March 2025 Security Updates
Security Update
secure@microsoft.com
The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc.
2025-Mar
2025-Mar
Final
1.0
343
2026-05-17T14:49:15
March 2025 Security Updates
2025-03-11T07:00:00
2026-05-17T14:49:15
<h2 id="this-release-consists-of-the-following-65-microsoft-cves">This release consists of the following 65 Microsoft CVEs:</h2>
<table>
<thead>
<tr>
<th>Tag</th>
<th>CVE</th>
<th>Base Score</th>
<th>CVSS Vector</th>
<th>Exploitability</th>
<th>FAQs?</th>
<th>Workarounds?</th>
<th>Mitigations?</th>
</tr>
</thead>
<tbody>
<tr>
<td>Windows exFAT File System</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21180">CVE-2025-21180</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Agent Installer</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21199">CVE-2025-21199</a></td>
<td>6.7</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows MapUrlToZone</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21247">CVE-2025-21247</a></td>
<td>4.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Health Bot</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21384">CVE-2025-21384</a></td>
<td>8.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Remote Desktop Services</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24035">CVE-2025-24035</a></td>
<td>8.1</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>.NET</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24043">CVE-2025-24043</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Win32 Kernel Subsystem</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24044">CVE-2025-24044</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Remote Desktop Services</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24045">CVE-2025-24045</a></td>
<td>8.1</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Streaming Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24046">CVE-2025-24046</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Role: Windows Hyper-V</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24048">CVE-2025-24048</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure CLI</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24049">CVE-2025-24049</a></td>
<td>8.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Role: Windows Hyper-V</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24050">CVE-2025-24050</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Routing and Remote Access Service (RRAS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24051">CVE-2025-24051</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Dataverse</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24053">CVE-2025-24053</a></td>
<td>7.2</td>
<td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows NTLM</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24054">CVE-2025-24054</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows USB Video Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24055">CVE-2025-24055</a></td>
<td>4.3</td>
<td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Telephony Server</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24056">CVE-2025-24056</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24057">CVE-2025-24057</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Common Log File System Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24059">CVE-2025-24059</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Mark of the Web (MOTW)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24061">CVE-2025-24061</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Role: DNS Server</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24064">CVE-2025-24064</a></td>
<td>8.1</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kernel-Mode Drivers</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24066">CVE-2025-24066</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Streaming Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24067">CVE-2025-24067</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>ASP.NET Core & Visual Studio</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24070">CVE-2025-24070</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows File Explorer</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24071">CVE-2025-24071</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Local Security Authority Server (lsasrv)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24072">CVE-2025-24072</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24075">CVE-2025-24075</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Cross Device Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24076">CVE-2025-24076</a></td>
