084
20422-17084
CBL-Mariner Releases
CBL-Mariner Releases
19704-17086
20388-17086
No
Security Update
3.6.1-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19704-17086
20388-17086
CBL-Mariner Releases
1.0
2025-09-03T23:53:33
<p>Information published.</p>
block: fix race between set_blocksize and read paths
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38073
20613-17084
17087-17086
19683-17084
20412-17084
20553-17084
20613-17084
17087-17086
19683-17084
20412-17084
20553-17084
Moderate
20613-17084
Moderate
17087-17086
19683-17084
Moderate
20412-17084
Moderate
20553-17084
5.8
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
20613-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.8
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
19683-17084
5.8
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
20412-17084
5.8
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
20553-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
1.0
2025-09-04T00:52:22
<p>Information published.</p>
2.0
2025-11-18T01:38:32
<p>Information published.</p>
3.0
2025-12-07T01:41:22
<p>Information published.</p>
rseq: Fix segfault on registration when rseq_cs is non-zero
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38067
20412-17084
19683-17084
17087-17086
20412-17084
19683-17084
17087-17086
Moderate
20412-17084
19683-17084
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
CBL-Mariner Releases
20412-17084
No
Security Update
6.6.104.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20412-17084
CBL-Mariner Releases
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
3.0
2026-02-24T14:37:05
<p>Information published.</p>
1.0
2025-09-04T01:00:44
<p>Information published.</p>
2.0
2025-12-19T01:01:30
<p>Information published.</p>
virtio: break and reset virtio devices on device_shutdown()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38064
19683-17084
20553-17084
20613-17084
20860-17084
20956-17084
21094-17084
21093-17086
21248-17084
21332-17084
20412-17084
17087-17086
20725-17084
20788-17084
20823-17084
20925-17086
21308-17084
21344-17084
19683-17084
20553-17084
20613-17084
20860-17084
20956-17084
21094-17084
21093-17086
21248-17084
21332-17084
20412-17084
17087-17086
20725-17084
20788-17084
20823-17084
20925-17086
21308-17084
21344-17084
19683-17084
Moderate
20553-17084
Moderate
20613-17084
Moderate
20860-17084
Moderate
20956-17084
Moderate
21094-17084
Moderate
21093-17086
Moderate
21248-17084
Moderate
21332-17084
Moderate
20412-17084
Moderate
17087-17086
Moderate
20725-17084
Moderate
20788-17084
Moderate
20823-17084
Moderate
20925-17086
Moderate
21308-17084
Moderate
21344-17084
6.7
6.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
19683-17084
6.7
6.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
20553-17084
6.7
6.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
20613-17084
6.7
6.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
20860-17084
6.7
6.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
20956-17084
6.7
6.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
21094-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
6.7
6.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
21248-17084
6.7
6.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
21332-17084
6.7
6.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
6.7
6.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
20725-17084
6.7
6.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
20788-17084
6.7
6.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
6.7
6.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
21308-17084
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
21344-17084
3.0
2025-12-07T01:41:42
<p>Information published.</p>
4.0
2026-01-08T14:38:32
<p>Information published.</p>
5.0
2026-01-20T14:51:16
<p>Information published.</p>
6.0
2026-02-18T14:47:58
<p>Information published.</p>
8.0
2026-03-04T14:45:41
<p>Information published.</p>
9.0
2026-03-31T15:19:18
<p>Information published.</p>
10.0
2026-04-29T14:56:50
<p>Information published.</p>
13.1
2026-05-22T01:44:59
<p>Information published.</p>
1.0
2025-09-04T01:11:55
<p>Information published.</p>
2.0
2025-11-18T01:38:27
<p>Information published.</p>
7.0
2026-03-03T14:36:24
<p>Information published.</p>
11.0
2026-05-06T14:50:40
<p>Information published.</p>
12.0
2026-05-11T01:48:43
<p>Information published.</p>
13.0
2026-05-17T14:49:42
<p>Information published.</p>
gpio: virtuser: fix potential out-of-bound write
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38082
19529-17084
19529-17084
19529-17084
1.0
2025-09-04T01:55:27
<p>Information published.</p>
dmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-38042
17087-17086
17085-17084
17087-17086
17085-17084
Moderate
17087-17086
Important
17085-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17085-17084
1.0
2025-09-04T02:03:55
<p>Information published.</p>
2.1
2026-02-18T01:52:20
<p>Information published.</p>
2.0
2025-11-25T01:37:05
<p>Information published.</p>
arm64: set UXN on swapper page tables
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-50230
20412-17084
17087-17086
21093-17086
19683-17084
20925-17086
20412-17084
17087-17086
21093-17086
19683-17084
20925-17086
Moderate
20412-17084
Moderate
17087-17086
Moderate
21093-17086
19683-17084
Moderate
20925-17086
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
1.0
2025-09-04T02:27:11
<p>Information published.</p>
2.0
2025-11-21T01:01:34
<p>Information published.</p>
2.1
2026-02-18T01:58:55
<p>Information published.</p>
3.0
2026-03-03T14:43:49
<p>Information published.</p>
4.0
2026-03-31T14:54:19
<p>Information published.</p>
GNU ncurses parse_entry.c postprocess_termcap stack-based overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-6141
Stack-based Buffer Overflow
19855-17084
19855-17084
Moderate
19855-17084
3.3
3.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C
19855-17084
CBL-Mariner Releases
19855-17084
No
Security Update
6.4-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19855-17084
CBL-Mariner Releases
1.0
2025-09-04T03:58:14
<p>Information published.</p>
2.0
2026-03-28T14:36:13
<p>Information published.</p>
Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
CPANSec
Yes
CVE-2025-40914
Dependency on Vulnerable Third-Party Component
18110-17084
18102-17086
20341-17086
18110-17084
18102-17086
20341-17086
Critical
18110-17084
Critical
18102-17086
20341-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18110-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18102-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20341-17086
CBL-Mariner Releases
18110-17084
20341-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18110-17084
20341-17086
CBL-Mariner Releases
2.0
2026-02-18T02:22:44
<p>Information published.</p>
1.0
2025-09-04T04:05:27
<p>Information published.</p>
webpack-dev-server users' source code may be stolen when they access a malicious web site
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-30359
Exposed Dangerous Method or Function
19693-17084
19693-17084
Moderate
19693-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
19693-17084
1.1
2026-02-19T01:40:18
<p>Information published.</p>
1.0
2025-09-04T04:45:07
<p>Information published.</p>
webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-30360
Origin Validation Error
19693-17084
19693-17084
Moderate
19693-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
19693-17084
1.0
2025-09-04T05:10:20
<p>Information published.</p>
1.1
2026-02-19T01:41:14
<p>Information published.</p>
net/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY
Mariner
Linux
Yes
CVE-2022-50002
NULL Pointer Dereference
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-11-15T01:01:51
<p>Information published.</p>
2.0
2025-11-25T01:35:35
<p>Information published.</p>
dma-buf/dma-resv: check if the new fence is really later
Mariner
Linux
Yes
CVE-2022-49935
Use After Free
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
Important
20925-17086
Important
21093-17086
Important
17087-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20925-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21093-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
1.0
2025-11-16T01:01:22
<p>Information published.</p>
2.0
2026-03-03T15:02:10
<p>Information published.</p>
3.0
2026-03-31T14:41:54
<p>Information published.</p>
bpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO
Mariner
Linux
Yes
CVE-2022-49961
Out-of-bounds Read
17087-17086
21093-17086
20925-17086
17087-17086
21093-17086
20925-17086
Moderate
17087-17086
Moderate
21093-17086
Moderate
20925-17086
6.0
6.0
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
17087-17086
6.0
6.0
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
21093-17086
6.0
6.0
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
20925-17086
1.0
2025-11-16T01:01:36
<p>Information published.</p>
2.0
2026-03-03T15:02:28
<p>Information published.</p>
3.0
2026-03-31T14:42:20
<p>Information published.</p>
USB: gadget: Fix use-after-free Read in usb_udc_uevent()
Mariner
Linux
Yes
CVE-2022-49980
Use After Free
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
Important
20925-17086
Important
21093-17086
Important
17087-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20925-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21093-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
3.0
2026-03-31T14:42:46
<p>Information published.</p>
1.0
2025-11-16T01:01:47
<p>Information published.</p>
2.0
2026-03-03T15:02:47
<p>Information published.</p>
mptcp: do not queue data on closed subflows
Mariner
Linux
Yes
CVE-2022-50070
17087-17086
17087-17086
Important
17087-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
1.0
2025-11-19T01:01:17
<p>Information published.</p>
2.0
2026-02-24T14:35:55
<p>Information published.</p>
mptcp: move subflow cleanup in mptcp_destroy_common()
Mariner
Linux
Yes
CVE-2022-50071
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2025-11-19T01:01:22
<p>Information published.</p>
3.0
2026-03-31T14:46:23
<p>Information published.</p>
2.0
2026-03-03T14:37:20
<p>Information published.</p>
Bluetooth: When HCI work queue is drained, only queue chained work
Mariner
Linux
Yes
CVE-2022-50166
Improper Locking
17087-17086
21093-17086
20925-17086
17087-17086
21093-17086
20925-17086
Moderate
17087-17086
Moderate
21093-17086
Moderate
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
1.0
2025-11-19T01:01:33
<p>Information published.</p>
3.0
2026-03-31T14:47:13
<p>Information published.</p>
2.0
2026-03-03T14:37:55
<p>Information published.</p>
bpf: fix potential 32-bit overflow when accessing ARRAY map element
Mariner
Linux
Yes
CVE-2022-50167
Integer Overflow or Wraparound
17087-17086
21093-17086
20925-17086
17087-17086
21093-17086
20925-17086
Moderate
17087-17086
Moderate
21093-17086
Moderate
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
1.0
2025-11-19T01:01:38
<p>Information published.</p>
3.0
2026-03-31T14:47:43
<p>Information published.</p>
2.0
2026-03-03T14:38:12
<p>Information published.</p>
ax25: fix incorrect dev_tracker usage
Mariner
Linux
Yes
CVE-2022-50163
17087-17086
17087-17086
Important
17087-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
1.0
2025-11-20T01:01:24
<p>Information published.</p>
2.0
2025-11-25T01:37:53
<p>Information published.</p>
ARM: dts: qcom: replace gcc PXO with pxo_board fixed clock
Mariner
Linux
Yes
CVE-2022-50195
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-11-21T01:01:24
<p>Information published.</p>
2.0
2025-11-25T01:38:15
<p>Information published.</p>
KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT
Mariner
Linux
Yes
CVE-2022-50224
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2025-11-21T01:01:30
<p>Information published.</p>
2.0
2026-03-03T14:43:30
<p>Information published.</p>
3.0
2026-03-31T14:53:56
<p>Information published.</p>
jq heap use after free vulnerability in f_strflocaltime
Mariner
GitHub_M
Yes
CVE-2025-49014
Use After Free
19612-17084
20607-17086
19612-17084
20607-17086
Moderate
19612-17084
Moderate
20607-17086
1.0
2025-12-31T01:01:30
<p>Information published.</p>
Microsoft Word Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>Are the updates for the Microsoft 365 for Office currently available?</strong></p>
<p>The security update for Microsoft 365 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
Microsoft Office Word
Microsoft
Yes
CVE-2025-47957
Use After Free
11762
11763
11952
11953
12420
12421
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Important
11762
Important
11763
Important
11952
Important
11953
Important
12420
Important
12421
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
Click to Run
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates
11762
11763
11952
11953
12420
12421
Click to Run
Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a>
2.0
2025-06-10T00:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the <a href="https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates">Release Notes</a> for more information.</p>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Schannel Remote Code Execution Vulnerability