<td>7.3</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Word</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24077">CVE-2025-24077</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Word</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24078">CVE-2025-24078</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Word</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24079">CVE-2025-24079</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24080">CVE-2025-24080</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24081">CVE-2025-24081</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24082">CVE-2025-24082</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24083">CVE-2025-24083</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Subsystem for Linux</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24084">CVE-2025-24084</a></td>
<td>8.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Win32 Kernel Subsystem</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24983">CVE-2025-24983</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td>
<td>Exploitation Detected</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows NTFS</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24984">CVE-2025-24984</a></td>
<td>4.6</td>
<td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C</td>
<td>Exploitation Detected</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Fast FAT Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24985">CVE-2025-24985</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td>
<td>Exploitation Detected</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure PromptFlow</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24986">CVE-2025-24986</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows USB Video Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24987">CVE-2025-24987</a></td>
<td>6.6</td>
<td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows USB Video Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24988">CVE-2025-24988</a></td>
<td>6.6</td>
<td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows NTFS</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24991">CVE-2025-24991</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C</td>
<td>Exploitation Detected</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows NTFS</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24992">CVE-2025-24992</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows NTFS</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24993">CVE-2025-24993</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td>
<td>Exploitation Detected</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Cross Device Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24994">CVE-2025-24994</a></td>
<td>7.3</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Kernel Streaming WOW Thunk Service Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24995">CVE-2025-24995</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows NTLM</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24996">CVE-2025-24996</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kernel Memory</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24997">CVE-2025-24997</a></td>
<td>4.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Visual Studio</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24998">CVE-2025-24998</a></td>
<td>7.3</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Visual Studio</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-25003">CVE-2025-25003</a></td>
<td>7.3</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Windows</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-25008">CVE-2025-25008</a></td>
<td>7.1</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Arc</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26627">CVE-2025-26627</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26629">CVE-2025-26629</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Access</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26630">CVE-2025-26630</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Visual Studio Code</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26631">CVE-2025-26631</a></td>
<td>7.3</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Management Console</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26633">CVE-2025-26633</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td>
<td>Exploitation Detected</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Core Messaging</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26634">CVE-2025-26634</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26643">CVE-2025-26643</a></td>
<td>5.4</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Remote Desktop Client</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26645">CVE-2025-26645</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Playwright</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26683">CVE-2025-26683</a></td>
<td>8.1</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29795">CVE-2025-29795</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29806">CVE-2025-29806</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Dataverse</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29807">CVE-2025-29807</a></td>
<td>8.7</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Partner Center</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29814">CVE-2025-29814</a></td>
<td>9.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H/E:P/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
</tbody>
</table>
<h2 id="we-are-republishing-22-non-microsoft-cves">We are republishing 22 non-Microsoft CVEs:</h2>
<table>
<thead>
<tr>
<th>CNA</th>
<th>Tag</th>
<th>CVE</th>
<th>FAQs?</th>
<th>Workarounds?</th>
<th>Mitigations?</th>
</tr>
</thead>
<tbody>
<tr>
<td>Synaptics, Inc.</td>
<td>Microsoft Windows</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-9157">CVE-2024-9157</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Kubernetes</td>
<td>Microsoft Azure Kubernetes Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-1097">CVE-2025-1097</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Kubernetes</td>
<td>Microsoft Azure Kubernetes Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-1098">CVE-2025-1098</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-1914">CVE-2025-1914</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-1915">CVE-2025-1915</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-1916">CVE-2025-1916</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-1917">CVE-2025-1917</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-1918">CVE-2025-1918</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-1919">CVE-2025-1919</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-1920">CVE-2025-1920</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-1921">CVE-2025-1921</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-1922">CVE-2025-1922</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-1923">CVE-2025-1923</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Kubernetes</td>
<td>Microsoft Azure Kubernetes Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-1974">CVE-2025-1974</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-2135">CVE-2025-2135</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-2136">CVE-2025-2136</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-2137">CVE-2025-2137</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24201">CVE-2025-24201</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Kubernetes</td>
<td>Microsoft Azure Kubernetes Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24513">CVE-2025-24513</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Kubernetes</td>
<td>Microsoft Azure Kubernetes Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24514">CVE-2025-24514</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-2476">CVE-2025-2476</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-2783">CVE-2025-2783</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
</tbody>
</table>
<h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2>
<table>
<thead>
<tr>
<th>Date</th>
<th>Blog Post</th>
</tr>
</thead>
<tbody>
<tr>
<td>November 12, 2024</td>
<td><a href="https://aka.ms/MSRC-CSAF-Blog">Toward greater transparency: Publishing machine-readable CSAF files</a></td>
</tr>
<tr>
<td>June 27, 2024</td>
<td><a href="https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves/">Toward greater transparency: Unveiling Cloud Service CVEs</a></td>
</tr>
<tr>
<td>April 9, 2024</td>
<td><a href="https://aka.ms/MSRC-CWE-Blog">Toward greater transparency: Security Update Guide now shares CWEs for CVEs</a></td>
</tr>
<tr>
<td>January 6, 2023</td>