<p>Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to send a large number of messages.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>An attacker can exploit this vulnerability by sending malicious fragmented ClientHello messages to a target server that accepts Transport Layer Security (TLS) connections.</p>
Windows Cryptographic Services
Microsoft
Yes
CVE-2025-29828
Missing Release of Memory after Effective Lifetime
11923
11924
12085
12086
12437
12242
12243
12244
12389
12390
12436
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Critical
11923
Critical
11924
Critical
12085
Critical
12086
Critical
12437
Critical
12242
Critical
12243
Critical
12244
Critical
12389
Critical
12390
Critical
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
Anonymous
1.0
2025-06-10T00:00:00
<p>Information published.</p>
.NET and Visual Studio Remote Code Execution Vulnerability
<p>Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>This attack requires a victim to perform a specific action, such as copying files or executing a command, and for an attacker with appropriate access to have pre-planted malicious files with knowledge of where they should be placed on the victim's system.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires a specially crafted file to be placed either in an online directory or in a local network location. When a victim runs this file, it loads the malicious DLL.</p>
.NET and Visual Studio
Microsoft
Yes
CVE-2025-30399
Untrusted Search Path
12262
16787
12414
12415
12416
12432
12433
12434
12459
12271
12322
16767
Remote Code Execution
12262
Remote Code Execution
16787
Remote Code Execution
12414
Remote Code Execution
12415
Remote Code Execution
12416
Remote Code Execution
12432
Remote Code Execution
12433
Remote Code Execution
12434
Remote Code Execution
12459
Remote Code Execution
12271
Remote Code Execution
12322
Remote Code Execution
16767
Important
12262
Important
16787
Important
12414
Important
12415
Important
12416
Important
12432
Important
12433
Important
12434
Important
12459
Important
12271
Important
12322
Important
16767
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12262
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16787
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12414
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12415
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12416
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12432
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12433
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12434
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12459
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12271
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12322
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16767
Release Notes
https://github.com/PowerShell/Announcements/issues/77
12262
Maybe
7.4.11
https://github.com/PowerShell/Announcements/issues/77
12262
Release Notes
Release Notes
https://github.com/PowerShell/Announcements/issues/77
16787
Maybe
Security Update
7.5.2
https://github.com/PowerShell/Announcements/issues/77
16787
Release Notes
5061935
https://dotnet.microsoft.com/en-us/download/dotnet/8.0
12414
12415
12416
Maybe
Security Update
8.0.17
https://support.microsoft.com/help/5061935
12414
12415
12416
5061935
5061936
https://dotnet.microsoft.com/en-us/download/dotnet/9.0
12432
12433
12434
Maybe
Security Update
9.0.6
https://support.microsoft.com/help/5061936
12432
12433
12434
5061936
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12
12459
Maybe
Security Update
17.12.9
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12459
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8
12271
Maybe
Security Update
17.8.22
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12271
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10
12322
Maybe
Security Update
17.10.16
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12322
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.14
16767
Maybe
Security Update
17.14.5
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
16767
Release Notes
jony_juice
1.0
2025-06-10T00:00:00
<p>Information published.</p>
2.0
2025-07-08T00:00:00
<p>Revised the Security Updates table to include PowerShell 7.4 and PowerShell 7.5 because these versions of PowerShell 7 are affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/77">https://github.com/PowerShell/Announcements/issues/77</a> for more information.</p>
Windows Remote Desktop Services Remote Code Execution Vulnerability
<p>Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could successfully exploit this vulnerability by attempting to connect to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.</p>
Windows Remote Desktop Services
Microsoft
Yes
CVE-2025-32710
Use After Free
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11571
11572
11923
11924
12437
12244
12436
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
12437
Remote Code Execution
12244
Remote Code Execution
12436
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
12437
Critical
12244
Critical
12436
Critical
10816
Critical
10855
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
11924
5058500
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12436
5058497
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10816
10855
5058383
5061198
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061198
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23317
https://support.microsoft.com/help/5061198
9312
10287
9318
9344
5061198
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
ʌ!ɔ⊥ojv with Kunlun Lab
SmallerDragon
1.0
2025-06-10T00:00:00
<p>Information published. This CVE was addressed by updates that were released in May 2025, but the CVE was inadvertently omitted from the May 2025 Security Updates. This is an informational change only. Customers who have already installed the May 2025 updates do not need to take any further action.</p>
Win32k Elevation of Privilege Vulnerability
<p>Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Win32K - GRFX
Microsoft
Yes
CVE-2025-32712
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
5061026
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061026
5058449
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23351
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061026
5061026
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23351
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061072
5061072
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061078
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061078
5058430
10051
10049
Yes
Monthly Rollup
6.1.7601.27769
https://support.microsoft.com/help/5061078
10051
10049
5061078
5061036
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061036
10051
10049
Yes
Security Only
6.1.7601.27769
https://support.microsoft.com/help/5061036
10051
10049
5061036
5061059
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061059
5058451
10378
10379
Yes
Monthly Rollup
6.2.9200.25522
https://support.microsoft.com/help/5061059
10378
10379
5061059
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
Anonymous
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Common Log File System Driver Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Common Log File System Driver
Microsoft
Yes
CVE-2025-32713
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
5061026
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061026
5058449
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23351
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061026
5061026
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23351
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061072
5061072
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061078
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061078
5058430
10051
10049
Yes
Monthly Rollup
6.1.7601.27769
https://support.microsoft.com/help/5061078
10051
10049
5061078
5061036
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061036
10051
10049
Yes
Security Only
6.1.7601.27769
https://support.microsoft.com/help/5061036
10051
10049
5061036
5061059
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061059
5058451
10378
10379
Yes
Monthly Rollup
6.2.9200.25522
https://support.microsoft.com/help/5061059
10378
10379
5061059
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
Seunghoe Kim with <a href="https://s2w.inc/">S2W Inc.</a>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Installer Elevation of Privilege Vulnerability
<p>Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Installer
Microsoft
Yes
CVE-2025-32714
Improper Access Control
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
5061026
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061026
5058449
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23351
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061026
5061026
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23351
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061072
5061072
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061078
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061078
5058430
10051
10049
Yes
Monthly Rollup
6.1.7601.27769
https://support.microsoft.com/help/5061078
10051
10049
5061078
5061036
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061036
10051
10049
Yes
Security Only
6.1.7601.27769
https://support.microsoft.com/help/5061036
10051
10049
5061036
5061059
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061059
5058451
10378
10379
Yes
Monthly Rollup
6.2.9200.25522
https://support.microsoft.com/help/5061059
10378
10379
5061059
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
Simon Zuckerbraun of Trend Zero Day Initiative
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Remote Desktop Protocol Client Information Disclosure Vulnerability
<p>Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p>
<p>An unauthorized attacker must wait for a user to initiate a connection.</p>
Remote Desktop Client
Microsoft
Yes
CVE-2025-32715
Out-of-bounds Read
12457
11568
11569
11571
11572
11849
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
10051
10049
10378
10379
10483
10543
Information Disclosure
12457
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11849
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
12457
Important
11568
Important
11569
Important
11571
Important
11572
Important
11849
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12457
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11849
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
Release Notes
https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows
12457
Maybe
Security Update
2.0.505.0
https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows
12457
Release Notes
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
Release Notes
https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-1262780
11849
Maybe
Security Update
1.2.6278.0
https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-1262780
11849
Release Notes
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
5061078
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061078
5058430
10051
10049
Yes
Monthly Rollup
6.1.7601.27769
https://support.microsoft.com/help/5061078
10051
10049
5061078
5061036
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061036
10051
10049
Yes
Security Only
6.1.7601.27769
https://support.microsoft.com/help/5061036
10051
10049
5061036
5061059
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061059
5058451
10378
10379
Yes
Monthly Rollup
6.2.9200.25522
https://support.microsoft.com/help/5061059
10378
10379
5061059
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
Fraunhofer FKIE CA&D
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Media Elevation of Privilege Vulnerability
<p>Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Media
Microsoft
Yes
CVE-2025-32716
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12242
12243
12244
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12242
Important
12243
Important
12244
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
5061026
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061026
5058449
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23351
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061026
5061026
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23351
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061072
5061072
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061078
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061078
5058430
10051
10049
Yes
Monthly Rollup
6.1.7601.27769
https://support.microsoft.com/help/5061078
10051
10049
5061078
5061036
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061036
10051
10049
Yes
Security Only
6.1.7601.27769
https://support.microsoft.com/help/5061036
10051
10049
5061036
5061059
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061059