<td><a href="https://msrc.microsoft.com/blog/2023/01/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/">Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API</a></td>
</tr>
<tr>
<td>January 11, 2022</td>
<td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td>
</tr>
<tr>
<td>February 9, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td>
</tr>
<tr>
<td>January 13, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td>
</tr>
<tr>
<td>December 8, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td>
</tr>
<tr>
<td>November 9, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td>
</tr>
</tbody>
</table>
<h2 id="relevant-resources">Relevant Resources</h2>
<ul>
<li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li>
<li>Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li>
<li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li>
<li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li>
<li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li>
<li>Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li>
</ul>
<h2 id="known-issues">Known Issues</h2>
<p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p>
<p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p>
<table>
<thead>
<tr>
<th>KB Article</th>
<th>Applies To</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://support.microsoft.com/help/5053596">5053596</a></td>
<td>Windows 10, version 1809, Windows Server 2019</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5053598">5053598</a></td>
<td>Windows 11, version 24H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5053599">5053599</a></td>
<td>Windows Server 2022, 23H2 Edition (Server Core installation)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5053602">5053602</a></td>
<td>Windows 11, version 22H2, Windows 11, version 23H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5053606">5053606</a></td>
<td>Windows 10, version 21H2, Windows 10, version 22H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5053888">5053888</a></td>
<td>Windows Server 2008 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5053995">5053995</a></td>
<td>Windows Server 2008 (Security-only update)</td>
</tr>
</tbody>
</table>
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Azure Kubernetes Service
Azure promptflow-core
Azure promptflow-tools
Microsoft Partner Center
Azure Playwright
Azure Health Bot
Azure Agent for Site Recovery
Azure Agent for Backup
Azure CLI
Azure ARC
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows Server 2025 (Server Core installation)
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows Server 2025
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows App Client for Windows Desktop
Remote Desktop client for Windows Desktop
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
WinDbg
ASP.NET Core 8.0
ASP.NET Core 9.0
Microsoft Visual Studio 2022 version 17.12
Microsoft Visual Studio 2022 version 17.13
Microsoft Visual Studio 2022 version 17.8
Microsoft Visual Studio 2022 version 17.10
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Visual Studio Code
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2024 for 32-bit editions
Microsoft Office LTSC 2024 for 64-bit editions
Microsoft Office LTSC for Mac 2024
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Office Online Server
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Access 2016 (32-bit edition)
Microsoft Access 2016 (64-bit edition)
Microsoft Edge (Chromium-based)
Microsoft Edge Update Setup
Microsoft Dataverse
cbl2 freetype 2.13.1-1 on CBL Mariner 2.0
cbl2 vim 9.1.1198-1 on CBL Mariner 2.0
azl3 vim 9.1.1198-1 on Azure Linux 3.0
azl3 vim 9.1.1164-1 on Azure Linux 3.0
azl3 vim 9.1.0791-4 on Azure Linux 3.0
cbl2 vim 9.1.1164-1 on CBL Mariner 2.0
cbl2 freetype 2.13.0-1 on CBL Mariner 2.0
cbl2 qt5-qtbase 5.12.11-16 on CBL Mariner 2.0
cbl2 vim 9.1.0791-4 on CBL Mariner 2.0
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Microsoft Access 2016 (32-bit edition)
Microsoft Access 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Windows Server 2016
Office Online Server
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016 (Server Core installation)
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Visual Studio Code
Microsoft Edge (Chromium-based)
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Remote Desktop client for Windows Desktop
Azure Kubernetes Service
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Azure ARC
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Azure CLI
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
ASP.NET Core 8.0
Microsoft Visual Studio 2022 version 17.8
Microsoft Visual Studio 2022 version 17.10
Microsoft Dataverse
Azure Linux 3.0 x64
Azure Linux 3.0 ARM
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Azure Health Bot
Microsoft Office LTSC 2024 for 32-bit editions
Microsoft Office LTSC 2024 for 64-bit editions
Microsoft Partner Center
Windows Server 2025
Windows Server 2025 (Server Core installation)
Microsoft Office LTSC for Mac 2024
Windows App Client for Windows Desktop
Microsoft Visual Studio 2022 version 17.12
Microsoft Edge Update Setup
Azure Agent for Site Recovery
WinDbg
Microsoft Visual Studio 2022 version 17.13
ASP.NET Core 9.0
Azure promptflow-core
Azure promptflow-tools
Azure Agent for Backup
Azure Playwright
cbl2 kernel 5.15.186.1-1 on CBL Mariner 2.0
cbl2 qemu 6.2.0-24 on CBL Mariner 2.0
cbl2 kernel 5.15.180.1-1 on CBL Mariner 2.0
cbl2 cmake 3.21.4-17 on CBL Mariner 2.0
cbl2 kernel 5.15.176.3-3 on CBL Mariner 2.0
cbl2 kernel 5.15.179.1-1 on CBL Mariner 2.0
cbl2 php 8.1.31-1 on CBL Mariner 2.0
cbl2 telegraf 1.29.4-14 on CBL Mariner 2.0
cbl2 azcopy 10.25.1-4 on CBL Mariner 2.0
cbl2 etcd 3.5.21-1 on CBL Mariner 2.0
cbl2 packer 1.9.5-11 on CBL Mariner 2.0
cbl2 hdf5 1.14.4-1 on CBL Mariner 2.0
azl3 qemu 8.2.0-16 on Azure Linux 3.0
azl3 moby-containerd-cc 1.7.7-9 on Azure Linux 3.0
azl3 cmake 3.30.3-6 on Azure Linux 3.0
azl3 kernel 6.6.82.1-1 on Azure Linux 3.0
azl3 containerd2 2.0.0-8 on Azure Linux 3.0
azl3 containerd 1.7.13-8 on Azure Linux 3.0
azl3 libxslt 1.1.43-1 on Azure Linux 3.0
azl3 expat 2.6.4-1 on Azure Linux 3.0
azl3 kernel 6.6.78.1-3 on Azure Linux 3.0
azl3 packer 1.9.5-7 on Azure Linux 3.0
azl3 vitess 19.0.4-7 on Azure Linux 3.0
azl3 php 8.3.14-1 on Azure Linux 3.0
azl3 etcd 3.5.18-1 on Azure Linux 3.0
azl3 prometheus 2.45.4-12 on Azure Linux 3.0
azl3 telegraf 1.31.0-6 on Azure Linux 3.0
azl3 keda 2.14.1-6 on Azure Linux 3.0
azl3 influxdb 2.7.5-3 on Azure Linux 3.0
azl3 packer 1.9.5-8 on Azure Linux 3.0
azl3 azcopy 10.25.1-4 on Azure Linux 3.0
azl3 python3 3.12.9-1 on Azure Linux 3.0
azl3 tensorflow 2.16.1-9 on Azure Linux 3.0
azl3 hdf5 1.14.4.3-1 on Azure Linux 3.0
cbl2 freetype 2.13.0-1 on CBL Mariner 2.0
cbl2 terraform 1.3.2-25 on CBL Mariner 2.0
azl3 gcc 13.2.0-7 on Azure Linux 3.0
cbl2 gcc 11.2.0-8 on CBL Mariner 2.0
cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0
cbl2 php 8.1.32-1 on CBL Mariner 2.0
azl3 docker-buildx 0.14.0-5 on Azure Linux 3.0
azl3 vim 9.1.0791-4 on Azure Linux 3.0
azl3 php 8.3.19-1 on Azure Linux 3.0
azl3 keras 3.3.3-2 on Azure Linux 3.0
azl3 libarchive 3.7.7-2 on Azure Linux 3.0
azl3 mariadb 10.11.11-1 on Azure Linux 3.0
cbl2 vitess 17.0.7-7 on CBL Mariner 2.0
azl3 git-lfs 3.6.1-2 on Azure Linux 3.0
azl3 vitess 19.0.4-6 on Azure Linux 3.0
azl3 prometheus-node-exporter 1.7.0-3 on Azure Linux 3.0
azl3 prometheus-process-exporter 0.8.2-2 on Azure Linux 3.0
azl3 packer 1.9.5-9 on Azure Linux 3.0
azl3 kubernetes 1.30.10-7 on Azure Linux 3.0
azl3 ig 0.37.0-4 on Azure Linux 3.0
azl3 telegraf 1.31.0-10 on Azure Linux 3.0
azl3 influxdb 2.7.5-5 on Azure Linux 3.0
azl3 keda 2.14.1-7 on Azure Linux 3.0
azl3 cifs-utils 7.3-1 on Azure Linux 3.0
cbl2 libarchive 3.6.1-5 on CBL Mariner 2.0
azl3 augeas 1.12.0-6 on Azure Linux 3.0
azl3 erlang 26.2.5.9-1 on Azure Linux 3.0
azl3 ruby 3.3.5-3 on Azure Linux 3.0
cbl2 freetype 2.13.1-1 on CBL Mariner 2.0
cbl2 vim 9.1.1164-1 on CBL Mariner 2.0
azl3 vim 9.1.1164-1 on Azure Linux 3.0
cbl2 nodejs18 18.20.3-5 on CBL Mariner 2.0
cbl2 python-jinja2 3.0.3-6 on CBL Mariner 2.0
azl3 nodejs 20.14.0-7 on Azure Linux 3.0
azl3 python-jinja2 3.1.2-3 on Azure Linux 3.0
azl3 pytorch 2.2.2-7 on Azure Linux 3.0
cbl2 vim 9.1.1198-1 on CBL Mariner 2.0
azl3 vim 9.1.1198-1 on Azure Linux 3.0
cbl2 coredns 1.11.1-17 on CBL Mariner 2.0
azl3 coredns 1.11.4-4 on Azure Linux 3.0
azl3 keda 2.14.1-4 on Azure Linux 3.0
azl3 ig 0.37.0-3 on Azure Linux 3.0
azl3 keda 2.14.1-5 on Azure Linux 3.0
cbl2 packer 1.9.5-12 on CBL Mariner 2.0
cbl2 kubernetes 1.28.4-16 on CBL Mariner 2.0
cbl2 telegraf 1.29.4-13 on CBL Mariner 2.0
cbl2 cert-manager 1.11.2-21 on CBL Mariner 2.0
cbl2 prometheus 2.37.9-3 on CBL Mariner 2.0
cbl2 coredns 1.11.1-16 on CBL Mariner 2.0
cbl2 terraform 1.3.2-24 on CBL Mariner 2.0
cbl2 moby-engine 24.0.9-16 on CBL Mariner 2.0
azl3 kubernetes 1.30.10-4 on Azure Linux 3.0
azl3 telegraf 1.31.0-7 on Azure Linux 3.0
azl3 application-gateway-kubernetes-ingress 1.7.7-2 on Azure Linux 3.0
azl3 moby-engine 25.0.3-12 on Azure Linux 3.0