5058451
10378
10379
Yes
Monthly Rollup
6.2.9200.25522
https://support.microsoft.com/help/5061059
10378
10379
5061059
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
Anonymous
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows SMB Client Elevation of Privilege Vulnerability
<p>Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows SMB
Microsoft
Yes
CVE-2025-32718
Integer Overflow or Wraparound
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
5061059
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061059
5058451
10378
10379
Yes
Monthly Rollup
6.2.9200.25522
https://support.microsoft.com/help/5061059
10378
10379
5061059
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
Genghis Karimov with Microsoft High-Availability Storage Group
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Storage Management Provider Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
Windows Storage Management Provider
Microsoft
Yes
CVE-2025-32719
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
<a href="https://x.com/hpy_insu">insu</a> with Theori
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Storage Management Provider Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
Windows Storage Management Provider
Microsoft
Yes
CVE-2025-32720
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
<a href="https://x.com/hpy_insu">insu</a> with Theori
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Recovery Driver Elevation of Privilege Vulnerability
<p>Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>An authorized attacker must send the user a malicious link and convince the user to open it.</p>
Windows Recovery Driver
Microsoft
Yes
CVE-2025-32721
Improper Link Resolution Before File Access ('Link Following')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
<a href="https://twitter.com/crispr56338851">BochengXiang(@Crispr)</a> with <a href="https://secsys.fudan.edu.cn/">FDU</a>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Storage Port Driver Information Disclosure Vulnerability
<p>Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p>
Windows Storage Port Driver
Microsoft
Yes
CVE-2025-32722
Improper Access Control
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
5061059
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061059
5058451
10378
10379
Yes
Monthly Rollup
6.2.9200.25522
https://support.microsoft.com/help/5061059
10378
10379
5061059
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
<a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
<p>Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.</p>
Windows Local Security Authority Subsystem Service (LSASS)
Microsoft
Yes
CVE-2025-32724
Uncontrolled Resource Consumption
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
12437
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
5061026
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061026
5058449
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23351
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061026
5061026
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23351
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061072
5061072
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061078
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061078
5058430
10051
10049
Yes
Monthly Rollup
6.1.7601.27769
https://support.microsoft.com/help/5061078
10051
10049
5061078
5061036
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061036
10051
10049
Yes
Security Only
6.1.7601.27769
https://support.microsoft.com/help/5061036
10051
10049
5061036
5061059
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061059
5058451
10378
10379
Yes
Monthly Rollup
6.2.9200.25522
https://support.microsoft.com/help/5061059
10378
10379
5061059
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
<a href="https://www.linkedin.com/in/or-yair">Or Yair</a> with <a href="https://www.safebreach.com/">SafeBreach</a>
<a href="https://www.linkedin.com/in/shahak-morag-6bb51b142/">Shahak Morag</a> with <a href="https://www.safebreach.com/">SafeBreach</a>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Storage Management Provider Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
Windows Storage Management Provider
Microsoft
Yes
CVE-2025-33058
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
<a href="https://x.com/hpy_insu">insu</a> with Theori
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Storage Management Provider Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
Windows Storage Management Provider
Microsoft
Yes
CVE-2025-33059
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
<a href="https://x.com/hpy_insu">insu</a> with Theori
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Storage Management Provider Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
Windows Storage Management Provider
Microsoft
Yes
CVE-2025-33060
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
<a href="https://x.com/hpy_insu">insu</a> with Theori
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Storage Management Provider Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
Windows Storage Management Provider
Microsoft
Yes
CVE-2025-33061
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
<a href="https://x.com/hpy_insu">insu</a> with Theori
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Storage Management Provider Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
Windows Storage Management Provider
Microsoft
Yes
CVE-2025-33062
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
<a href="https://x.com/hpy_insu">insu</a> with Theori
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Storage Management Provider Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
Windows Storage Management Provider
Microsoft
Yes
CVE-2025-33063
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
Anonymous
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An authenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
Windows Routing and Remote Access Service (RRAS)
Microsoft
Yes
CVE-2025-33064
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
5061026
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061026
5058449
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23351
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061026
5061026
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23351
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061072
5061072
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061078
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061078
5058430
10051
10049
Yes
Monthly Rollup
6.1.7601.27769
https://support.microsoft.com/help/5061078
10051
10049
5061078
5061036
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061036
10051
10049
Yes
Security Only
6.1.7601.27769
https://support.microsoft.com/help/5061036
10051
10049
5061036
5061059
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061059
5058451
10378
10379
Yes
Monthly Rollup
6.2.9200.25522
https://support.microsoft.com/help/5061059
10378
10379
5061059
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
Anonymous with Codesafe Team of Legendsec at QI-ANXIN Group
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Storage Management Provider Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
Windows Storage Management Provider
Microsoft
Yes
CVE-2025-33065
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
<a href="https://x.com/hpy_insu">insu</a> with Theori
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p>
Windows Routing and Remote Access Service (RRAS)
Microsoft
Yes
CVE-2025-33066
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
5061026
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061026
5058449
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23351
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061026
5061026
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23351
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061072
5061072
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061078
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061078
5058430
10051
10049
Yes
Monthly Rollup
6.1.7601.27769
https://support.microsoft.com/help/5061078
10051
10049
5061078
5061036
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061036
10051
10049
Yes
Security Only
6.1.7601.27769
https://support.microsoft.com/help/5061036
10051
10049
5061036
5061059
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061059
5058451
10378
10379
Yes
Monthly Rollup
6.2.9200.25522
https://support.microsoft.com/help/5061059
10378
10379
5061059
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
Anonymous with Codesafe Team of Legendsec at QI-ANXIN Group
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Task Scheduler Elevation of Privilege Vulnerability
<p>Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability by capitalizing on the permissions handling flaw in the task scheduler that allows them, without privileges, to interact with certain scheduled tasks under specific conditions.</p>
Windows Kernel
Microsoft
Yes
CVE-2025-33067
Improper Privilege Management
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
Alexander Pudwill
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Installer Elevation of Privilege Vulnerability
<p>Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Installer
Microsoft
Yes
CVE-2025-33075
Improper Link Resolution Before File Access ('Link Following')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
5061026
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061026
5058449
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23351
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061026
5061026
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23351
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061072
5061072
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061078
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061078
5058430
10051
10049
Yes
Monthly Rollup
6.1.7601.27769
https://support.microsoft.com/help/5061078
10051
10049
5061078
5061036
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061036
10051
10049
Yes
Security Only
6.1.7601.27769
https://support.microsoft.com/help/5061036
10051
10049
5061036
5061059
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061059
5058451
10378
10379
Yes
Monthly Rollup
6.2.9200.25522
https://support.microsoft.com/help/5061059
10378
10379
5061059
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
Simon Zuckerbraun of Trend Zero Day Initiative
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Shortcut Files Security Feature Bypass Vulnerability
<p>Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), but could lead to some loss of integrity (I:L) and availability (A:L). What does that mean for this vulnerability?</strong></p>
<p>While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted file that is designed to exploit the vulnerability.</p>
<p>In any case an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p>
<p>An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as SmartScreen Application Reputation security check and/or the legacy Windows Attachment Services security prompt.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>To exploit this vulnerability, an attacker could host a file on an attacker-controlled server, then convince a targeted user to download and open the file. This could allow the attacker to interfere with the Mark of the Web functionality.</p>
<p>Please see <a href="https://learn.microsoft.com/en-us/deployoffice/security/internet-macros-blocked#additional-information-about-mark-of-the-web">Additional information about Mark of the Web</a> for further clarification</p>
Windows Shell
Microsoft
Yes
CVE-2025-47160
Protection Mechanism Failure
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
10378
10379
10483
10543
Security Feature Bypass
11568
Security Feature Bypass
11569
Security Feature Bypass
11571
Security Feature Bypass
11572
Security Feature Bypass
11923
Security Feature Bypass
11924
Security Feature Bypass
11929
Security Feature Bypass
11930
Security Feature Bypass
11931
Security Feature Bypass
12085
Security Feature Bypass
12086
Security Feature Bypass
12097
Security Feature Bypass
12098
Security Feature Bypass
12099
Security Feature Bypass
12437
Security Feature Bypass
12242
Security Feature Bypass
12243
Security Feature Bypass
12244
Security Feature Bypass
12389
Security Feature Bypass
12390
Security Feature Bypass
12436
Security Feature Bypass
10729
Security Feature Bypass
10735
Security Feature Bypass
10852
Security Feature Bypass
10853
Security Feature Bypass
10816
Security Feature Bypass
10855
Security Feature Bypass
10378
Security Feature Bypass
10379
Security Feature Bypass
10483
Security Feature Bypass
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11568
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11569
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11571
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11572
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11923
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11924
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11929
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11930
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11931
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
12085
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
12086
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
12097
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
12098
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
12099
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
12437
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
12242
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
12243
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
12244
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
12389
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
12390
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
12436
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
10729
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
10735
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
10852
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
10853
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
10816
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
10855
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
10378
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
10379
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
10483
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
10543
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
5061059
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061059
5058451
10378
10379
Yes
Monthly Rollup
6.2.9200.25522
https://support.microsoft.com/help/5061059
10378
10379
5061059
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>Are the updates for the Microsoft 365 for Office currently available?</strong></p>
<p>The security update for Microsoft 365 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
Microsoft Office
Microsoft
Yes
CVE-2025-47162
Heap-based Buffer Overflow
11573
11574
11762
11763
11951
11952
11953
12155
12420
12421
12440
10753
10754
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12155
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10753
Remote Code Execution
10754
Critical
11573
Critical
11574
Critical
11762
Critical
11763
Critical
11951
Critical
11952
Critical
11953
Critical
12155
Critical
12420
Critical
12421
Critical
12440
Critical
10753
Critical
10754
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12155
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10753
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10754
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.98.25060824
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
Release Notes
https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow
12155
Maybe
Security Update
16.0.18925.20000
https://support.google.com/googleplay/answer/113412?hl=en
12155
Release Notes
5002730
https://www.microsoft.com/en-us/download/details.aspx?id=108205
5002711
10753
10754
Maybe
Security Update
16.0.5504.1000
https://support.microsoft.com/help/5002730
10753
10754
5002730
0x140ce
1.0
2025-06-10T00:00:00
<p>Information published.</p>
2.0
2025-06-10T00:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the <a href="https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates">Release Notes</a> for more information.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p>
<p><strong>Are the updates for the Microsoft 365 for Office currently available?</strong></p>
<p>The security update for Microsoft 365 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
Microsoft Office
Microsoft
Yes
CVE-2025-47953
Improper Restriction of Names for Files and Other Resources
11573
11574
11762
11763
11951
11952
11953
12155
12420
12421
12440
10753
10754
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12155
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10753
Remote Code Execution
10754
Critical
11573
Critical
11574
Critical
11762
Critical
11763
Critical
11951
Critical
11952
Critical
11953
Critical
12155
Critical
12420
Critical
12421
Critical
12440
Critical
10753
Critical
10754
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12155
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10753
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10754
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.98.25060824
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
Release Notes
https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow
12155
Maybe
Security Update
16.0.18925.20000
https://support.google.com/googleplay/answer/113412?hl=en
12155
Release Notes
5002730
https://www.microsoft.com/en-us/download/details.aspx?id=108205
5002711
10753
10754
Maybe
Security Update
16.0.5504.1000
https://support.microsoft.com/help/5002730
10753
10754
5002730
0x140ce
1.0
2025-06-10T00:00:00
<p>Information published.</p>
2.0
2025-06-10T00:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the <a href="https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates">Release Notes</a> for more information.</p>
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
<p>Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Remote Access Connection Manager
Microsoft
Yes
CVE-2025-47955
Improper Privilege Management
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
11924
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5061198
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061198
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23317
https://support.microsoft.com/help/5061198
9312
10287
9318
9344
5061198
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Sergey Bliznyuk with Positive Technologies
1.0
2025-06-10T00:00:00
<p>Information published. This CVE was addressed by updates that were released in May 2025, but the CVE was inadvertently omitted from the May 2025 Security Updates. This is an informational change only. Customers who have already installed the May 2025 updates do not need to take any further action.</p>
Windows Security App Spoofing Vulnerability
<p>External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.</p>
<p><strong>Is more information available about Windows Security App?</strong></p>
<p>Yes, please see <a href="https://support.microsoft.com/en-us/windows/stay-protected-with-the-windows-security-app-2ae0363d-0ada-c064-8b56-6a39afb6a963">Stay Protected With the Windows Security App</a> for more information.</p>
<p><strong>How do I know if I'm protected from this vulnerability</strong></p>
<p>From the <strong>Start</strong> menu, type Windows Security and hit <strong>Enter</strong>. The Windows Security App will be displayed. Click on the <strong>Settings</strong> control and then click the <strong>About</strong> link. The current version will be displayed. See that your version is greater than or equal to 1000.27840.0.0.</p>
Windows Security App
Microsoft
Yes
CVE-2025-47956
External Control of File Name or Path
16766
Spoofing
16766
Important
16766
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
16766
Information
16766
No
Security Update
1000.27840.1000.0
https://support.microsoft.com/en-us/windows/stay-protected-with-the-windows-security-app-2ae0363d-0ada-c064-8b56-6a39afb6a963
16766
Information
<a href="https://twitter.com/bohops">Jimmy Bayne of IBM X-Force</a>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
1.1
2025-07-11T00:00:00
<p>Corrected Article and Download entries in the Affected Products table. This is an informational change only.</p>
1.2
2025-07-15T00:00:00
<p>Updated FAQ information. This is an informational change only.</p>
Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
<p>Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthenticated attacker could use a specially crafted application to leverage a cryptographic protocol vulnerability in Kerberos Key Distribution Center Proxy Service to perform remote code execution against the target.</p>
<p><strong>Are all Windows Servers affected by this vulnerability?</strong></p>
<p>This vulnerability only affects Windows Servers that are configured as a <a href="https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-kkdcp/5bcebb8d-b747-4ee5-9453-428aec1c5c38">[MS-KKDCP]: Kerberos Key Distribution Center (KDC) Proxy Protocol</a> server. Domain controllers are not affected.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows KDC Proxy Service (KPSSVC)
Microsoft
Yes
CVE-2025-33071
Use After Free
11571
11572
11923
11924
12437
12244
12436
10816
10855
10378
10379
10483
10543
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
12437
Remote Code Execution
12244
Remote Code Execution
12436
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
12437
Critical
12244
Critical
12436
Critical
10816
Critical
10855
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12436
5060841
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10816
10855
5061010
5061059
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061059
5058451
10378
10379
Yes
Monthly Rollup
6.2.9200.25522
https://support.microsoft.com/help/5061059
10378
10379
5061059
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
<a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a>
ʌ!ɔ⊥ojv with Kunlun Lab
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows SDK Elevation of Privilege Vulnerability
<p>Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally.</p>
<p><strong>Is there more information that is available on Windows SDK?</strong></p>
<p>Yes. Please see: <a href="https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/">Windows SDK - Windows app development</a> which explains the Windows SDK and advises how to install and maintain the product.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows SDK
Microsoft
Yes
CVE-2025-47962
Improper Access Control
16764
Elevation of Privilege
16764
Important
16764
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16764
Release Notes
https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/
16764
Maybe
Security Update
10.0.26100.4188
https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/
16764
Release Notes
<a href="https://x.com/im_whoisthatguy">whoisthatguy</a>
<a href="https://x.com/im_whoisthatguy">whoisthatguy</a>
Naor Hodorov
Kolja Grassmann with <a href="https://neodyme.io/en/">Neodyme AG</a>
Ken Kitahara with LAC Co., Ltd.
Ken Kitahara with LAC Co., Ltd.
<a href="https://x.com/g3tsyst3m">Robbie Corley</a>
Julian Härig
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Chromium: CVE-2025-5068 Use after free in Blink
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>137.0.3296.62</td>
<td>6/3/2025</td>
<td>137.0.7151.68/.69</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-5068
11655
11655
11655
Release Notes
11655
No
Security Update
137.0.3296.62
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-06-03T13:50:16
<p>Information published.</p>
Chromium: CVE-2025-5419 Out of bounds read and write in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information. Google is aware that an exploit for CVE-2025-5419 exists in the wild.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>137.0.3296.62</td>
<td>6/3/2025</td>
<td>137.0.7151.68/.69</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-5419
11655
11655
11655
Release Notes
11655
No
Security Update
137.0.3296.62
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-06-03T13:50:13
<p>Information published.</p>
Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability
<p>Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is secrets or privileged information belonging to the user of the affected application.</p>
Windows Hello
Microsoft
Yes
CVE-2025-47969
Exposure of Sensitive Information to an Unauthorized Actor
12085
12086
12437
12242
12243
12389
12390
12436
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Important
12085
Important
12086
Important
12437
Important
12242
Important
12243
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
12242
12243
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
12242
12243
5058405
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
<a href="https://x.com/_ethicalchaos_">Ceri Coburn</a> with <a href="https://www.netspi.com/">NetSPI</a>
1.0
2025-06-10T00:00:00
<p>Information published. This CVE was addressed by updates that were released in May 2025, but the CVE was inadvertently omitted from the May 2025 Security Updates. This is an informational change only. Customers who have already installed the May 2025 updates do not need to take any further action.</p>
Power Automate Elevation of Privilege Vulnerability
<p>Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Power Automate
Microsoft
No
CVE-2025-47966
Exposure of Sensitive Information to an Unauthorized Actor
12410
Elevation of Privilege
12410
Critical
12410
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12410
Felix B.