azl3 coredns 1.11.4-5 on Azure Linux 3.0
azl3 blobfuse2 2.3.2-2 on Azure Linux 3.0
azl3 azcopy 10.25.1-3 on Azure Linux 3.0
azl3 etcd 3.5.21-1 on Azure Linux 3.0
azl3 cert-manager 1.12.15-3 on Azure Linux 3.0
azl3 prometheus 2.45.4-9 on Azure Linux 3.0
azl3 flannel 0.24.2-12 on Azure Linux 3.0
cbl2 erlang 25.2-4 on CBL Mariner 2.0
azl3 erlang 26.2.5.10-1 on Azure Linux 3.0
azl3 rabbitmq-server 3.13.7-2 on Azure Linux 3.0
azl3 qtbase 6.6.3-3 on Azure Linux 3.0
azl3 kernel 6.6.92.2-1 on Azure Linux 3.0
azl3 grub2 2.06-24 on Azure Linux 3.0
azl3 nodejs 20.14.0-8 on Azure Linux 3.0
cbl2 qemu 6.2.0-24 on CBL Mariner 2.0
cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0
azl3 golang 1.23.9-1 on Azure Linux 3.0
cbl2 python3 3.9.19-13 on CBL Mariner 2.0
cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0
azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0
azl3 golang 1.24.3-1 on Azure Linux 3.0
cbl2 vitess 17.0.7-8 on CBL Mariner 2.0
cbl2 libarchive 3.6.1-6 on CBL Mariner 2.0
cbl2 kernel 5.15.176.3-3 on CBL Mariner 2.0
cbl2 gcc 11.2.0-8 on CBL Mariner 2.0
cbl2 prometheus 2.37.9-4 on CBL Mariner 2.0
cbl2 ruby 3.1.4-9 on CBL Mariner 2.0
azl3 moby-engine 25.0.3-13 on Azure Linux 3.0
cbl2 msft-golang 1.24.1-2 on CBL Mariner 2.0
cbl2 edk2 20230301gitf80f052277c8-42 on CBL Mariner 2.0
azl3 kernel 6.6.85.1-4 on Azure Linux 3.0
cbl2 vim 9.1.0791-4 on CBL Mariner 2.0
cbl2 golang 1.18.8-8 on CBL Mariner 2.0
cbl2 kubernetes 1.28.4-18 on CBL Mariner 2.0
cbl2 moby-engine 24.0.9-17 on CBL Mariner 2.0
cbl2 cert-manager 1.11.2-22 on CBL Mariner 2.0
cbl2 reaper 3.1.1-18 on CBL Mariner 2.0
cbl2 influxdb 2.6.1-22 on CBL Mariner 2.0
cbl2 keda 2.4.0-29 on CBL Mariner 2.0
cbl2 moby-containerd 1.6.26-11 on CBL Mariner 2.0
cbl2 python-jinja2 3.0.3-7 on CBL Mariner 2.0
cbl2 moby-containerd-cc 1.7.7-11 on CBL Mariner 2.0
cbl2 coredns 1.11.1-18 on CBL Mariner 2.0
cbl2 nodejs18 18.20.3-6 on CBL Mariner 2.0
azl3 flannel 0.24.2-14 on Azure Linux 3.0
azl3 coredns 1.11.4-6 on Azure Linux 3.0
cbl2 terraform 1.3.2-25 on CBL Mariner 2.0
cbl2 azcopy 10.25.1-5 on CBL Mariner 2.0
cbl2 blobfuse2 2.1.2-8 on CBL Mariner 2.0
cbl2 etcd 3.5.12-6 on CBL Mariner 2.0
cbl2 git-lfs 3.5.1-5 on CBL Mariner 2.0
cbl2 telegraf 1.29.4-16 on CBL Mariner 2.0
cbl2 packer 1.9.5-13 on CBL Mariner 2.0
cbl2 pytorch 2.0.0-9 on CBL Mariner 2.0
cbl2 atop 2.6.0-9 on CBL Mariner 2.0
azl3 containerd2 2.0.0-9 on Azure Linux 3.0
azl3 atop 2.9.0-1 on Azure Linux 3.0
cbl2 cifs-utils 6.14-3 on CBL Mariner 2.0
cbl2 hdf5 1.14.4-1 on CBL Mariner 2.0
azl3 cifs-utils 7.0-2 on Azure Linux 3.0
cbl2 rabbitmq-server 3.11.24-3 on CBL Mariner 2.0
cbl2 php 8.1.31-1 on CBL Mariner 2.0
cbl2 gnuplot 5.4.3-1 on CBL Mariner 2.0
azl3 gnuplot 5.4.8-1 on Azure Linux 3.0
cbl2 kernel 5.15.184.1-1 on CBL Mariner 2.0
cbl2 cmake 3.21.4-18 on CBL Mariner 2.0
cbl2 erlang 25.2-3 on CBL Mariner 2.0
cbl2 mariadb 10.6.21-1 on CBL Mariner 2.0
cbl2 grub2 2.06-14 on CBL Mariner 2.0
cbl2 freetype 2.13.0-1 on CBL Mariner 2.0
cbl2 qt5-qtbase 5.12.11-16 on CBL Mariner 2.0
cbl2 golang 1.22.7-4 on CBL Mariner 2.0
azl3 edk2 20240524git3e722403cd16-9 on Azure Linux 3.0
cbl2 hvloader 1.0.1-13 on CBL Mariner 2.0
azl3 kubernetes 1.30.10-9 on Azure Linux 3.0
azl3 glslang 14.0.0-2 on Azure Linux 3.0
cbl2 libxslt 1.1.34-8 on CBL Mariner 2.0
azl3 libxslt 1.1.39-1 on Azure Linux 3.0
cbl2 expat 2.6.4-1 on CBL Mariner 2.0
cbl2 moby-buildx 0.7.1-25 on CBL Mariner 2.0
cbl2 gnupg2 2.4.0-2 on CBL Mariner 2.0
azl3 gnupg2 2.4.7-1 on Azure Linux 3.0
cbl2 augeas 1.12.0-6 on CBL Mariner 2.0
cbl2 kubernetes 1.28.4-19 on CBL Mariner 2.0
cbl2 blobfuse2 2.1.2-9 on CBL Mariner 2.0
cbl2 edk2 20230301gitf80f052277c8-43 on CBL Mariner 2.0
cbl2 hvloader 1.0.1-14 on CBL Mariner 2.0
azl3 kernel 6.6.96.2-2 on Azure Linux 3.0
azl3 kubernetes 1.30.10-11 on Azure Linux 3.0
cbl2 grub2 2.06-15 on CBL Mariner 2.0
azl3 kernel 6.6.104.2-4 on Azure Linux 3.0
azl3 grub2 2.06-25 on Azure Linux 3.0
azl3 edk2 20240524git3e722403cd16-10 on Azure Linux 3.0
azl3 kubernetes 1.30.10-13 on Azure Linux 3.0
azl3 kernel 6.6.112.1-2 on Azure Linux 3.0
azl3 kubernetes 1.30.10-14 on Azure Linux 3.0
cbl2 atop 2.6.0-10 on CBL Mariner 2.0
cbl2 pytorch 2.0.0-11 on CBL Mariner 2.0
azl3 kubernetes 1.30.10-16 on Azure Linux 3.0
azl3 kernel 6.6.117.1-1 on Azure Linux 3.0
azl3 pytorch 2.2.2-9 on Azure Linux 3.0
azl3 telegraf 1.31.0-11 on Azure Linux 3.0
azl3 atop 2.9.0-2 on Azure Linux 3.0
azl3 hdf5 1.14.6-1 on Azure Linux 3.0
cbl2 hdf5 1.14.6-1 on CBL Mariner 2.0
cbl2 kubernetes 1.28.4-21 on CBL Mariner 2.0