1.0
2025-06-05T00:00:00
<p>Information published.</p>
Microsoft Word Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthenticated attacker could exploit this vulnerability by crafting a malicious RTF file. If a user opens the file or it is rendered in the preview pane, the attacker could execute arbitrary code in the user's context.</p>
<p><strong>Are the updates for the Microsoft 365 for Office currently available?</strong></p>
<p>The security update for Microsoft 365 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
Microsoft Office Word
Microsoft
Yes
CVE-2025-32717
Heap-based Buffer Overflow
11762
11763
Remote Code Execution
11762
Remote Code Execution
11763
Critical
11762
Critical
11763
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
Click to Run
11762
11763
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates
11762
11763
Click to Run
Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a>
2.0
2025-06-10T00:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the <a href="https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates">Release Notes</a> for more information.</p>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Chromium: CVE-2025-5959 Type Confusion in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>137.0.3296.83</td>
<td>6/13/2025</td>
<td>137.0.7151.103/.104</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-5959
11655
11655
11655
Release Notes
11655
Maybe
Security Update
137.0.3296.83
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-06-13T00:00:13
<p>Information published.</p>
Chromium: CVE-2025-6192 Use after free in Profiler
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>137.0.3296.93</td>
<td>6/19/2025</td>
<td>137.0.7151.119/.120</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-6192
11655
11655
11655
Release Notes
11655
No
Security Update
137.0.3296.93
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-06-19T08:24:26
<p>Information published.</p>
Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
<p>Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Dynamics 365 FastTrack Implementation Assets
Microsoft
No
CVE-2025-49715
Exposure of Private Personal Information to an Unauthorized Actor
16783
Information Disclosure
16783
Critical
16783
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
16783
Shay Berkovich with Wiz
1.0
2025-06-19T00:00:00
<p>Information published.</p>
1.1
2025-07-01T00:00:00
<p>Updated an acknowledgement. This is an informational change only.</p>
Windows Storage Management Provider Information Disclosure Vulnerability
<p>Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
Windows Storage Management Provider
Microsoft
Yes
CVE-2025-24068
Buffer Over-read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
nerty_nerty(Ingyu Yang), Mukyoung Kwak, Seongheun Hong, Jaeseok Bae, Jiwon Jang, Seoyun Cho with Best of the Best 13th Team MSRC Gasan
<a href="https://linkedin.com/in/dr-sr">Dan Reynolds</a> with MSRC Vulnerabilities & Mitigations
<a href="https://x.com/hpy_insu">insu</a> with Theori
<a href="https://x.com/hpy_insu">insu</a> with Theori
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Storage Management Provider Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
Windows Storage Management Provider
Microsoft
Yes
CVE-2025-24069
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
<a href="https://x.com/hpy_insu">insu</a> with Theori
nerty_nerty(Ingyu Yang), Mukyoung Kwak, Seongheun Hong, Jaeseok Bae, Jiwon Jang, Seoyun Cho with Best of the Best 13th Team MSRC Gasan
Mukyoung Kwak, Seongheun Hong, Jaeseok Bae, Ingyu Yang, Jiwon Jang, Seoyun Cho with Best of the Best 13th Team MSRC Gasan
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Storage Management Provider Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is an out of bounds read in the caller's address space memory.</p>
Windows Storage Management Provider
Microsoft
Yes
CVE-2025-24065
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
nerty_nerty(Ingyu Yang), Mukyoung Kwak, Seongheun Hong, Jaeseok Bae, Jiwon Jang, Seoyun Cho with Best of the Best 13th Team MSRC Gasan
<a href="https://linkedin.com/in/dr-sr">Dan Reynolds</a> with MSRC Vulnerabilities & Mitigations
<a href="https://x.com/hpy_insu">insu</a> with Theori
<a href="https://x.com/hpy_insu">insu</a> with Theori
1.0
2025-06-10T00:00:00
<p>Information published.</p>
DHCP Server Service Denial of Service Vulnerability
<p>Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of availability (A:H). What does that mean for this vulnerability?</strong></p>
<p>If an attacker was able to successfully exploit the vulnerability the attack might result in a total loss of availability.</p>
Windows DHCP Server
Microsoft
Yes
CVE-2025-32725
Protection Mechanism Failure
11571
11572
11923
11924
12437
12244
12436
10816
10855
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
12437
Denial of Service
12244
Denial of Service
12436
Denial of Service
10816
Denial of Service
10855
Important
11571
Important
11572
Important
11923
Important
11924
Important
12437
Important
12244
Important
12436
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12436
5060841
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10816
10855
5061010
bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
DHCP Server Service Denial of Service Vulnerability
<p>Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.</p>
Windows DHCP Server
Microsoft
Yes
CVE-2025-33050
Protection Mechanism Failure
11571
11572
11923
11924
12437
12244
12436
10816
10855
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
12437
Denial of Service
12244
Denial of Service
12436
Denial of Service
10816
Denial of Service
10855
Important
11571
Important
11572
Important
11923
Important
11924
Important
12437
Important
12244
Important
12436
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12436
5060841
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10816
10855
5061010
Anonymous
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows DWM Core Library Information Disclosure Vulnerability
<p>Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized stack memory.</p>
Windows DWM Core Library
Microsoft
Yes
CVE-2025-33052
Use of Uninitialized Resource
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
Microsoft Offensive Research & Security Engineering (MORSE) with Microsoft
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Internet Shortcut Files Remote Code Execution Vulnerability
<p>External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.</p>
<p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?</strong></p>
<p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p>
<p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p>
Internet Shortcut Files
Microsoft
Yes
CVE-2025-33053
External Control of File Name or Path
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11568
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11569
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11571
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11572
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11923
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11924
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11929
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11930
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11931
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12085
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12086
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12097
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12098
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12099
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12437
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12242
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12243
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12244
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12389
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12390
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12436
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10729
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10735
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10852
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10853
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10816
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10855
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9312
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10287
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9318
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9344
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10051
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10049
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10378
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10379
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10483
8.8
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10543
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
5061026
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061026
5058449
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23351
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061026
5061026
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5060996
9312
10287
9318
9344
10051
10049
10483
10543
Yes
IE Cumulative
1
https://support.microsoft.com/help/5060996
9312
10287
9318
9344
10051
10049
10483
10543
5060996
5061078
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061078
5058430
10051
10049
Yes
Monthly Rollup
6.1.7601.27769
https://support.microsoft.com/help/5061078
10051
10049
5061078
5061059
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061059
5058451
10378
10379
Yes
Monthly Rollup
6.2.9200.25522
https://support.microsoft.com/help/5061059
10378
10379
5061059
5060996
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060996
10378
10379
Yes
IE Cumulative
1.000
https://support.microsoft.com/help/5060996
10378
10379
5060996
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
Alexandra Gofman and David Driker (Check Point Research)
1.0
2025-06-10T00:00:00
<p>Information published.</p>
1.1
2025-06-19T00:00:00
<p>Corrected the CVE description and title. This is an informational change only.</p>
Windows Storage Management Provider Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
Windows Storage Management Provider
Microsoft
Yes
CVE-2025-33055
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
Mukyoung Kwak, Seongheun Hong, Jaeseok Bae, Ingyu Yang, Jiwon Jang, Seoyun Cho with Best of the Best 13th Team MSRC Gasan
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Local Security Authority (LSA) Denial of Service Vulnerability
<p>Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.</p>
Microsoft Local Security Authority Server (lsasrv)
Microsoft
Yes
CVE-2025-33056
Improper Access Control
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
12437
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
5061026
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061026
5058449
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23351
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061026
5061026
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23351
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061072
5061072
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061078
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061078
5058430
10051
10049
Yes
Monthly Rollup
6.1.7601.27769
https://support.microsoft.com/help/5061078
10051
10049
5061078
5061036
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061036
10051
10049
Yes
Security Only
6.1.7601.27769
https://support.microsoft.com/help/5061036
10051
10049
5061036
5061059
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061059
5058451
10378
10379
Yes
Monthly Rollup
6.2.9200.25522
https://support.microsoft.com/help/5061059
10378
10379
5061059
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
<a href="https://bsky.app/profile/hexnomad.bsky.social">Erik Egsgard</a> with <a href="https://fieldeffect.com/">Field Effect</a>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Local Security Authority (LSA) Denial of Service Vulnerability
<p>Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.</p>
Windows Local Security Authority (LSA)
Microsoft
Yes
CVE-2025-33057
NULL Pointer Dereference
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
12437
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
5061026
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061026
5058449
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23351
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061026
5061026
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23351
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061072
5061072
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061078
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061078
5058430
10051
10049
Yes
Monthly Rollup
6.1.7601.27769
https://support.microsoft.com/help/5061078
10051
10049
5061078
5061036
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061036
10051
10049
Yes
Security Only
6.1.7601.27769
https://support.microsoft.com/help/5061036
10051
10049
5061036
5061059
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061059
5058451
10378
10379
Yes
Monthly Rollup
6.2.9200.25522
https://support.microsoft.com/help/5061059
10378
10379
5061059
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
Anonymous
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Standards-Based Storage Management Service Denial of Service Vulnerability
<p>Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.</p>
Windows Standards-Based Storage Management Service
Microsoft
Yes
CVE-2025-33068
Uncontrolled Resource Consumption
11571
11572
11923
11924
12437
12436
10816
10855
10483
10543
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
12437
Denial of Service
12436
Denial of Service
10816
Denial of Service
10855
Denial of Service
10483
Denial of Service
10543
Important
11571
Important
11572
Important
11923
Important
11924
Important
12437
Important
12436
Important
10816
Important
10855
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12436
5060841
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10816
10855
5061010
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
<a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a>
<a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> with HUST
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows App Control for Business Security Feature Bypass Vulnerability
<p>Improper verification of cryptographic signature in App Control for Business (WDAC) allows an unauthorized attacker to bypass a security feature locally.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>An attacker can spoof the signature to get it to bypass App Control policy.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p>
<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p>
App Control for Business (WDAC)
Microsoft
Yes
CVE-2025-33069
Improper Verification of Cryptographic Signature
12437
12389
12390
12436
Security Feature Bypass
12437
Security Feature Bypass
12389
Security Feature Bypass
12390
Security Feature Bypass
12436
Important
12437
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.1
4.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
12437
5.1
4.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
12389
5.1
4.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
12390
5.1
4.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
12436
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
Christopher Whipp with Services Australia
<a href="https://www.linkedin.com/in/mingda-li-470b7b90">Mingda Li</a> with <a href="https://www.dow.com/en-us">Dow</a>
1.1
2025-07-09T00:00:00
<p>Added acknowledgements. This is an informational change only.</p>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows Netlogon Elevation of Privilege Vulnerability
<p>Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain domain administrator privileges.</p>
<p><strong>How an attacker exploit this vulnerability?</strong></p>
<p>The attacker could exploit the vulnerability by sending specially crafted authentication requests to the domain controller.</p>
Windows Netlogon
Microsoft
Yes
CVE-2025-33070
Use of Uninitialized Resource
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Critical
11568
Critical
11569
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
12437
Critical
12242
Critical
12243
Critical
12244
Critical
12389
Critical
12390
Critical
12436
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
5061078
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061078
5058430
10051
10049
Yes
Monthly Rollup
6.1.7601.27769
https://support.microsoft.com/help/5061078
10051
10049
5061078
5061036
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061036
10051
10049
Yes
Security Only
6.1.7601.27769
https://support.microsoft.com/help/5061036
10051
10049
5061036
5061059
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061059
5058451
10378
10379
Yes
Monthly Rollup
6.2.9200.25522
https://support.microsoft.com/help/5061059
10378
10379
5061059
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
Anonymous
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Windows SMB Client Elevation of Privilege Vulnerability
<p>Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk. In one such scenario for this vulnerability, the attacker could convince a victim to connect to an attacker controlled malicious application (for example, SMB) server. Upon connecting, the malicious server could compromise the protocol.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>To exploit this vulnerability, an attacker could execute a specially crafted script to coerce the victim machine to connect back to the attacker’s SMB Server using SMB and authenticate. This could result in elevation of privilege.</p>
Windows SMB
Microsoft
Yes
CVE-2025-33073
Improper Access Control
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11568
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11569
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11571
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11572
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11923
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11924
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11929
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11930
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11931
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12085
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12086
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12097
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12098
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12099
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12437
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12242
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12243
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12244
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12389
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12390
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12436
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10729
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10735
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10852
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10853
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10816
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10855
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
9312
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10287
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
9318
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
9344
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10051
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10049
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10378
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10379
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10483
8.8
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10543
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
5061026
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061026
5058449
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23351
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061026
5061026
https://support.microsoft.com/help/5061026
9312
10287
9318
9344
5061072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23351
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061072
5061072
https://support.microsoft.com/help/5061072
9312
10287
9318
9344
5061078
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061078
5058430
10051
10049
Yes
Monthly Rollup
6.1.7601.27769
https://support.microsoft.com/help/5061078
10051
10049
5061078
5061036
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061036
10051
10049
Yes
Security Only
6.1.7601.27769
https://support.microsoft.com/help/5061036
10051
10049
5061036
5061059
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061059
5058451
10378
10379
Yes
Monthly Rollup
6.2.9200.25522
https://support.microsoft.com/help/5061059
10378
10379
5061059
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
James Forshaw of Google Project Zero
<a href="https://www.redteam-pentesting.de/">RedTeam Pentesting GmbH</a>
Stefan Walter and Daniel Isern with <a href="https://www.syss.de/">SySS GmbH</a>
Ahamada M'Bamba (h1roki)
<a href="https://linkedin.com/cameron-stish">Cameron Stish</a> with <a href="https://www.guidepointsecurity.com/">GuidePoint Security</a>
<a href="https://twitter.com/wil_fri3d">Wilfried Bécard</a> with <a href="https://www.synacktiv.com/">Synacktiv</a>
Keisuke Hirata with <a href="https://www.crowdstrike.com/">CrowdStrike</a>
1.1
2025-06-11T00:00:00
<p>Acknowledgement added. This is an informational change only.</p>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Microsoft SharePoint Server Remote Code Execution Vulnerability
<p>Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2025-47163
Deserialization of Untrusted Data
10950
11585
11961
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11961
Important
10950
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002732
https://www.microsoft.com/en-us/download/details.aspx?id=108208
5002722
10950
Maybe
Security Update
16.0.5504.1001
https://support.microsoft.com/help/5002732
10950
5002732
5002729
https://www.microsoft.com/en-us/download/details.aspx?id=108206
5002708
11585
Maybe
Security Update
16.0.10417.20018
https://support.microsoft.com/help/5002729
11585
5002729
5002736
https://www.microsoft.com/en-us/download/details.aspx?id=108210
5002709
11961
Maybe
Security Update
16.0.18526.20396
https://support.microsoft.com/help/5002736
11961
5002736
5002736
https://support.microsoft.com/help/5002736
11961
<a href="https://github.com/zcgonvh">zcgonvh</a>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>Are the updates for the Microsoft 365 for Office currently available?</strong></p>
<p>The security update for Microsoft 365 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
Microsoft Office
Microsoft
Yes
CVE-2025-47164
Use After Free
11573
11574
11762
11763
11951
11952
11953
12155
12420
12421
12440
10753
10754
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12155
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10753
Remote Code Execution
10754
Critical
11573
Critical
11574
Critical
11762
Critical
11763
Critical
11951
Critical
11952
Critical
11953
Critical
12155
Critical
12420
Critical
12421
Critical
12440
Critical
10753
Critical
10754
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12155
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10753
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10754
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.98.25060824
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
Release Notes
https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow
12155
Maybe
Security Update
16.0.18925.20000
https://support.google.com/googleplay/answer/113412?hl=en
12155
Release Notes
5002730
https://www.microsoft.com/en-us/download/details.aspx?id=108205
5002711
10753
10754
Maybe
Security Update
16.0.5504.1000
https://support.microsoft.com/help/5002730
10753
10754
5002730
0x140ce
2.0
2025-06-10T00:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the <a href="https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates">Release Notes</a> for more information.</p>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Are the updates for the Microsoft 365 for Office currently available?</strong></p>
<p>The security update for Microsoft 365 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-47165
Use After Free
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002728
https://www.microsoft.com/en-us/download/details.aspx?id=108204
5002707
10836
Maybe
Security Update
16.0.10417.20018
https://support.microsoft.com/help/5002728
10836
5002728
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.98.25060824
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002735
https://www.microsoft.com/en-us/download/details.aspx?id=108213
5002717
10739
10740
Maybe
Security Update
16.0.5504.1000
https://support.microsoft.com/help/5002735
10739
10740
5002735
5002735
https://support.microsoft.com/help/5002735
10739
10740
0x140ce
2.0
2025-06-10T00:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the <a href="https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates">Release Notes</a> for more information.</p>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Microsoft SharePoint Server Remote Code Execution Vulnerability
<p>Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2025-47166
Deserialization of Untrusted Data
10950
11585
11961
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11961
Important
10950
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002732
https://www.microsoft.com/en-us/download/details.aspx?id=108208
5002722
10950
Maybe
Security Update
16.0.5504.1001
https://support.microsoft.com/help/5002732
10950
5002732
5002729
https://www.microsoft.com/en-us/download/details.aspx?id=108206
5002708
11585
Maybe
Security Update
16.0.10417.20018
https://support.microsoft.com/help/5002729
11585
5002729
5002736
https://www.microsoft.com/en-us/download/details.aspx?id=108210
5002709
11961
Maybe
Security Update
16.0.18526.20396
https://support.microsoft.com/help/5002736
11961
5002736
5002736
https://support.microsoft.com/help/5002736
11961
<a href="https://github.com/zcgonvh">zcgonvh's cat Vanilla</a>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
<p><strong>Are the updates for the Microsoft 365 for Office currently available?</strong></p>
<p>The security update for Microsoft 365 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
Microsoft Office
Microsoft
Yes
CVE-2025-47167
Access of Resource Using Incompatible Type ('Type Confusion')
11573
11574
11762
11763
11951
11952
11953
12155
12420
12421
12440
10753
10754
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12155
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10753
Remote Code Execution
10754
Critical
11573
Critical
11574
Critical
11762
Critical
11763
Critical
11951
Critical
11952
Critical
11953
Critical
12155
Critical
12420
Critical
12421
Critical
12440
Critical
10753
Critical
10754
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12155
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10753
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10754
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.98.25060824
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
Release Notes
https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow
12155
Maybe
Security Update
16.0.18925.20000
https://support.google.com/googleplay/answer/113412?hl=en
12155
Release Notes
5002616
https://www.microsoft.com/en-us/download/details.aspx?id=108211
4493154
10753
10754
Maybe
Security Update