cbl2 mariadb 10.6.24-1 on CBL Mariner 2.0
cbl2 edk2 20230301gitf80f052277c8-44 on CBL Mariner 2.0
cbl2 hvloader 1.0.1-15 on CBL Mariner 2.0
azl3 kernel 6.6.119.3-1 on Azure Linux 3.0
azl3 edk2 20240524git3e722403cd16-11 on Azure Linux 3.0
azl3 kubernetes 1.30.10-18 on Azure Linux 3.0
azl3 gnupg2 2.4.9-1 on Azure Linux 3.0
azl3 telegraf 1.31.0-12 on Azure Linux 3.0
azl3 pytorch 2.2.2-10 on Azure Linux 3.0
azl3 kernel 6.6.119.3-3 on Azure Linux 3.0
azl3 kernel 6.6.121.1-1 on Azure Linux 3.0
cbl2 pytorch 2.0.0-12 on CBL Mariner 2.0
cbl2 kubernetes 1.28.4-23 on CBL Mariner 2.0
azl3 edk2 20240524git3e722403cd16-14 on Azure Linux 3.0
cbl2 edk2 20230301gitf80f052277c8-45 on CBL Mariner 2.0
cbl2 hvloader 1.0.1-16 on CBL Mariner 2.0
azl3 gnupg2 2.4.9-2 on Azure Linux 3.0
azl3 kubernetes 1.30.10-20 on Azure Linux 3.0
cbl2 kernel 5.15.200.1-1 on CBL Mariner 2.0
cbl2 kubernetes 1.28.4-25 on CBL Mariner 2.0
cbl2 gnupg2 2.4.0-3 on CBL Mariner 2.0
azl3 kernel 6.6.126.1-1 on Azure Linux 3.0
azl3 kubernetes 1.30.10-21 on Azure Linux 3.0
azl3 telegraf 1.31.0-15 on Azure Linux 3.0
cbl2 kernel 5.15.202.1-1 on CBL Mariner 2.0
azl3 kernel 6.6.130.1-3 on Azure Linux 3.0
azl3 hdf5 1.14.6-2 on Azure Linux 3.0
cbl2 hdf5 1.14.6-2 on CBL Mariner 2.0
azl3 telegraf 1.31.0-17 on Azure Linux 3.0
azl3 kubernetes 1.30.10-22 on Azure Linux 3.0
azl3 kernel 6.6.134.1-2 on Azure Linux 3.0
azl3 kubernetes 1.30.10-23 on Azure Linux 3.0
azl3 telegraf 1.31.0-19 on Azure Linux 3.0
azl3 kernel 6.6.137.1-2 on Azure Linux 3.0
azl3 kernel 6.6.138.1-1 on Azure Linux 3.0
azl3 kernel 6.6.139.1-1 on Azure Linux 3.0
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Secrets leakage to telemetry endpoint via cache backend configuration via buildx
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Docker
Yes
CVE-2025-0495
Insertion of Sensitive Information into Log File
19254-17084
20309-17086
19254-17084
20309-17086
Moderate
19254-17084
Moderate
20309-17086
CBL-Mariner Releases
19254-17084
No
Security Update
0.14.0-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19254-17084
CBL-Mariner Releases
CBL-Mariner Releases
20309-17086
No
Security Update
0.7.1-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20309-17086
CBL-Mariner Releases
1.0
2025-05-27T00:00:00
<p>Information published.</p>
2.1
2026-02-18T15:04:22
<p>Information published.</p>
2.0
2025-07-11T00:00:00
<p>Added moby-buildx to CBL-Mariner 2.0
Added docker-buildx to Azure Linux 3.0</p>
Header parser of http stream wrapper does not handle folded headers
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
php
Yes
CVE-2025-1217
Improper Input Validation
17550-17084
17167-17086
19238-16823
19269-17084
19996-17086
17550-17084
17167-17086
19238-16823
19269-17084
19996-17086
Moderate
17550-17084
Moderate
17167-17086
Moderate
19238-16823
Moderate
19269-17084
19996-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
17550-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
17167-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
19238-16823
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
19269-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
19996-17086
CBL-Mariner Releases
17550-17084
19269-17084
No
Security Update
8.3.19-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17550-17084
19269-17084
CBL-Mariner Releases
CBL-Mariner Releases
17167-17086
19238-16823
19996-17086
No
Security Update
8.1.32-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17167-17086
19238-16823
19996-17086
CBL-Mariner Releases
1.0
2025-04-01T00:00:00
<p>Information published.</p>
2.0
2025-05-02T00:00:00
<p>Information published.</p>
3.0
2026-02-18T01:38:35
<p>Information published.</p>
Streams HTTP wrapper does not fail for headers with invalid name and no colon
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
php
Yes
CVE-2025-1734
Improper Input Validation
17167-17086
19238-16823
19269-17084
19996-17086
17550-17084
17167-17086
19238-16823
19269-17084
19996-17086
17550-17084
Moderate
17167-17086
Moderate
19238-16823
Moderate
19269-17084
19996-17086
Moderate
17550-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
17167-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
19238-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
19269-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
19996-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
17550-17084
CBL-Mariner Releases
17167-17086
19238-16823
19996-17086
No
Security Update
8.1.32-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17167-17086
19238-16823