16.0.5504.1000
https://support.microsoft.com/help/5002616
10753
10754
5002616
0x140ce
2.0
2025-06-10T00:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the <a href="https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates">Release Notes</a> for more information.</p>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Microsoft Word Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p>
<p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p>
<p><strong>Are the updates for the Microsoft 365 for Office currently available?</strong></p>
<p>The security update for Microsoft 365 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
Microsoft Office Word
Microsoft
Yes
CVE-2025-47168
Use After Free
10950
11585
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10746
10747
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10746
Remote Code Execution
10747
Important
10950
Important
11585
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10746
Important
10747
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10746
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10747
5002732
https://www.microsoft.com/en-us/download/details.aspx?id=108208
5002722
10950
Maybe
Security Update
16.0.5504.1001
https://support.microsoft.com/help/5002732
10950
5002732
5002731
https://www.microsoft.com/en-us/download/details.aspx?id=108215
5002712
10950
Maybe
Security Update
16.0.5504.1001
https://support.microsoft.com/help/5002731
10950
5002731
5002729
https://www.microsoft.com/en-us/download/details.aspx?id=108206
5002708
11585
Maybe
Security Update
16.0.10417.20018
https://support.microsoft.com/help/5002729
11585
5002729
5002727
https://www.microsoft.com/en-us/download/details.aspx?id=108207
5002706
11585
Maybe
Security Update
16.0.10417.20018
https://support.microsoft.com/help/5002727
11585
5002727
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.98.25060824
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002710
https://www.microsoft.com/en-us/download/details.aspx?id=108209
5002702
10746
10747
Maybe
Security Update
16.0.5504.1000
https://support.microsoft.com/help/5002710
10746
10747
5002710
cdbb6164ddfda2b210fd348442322115
2.0
2025-06-10T00:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the <a href="https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates">Release Notes</a> for more information.</p>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Microsoft Word Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p>
<p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p>
<p><strong>Are the updates for the Microsoft 365 for Office currently available?</strong></p>
<p>The security update for Microsoft 365 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Word
Microsoft
Yes
CVE-2025-47169
Heap-based Buffer Overflow
10950
11585
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10746
10747
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10746
Remote Code Execution
10747
Important
10950
Important
11585
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10746
Important
10747
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10746
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10747
5002732
https://www.microsoft.com/en-us/download/details.aspx?id=108208
5002722
10950
Maybe
Security Update
16.0.5504.1001
https://support.microsoft.com/help/5002732
10950
5002732
5002731
https://www.microsoft.com/en-us/download/details.aspx?id=108215
5002712
10950
Maybe
Security Update
16.0.5504.1001
https://support.microsoft.com/help/5002731
10950
5002731
5002729
https://www.microsoft.com/en-us/download/details.aspx?id=108206
5002708
11585
Maybe
Security Update
16.0.10417.20018
https://support.microsoft.com/help/5002729
11585
5002729
5002727
https://www.microsoft.com/en-us/download/details.aspx?id=108207
5002706
11585
Maybe
Security Update
16.0.10417.20018
https://support.microsoft.com/help/5002727
11585
5002727
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.98.25060824
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002710
https://www.microsoft.com/en-us/download/details.aspx?id=108209
5002702
10746
10747
Maybe
Security Update
16.0.5504.1000
https://support.microsoft.com/help/5002710
10746
10747
5002710
cdbb6164ddfda2b210fd348442322115
2.0
2025-06-10T00:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the <a href="https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates">Release Notes</a> for more information.</p>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Microsoft Word Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>
<p><strong>Are the updates for the Microsoft 365 for Office currently available?</strong></p>
<p>The security update for Microsoft 365 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Word
Microsoft
Yes
CVE-2025-47170
Use After Free
11762
11763
12420
12421
12440
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Important
11762
Important
11763
Important
12420
Important
12421
Important
12440
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
Click to Run
11762
11763
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates
11762
11763
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
12440
Maybe
Security Update
16.98.25060824
https://go.microsoft.com/fwlink/p/?linkid=831049
12440
Release Notes
Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a>
2.0
2025-06-10T00:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the <a href="https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates">Release Notes</a> for more information.</p>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Microsoft Outlook Remote Code Execution Vulnerability
<p>Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>A user needs to be tricked into opening malicious files.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>To successfully exploit this vulnerability, an attacker would need to gain elevated privileges enabling them to perform file operations in directories they would not normally be able to access or perform.</p>
<p><strong>Are the updates for the Microsoft 365 for Office currently available?</strong></p>
<p>The security update for Microsoft 365 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
Microsoft Office Outlook
Microsoft
Yes
CVE-2025-47171
Improper Input Validation
11573
11574
11762
11763
11952
11953
12420
12421
10765
10766
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
10765
Remote Code Execution
10766
Important
11573
Important
11574
Important
11762
Important
11763
Important
11952
Important
11953
Important
12420
Important
12421
Important
10765
Important
10766
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10765
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10766
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
5002683
https://www.microsoft.com/en-us/download/details.aspx?id=108212
5002656
10765
10766
Maybe
Security Update
16.0.5504.1000
https://support.microsoft.com/help/5002683
10765
10766
5002683
5002683
https://support.microsoft.com/help/5002683
10765
10766
<a href="https://www.linkedin.com/in/arnoldosipov/">Arnold Osipov</a> with <a href="https://www.morphisec.com/">Morphisec</a>
<a href="https://www.linkedin.com/in/shmuel-uzan-aa21ab158/">Shmuel Uzan</a> with <a href="https://www.morphisec.com/">Morphisec</a>
<a href="https://www.linkedin.com/in/smgoreli/">Michael Gorelik</a> with <a href="https://www.morphisec.com/">Morphisec</a>
2.0
2025-06-10T00:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the <a href="https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates">Release Notes</a> for more information.</p>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Microsoft SharePoint Server Remote Code Execution Vulnerability
<p>Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2025-47172
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
10950
11585
11961
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11961
Critical
10950
Critical
11585
Critical
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002732
https://www.microsoft.com/en-us/download/details.aspx?id=108208
5002722
10950
Maybe
Security Update
16.0.5504.1001
https://support.microsoft.com/help/5002732
10950
5002732
5002729
https://www.microsoft.com/en-us/download/details.aspx?id=108206
5002708
11585
Maybe
Security Update
16.0.10417.20018
https://support.microsoft.com/help/5002729
11585
5002729
5002736
https://www.microsoft.com/en-us/download/details.aspx?id=108210
5002709
11961
Maybe
Security Update
16.0.18526.20396
https://support.microsoft.com/help/5002736
11961
5002736
5002736
https://support.microsoft.com/help/5002736
11961
Railgun with Kunlun Lab & Zhiniang Peng with HUST
1.1
2025-06-11T00:00:00
<p>Updated acknowledgment. This is an informational change only.</p>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.</p>
<p><strong>Are the updates for the Microsoft 365 for Office currently available?</strong></p>
<p>The security update for Microsoft 365 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office
Microsoft
Yes
CVE-2025-47173
Improper Restriction of Names for Files and Other Resources
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10753
10754
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10753
Remote Code Execution
10754
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10753
Important
10754
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10753
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10754
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.98.25060824
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002730
https://www.microsoft.com/en-us/download/details.aspx?id=108205
5002711
10753
10754
Maybe
Security Update
16.0.5504.1000
https://support.microsoft.com/help/5002730
10753
10754
5002730
<a href="https://www.linkedin.com/in/arnoldosipov/">Arnold Osipov</a> with <a href="https://www.morphisec.com/">Morphisec</a>
2.0
2025-06-10T00:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the <a href="https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates">Release Notes</a> for more information.</p>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Are the updates for the Microsoft 365 for Office currently available?</strong></p>
<p>The security update for Microsoft 365 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-47174
Heap-based Buffer Overflow
11762
11763
11952
11953
12420
12421
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Important
11762
Important
11763
Important
11952
Important
11953
Important
12420
Important
12421
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
Click to Run
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates
11762
11763
11952
11953
12420
12421
Click to Run
wh1tc with Kunlun Lab & Zhiniang Peng with HUST
2.0
2025-06-10T00:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the <a href="https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates">Release Notes</a> for more information.</p>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Microsoft PowerPoint Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.</p>
<p><strong>Are the updates for the Microsoft 365 for Office currently available?</strong></p>
<p>The security update for Microsoft 365 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office PowerPoint
Microsoft
Yes
CVE-2025-47175
Use After Free
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10741
10742
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10741
Remote Code Execution
10742
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10741
Important
10742
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10741
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10742
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.98.25060824
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002689
https://www.microsoft.com/en-us/download/details.aspx?id=108214
5002586
10741
10742
Maybe
Security Update
16.0.5504.1000
https://support.microsoft.com/help/5002689
10741
10742
5002689
0x140ce
2.0
2025-06-10T00:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the <a href="https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates">Release Notes</a> for more information.</p>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Microsoft Outlook Remote Code Execution Vulnerability
<p>'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
<p><strong>Are the updates for the Microsoft 365 for Office currently available?</strong></p>
<p>The security update for Microsoft 365 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Outlook
Microsoft
Yes
CVE-2025-47176
Path Traversal: '.../...//'
11762
11763
12420
12421
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
12420
Remote Code Execution
12421
Important
11762
Important
11763
Important
12420
Important
12421
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
Click to Run
11762
11763
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates
11762
11763
12420
12421
Click to Run
<a href="https://www.linkedin.com/in/arnoldosipov/">Arnold Osipov</a> with <a href="https://www.morphisec.com/">Morphisec</a>
<a href="https://www.linkedin.com/in/smgoreli/">Michael Gorelik</a> with <a href="https://www.morphisec.com/">Morphisec</a>
<a href="https://www.linkedin.com/in/shmuel-uzan-aa21ab158/">Shmuel Uzan</a> with <a href="https://www.morphisec.com/">Morphisec</a>
2.0
2025-06-10T00:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the <a href="https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates">Release Notes</a> for more information.</p>
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Cert CC: CVE-2025-3052 InsydeH2O Secure Boot Bypass
<p>Untrusted pointer dereference in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p>
<p><strong>Why is this CERT/CC CVE included in the Security Update Guide?</strong></p>
<p>A vulnerability exists in a UEFI application signed with a Microsoft third-party UEFI certificate, which allows an attacker to bypass UEFI Secure Boot. CERT/CC assigned a CVE ID for this vulnerability which all vendors are using for their affected products.</p>
Windows Secure Boot
CERT/CC
Yes
CVE-2025-3052
Untrusted Pointer Dereference
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
10378
10379
10483
10543
Security Feature Bypass
11568
Security Feature Bypass
11569
Security Feature Bypass
11571
Security Feature Bypass
11572
Security Feature Bypass
11923
Security Feature Bypass
11924
Security Feature Bypass
11929
Security Feature Bypass
11930
Security Feature Bypass
11931
Security Feature Bypass
12085
Security Feature Bypass
12086
Security Feature Bypass
12097
Security Feature Bypass
12098
Security Feature Bypass
12099
Security Feature Bypass
12437
Security Feature Bypass
12242
Security Feature Bypass
12243
Security Feature Bypass
12244
Security Feature Bypass
12389
Security Feature Bypass
12390
Security Feature Bypass
12436
Security Feature Bypass
10729
Security Feature Bypass
10735
Security Feature Bypass
10852
Security Feature Bypass
10853
Security Feature Bypass
10816
Security Feature Bypass
10855
Security Feature Bypass
10378
Security Feature Bypass
10379
Security Feature Bypass
10483
Security Feature Bypass
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5060531
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531
5058392
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7434
https://support.microsoft.com/help/5060531
11568
11569
11571
11572
5060531
5060526
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526
5058385
11923
11924
Yes
Security Update
10.0.20348.3807
https://support.microsoft.com/help/5060526
11923
11924
5060526
5060525
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060525
5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3745
https://support.microsoft.com/help/5060525
11923
11924
5060525
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
11929
11930
11931
Yes
Security Update
10.0.19044.5965
https://support.microsoft.com/help/5060533
11929
11930
11931
5060533
5060533
https://support.microsoft.com/help/5060533
11929
11930
11931
12097
12098
12099
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12085
12086
Yes
Security Update
10.0.22621.5472
https://support.microsoft.com/help/5060999
12085
12086
5060999
5060999
https://support.microsoft.com/help/5060999
12085
12086
12242
12243
5060533
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060533
5058379
12097
12098
12099
Yes
Security Update
10.0.19045.5965
https://support.microsoft.com/help/5060533
12097
12098
12099
5060533
5060842
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842
5058411
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4349
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060842
5060842
https://support.microsoft.com/help/5060842
12437
12389
12390
12436
5060841
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060841
5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.4270
https://support.microsoft.com/help/5060841
12437
12389
12390
12436
5060841
5060999
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999
5058405
12242
12243
Yes
Security Update
10.0.22631.5472
https://support.microsoft.com/help/5060999
12242
12243
5060999
5060118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060118
5058384
12244
Yes
Security Update
10.0.25398.1665
https://support.microsoft.com/help/5060118
12244
5060118
5060998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998
5058387
10729
10735
Yes
Security Update
10.0.10240.21034
https://support.microsoft.com/help/5060998
10729
10735
5060998
5061010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010
5058383
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8148
https://support.microsoft.com/help/5061010
10852
10853
10816
10855
5061010
5061059
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061059
5058451
10378
10379
Yes
Monthly Rollup
6.2.9200.25522
https://support.microsoft.com/help/5061059
10378
10379
5061059
5061018
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018
5058403
10483
10543
Yes
Monthly Rollup
6.3.9600.22620
https://support.microsoft.com/help/5061018
10483
10543
5061018
Binarly REsearch [alex@binarly.io] Binarly
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Visual Studio Remote Code Execution Vulnerability
<p>Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires that the target system be set up in a specific manner and the attacker to have knowledge of that setup.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>An authorized attacker with standard user privileges could place a malicious file in an online directory or in a local network location and then wait for the user to run the file.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires a specially crafted file to be placed either in an online directory or in a local network location. When a victim runs this file, it loads the malicious DLL.</p>
Visual Studio
Microsoft
Yes
CVE-2025-47959
Improper Neutralization of Special Elements used in a Command ('Command Injection')
12459
12271
12322
16767
Remote Code Execution
12459
Remote Code Execution
12271
Remote Code Execution
12322
Remote Code Execution
16767
Important
12459
Important
12271
Important
12322
Important
16767
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.1
6.2
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12459
7.1
6.2
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12271
7.1
6.2
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12322
7.1
6.2
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16767
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12
12459
Maybe
Security Update
17.12.9
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12459
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8
12271
Maybe
Security Update
17.8.22
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12271
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10
12322
Maybe
Security Update
17.10.16
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12322
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.14
16767
Maybe
Security Update
17.14.5
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
16767
Release Notes
Nitesh Surana (@_niteshsurana) & Nelson William Gamazo Sanchez of Trend Micro Research with Trend Zero Day Initiative
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
<p>Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain ROOT privileges.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>A user can download an installer and before the user runs the installer, the attacker could replace it with a malicious installer. When the victim runs the malicious installer the attacker could elevate their privileges.</p>
Microsoft AutoUpdate (MAU)
Microsoft
Yes
CVE-2025-47968
Improper Input Validation
10949
Elevation of Privilege
10949
Important
10949
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10949
MAU
https://go.microsoft.com/fwlink/p/?linkid=830196
10949
Maybe
Security Update
4.79
https://support.office.com/en-us/article/Check-for-Office-for-Mac-updates-automatically-bfd1e497-c24d-4754-92ab-910a4074d7c1
10949
MAU
Anonymous
1.0
2025-06-10T00:00:00
<p>Information published.</p>
Nuance Digital Engagement Platform Spoofing Vulnerability
<p>Improper neutralization of input during web page generation ('cross-site scripting') in Nuance Digital Engagement Platform allows an unauthorized attacker to perform spoofing over a network.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p>
<p>Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.</p>
<p><strong>What actions do I need to take to be protected from this vulnerability?</strong></p>
<p>Affected customers need to enable the <strong>Block XSS</strong> field in the configurations setting for their program to prevent JavaScript injection. All affected customers have been notified by the Nuance team to make this update.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of the vulnerability requires that a user to open a specially crafted link.</p>
<p>An attacker would have no way to force users to click the link. Instead, an attacker would have to convince users to click the link through social engineering.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p>
Nuance Digital Engagement Platform
Microsoft
Yes
CVE-2025-47977
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
16781
Spoofing
16781
Important
16781
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.2
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
16781
Release Notes
https://docs.nuance.com/digital-engagement/ReleaseNotes/ReleaseNotes-5.64.x.html
16781
Maybe
Security Update
5.64.x
https://docs.nuance.com/digital-engagement/ReleaseNotes/ReleaseNotes-5.64.x.html?Highlight=XSS
16781
Release Notes
rushbruh
rushbruh
1.0
2025-06-10T00:00:00
<p>Information published.</p>
1.1
2025-06-12T00:00:00
<p>Updated the CVSS score and corrected FAQs. This is an informational change only.</p>
Chromium: CVE-2025-5958 Use after free in Media
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>137.0.3296.83</td>
<td>6/13/2025</td>
<td>137.0.7151.103/.104</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-5958
11655
11655
11655
Release Notes
11655
Maybe
Security Update
137.0.3296.83
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-06-13T00:00:12
<p>Information published.</p>
Chromium: CVE-2025-6191 Integer overflow in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>137.0.3296.93</td>
<td>6/19/2025</td>
<td>137.0.7151.119/.120</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-6191
11655
11655
11655
Release Notes
11655
No
Security Update
137.0.3296.93
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-06-19T08:24:24
<p>Information published.</p>
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
<p>Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>To successfully exploit this vulnerability, an attacker would need existing ability to execute Javascript in the impacted process.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>This vulnerability could lead to a browser sandbox escape.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>138.0.3351.55</td>
<td>6/26/2025</td>
<td>138.0.7204.49/.50</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2025-47182
Improper Input Validation
11655
Security Feature Bypass
11655
Moderate
11655
Publicly Disclosed:No;Exploited:No
5.6
4.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
138.0.3351.55
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
raven at Kunlun Lab
1.0
2025-06-26T00:00:00
<p>Information published.</p>
Chromium: CVE-2025-6555 Use after free in Animation
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>138.0.3351.55</td>
<td>6/26/2025</td>
<td>138.0.7204.49/.50</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-6555
11655
11655
11655
Release Notes
11655
No
Security Update
138.0.3351.55
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-06-26T00:00:50
<p>Information published.</p>
Microsoft Edge (Chromium-based) Spoofing Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>
<p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p>
<p>The Edge browser's tab-splitting feature, which allows users to browse two tabs simultaneously, only displays the domain prefix in the address bars instead of the full URL. This behavior can lead to phishing vulnerabilities, as attackers could exploit it to make malicious websites appear legitimate by mimicking trusted domain names.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>138.0.3351.55</td>
<td>6/26/2025</td>
<td>138.0.7204.49/.50</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2025-47964
User Interface (UI) Misrepresentation of Critical Information
11655
Spoofing
11655
Low
11655
Publicly Disclosed:No;Exploited:No
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
138.0.3351.55
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
<a href="https://www.linkedin.com/in/barathstalin/">Barath Stalin K</a>
1.0
2025-06-26T00:00:00
<p>Information published.</p>
Chromium: CVE-2025-6556 Insufficient policy enforcement in Loader
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>138.0.3351.55</td>
<td>6/26/2025</td>
<td>138.0.7204.49/.50</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-6556
11655
11655
11655
Release Notes
11655
No
Security Update
138.0.3351.55
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-06-26T00:00:54
<p>Information published.</p>
Chromium: CVE-2025-6557 Insufficient data validation in DevTools
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>138.0.3351.55</td>
<td>6/26/2025</td>
<td>138.0.7204.49/.50</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-6557
11655
11655
11655
Release Notes
11655
No
Security Update
138.0.3351.55
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-06-26T00:00:55
<p>Information published.</p>
Microsoft Edge (Chromium-based) Spoofing Vulnerability
<p>No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p>
<p>Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>138.0.3351.55</td>
<td>6/26/2025</td>
<td>138.0.7204.49/.50</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2025-47963
User Interface (UI) Misrepresentation of Critical Information
11655
Spoofing
11655
Low
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
6.3
5.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
138.0.3351.55
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
Puf
1.0
2025-06-26T00:00:00
<p>Information published.</p>
M365 Copilot Information Disclosure Vulnerability
<p>Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
M365 Copilot
Microsoft
No
CVE-2025-32711
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
16765
Information Disclosure
16765
Critical
16765
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
9.3
8.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
16765
Aim Labs (Part of Aim Security)
<a href="https://x.com/es7evam">Estevam Arantes</a> with Microsoft
1.0
2025-06-11T07:00:00
<p>Information published.</p>
1.1
2025-06-17T07:00:00
<p>Added an acknowledgement. This is an informational change only.</p>
1.2
2026-02-20T08:00:00
<p>Updated CWE value. This is an informational change only.</p>