19996-17086
CBL-Mariner Releases
CBL-Mariner Releases
19269-17084
17550-17084
No
Security Update
8.3.19-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19269-17084
17550-17084
CBL-Mariner Releases
1.0
2025-04-01T00:00:00
<p>Information published.</p>
2.0
2025-04-03T00:00:00
<p>Information published.</p>
2.1
2025-07-02T00:00:00
<p>Added php to CBL-Mariner 2.0
Added php to Azure Linux 3.0</p>
3.0
2026-02-18T01:44:20
<p>Information published.</p>
Stream HTTP wrapper truncates redirect location to 1024 bytes
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
php
Yes
CVE-2025-1861
Incorrect Calculation of Buffer Size
17550-17084
17167-17086
19238-16823
19269-17084
19996-17086
17550-17084
17167-17086
19238-16823
19269-17084
19996-17086
Moderate
17550-17084
Moderate
17167-17086
Moderate
19238-16823
Moderate
19269-17084
19996-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17550-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17167-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19238-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19269-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19996-17086
CBL-Mariner Releases
17550-17084
19269-17084
No
Security Update
8.3.19-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17550-17084
19269-17084
CBL-Mariner Releases
CBL-Mariner Releases
17167-17086
19238-16823
19996-17086
No
Security Update
8.1.32-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17167-17086
19238-16823
19996-17086
CBL-Mariner Releases
1.0
2025-04-01T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:42:09
<p>Information published.</p>
1.1
2025-07-02T00:00:00
<p>Added php to CBL-Mariner 2.0
Added php to Azure Linux 3.0</p>
acct: perform last write from workqueue
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21846
NULL Pointer Dereference
17471-17084
19682-17086
17103-16823
17465-17084
18490-17086
17471-17084
19682-17086
17103-16823
17465-17084
18490-17086
Moderate
17471-17084
19682-17086
Moderate
17103-16823
Moderate
17465-17084
Moderate
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17103-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17465-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
CBL-Mariner Releases
17471-17084
17465-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17465-17084
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
2.0
2026-02-21T02:18:03
<p>Information published.</p>
ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21847
NULL Pointer Dereference
17471-17084
17465-17084
17471-17084
17465-17084
Moderate
17471-17084
Moderate
17465-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17465-17084
CBL-Mariner Releases
17471-17084
17465-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17465-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
1.1
2026-02-21T02:21:42
<p>Information published.</p>
sockmap, vsock: For connectible sockets allow only connected
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21854
NULL Pointer Dereference
17471-17084
17465-17084
17471-17084
17465-17084
Moderate
17471-17084
Moderate
17465-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17465-17084
CBL-Mariner Releases
17471-17084
17465-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17465-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:28:24
<p>Information published.</p>
net/sched: cls_api: fix error handling causing NULL dereference
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21857
NULL Pointer Dereference
17471-17084
17465-17084
17471-17084
17465-17084
Moderate
17471-17084
Moderate
17465-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17465-17084
CBL-Mariner Releases
17471-17084
17465-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17465-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:29:04
<p>Information published.</p>
drop_monitor: fix incorrect initialization order
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21862
Use of Uninitialized Resource
17471-17084
17103-16823
17465-17084
19682-17086
18490-17086
17471-17084
17103-16823
17465-17084
19682-17086
18490-17086
Moderate
17471-17084
Moderate
17103-16823
Moderate
17465-17084
19682-17086
Moderate
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17103-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17465-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
CBL-Mariner Releases
17471-17084
17465-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17465-17084
CBL-Mariner Releases
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
2.0
2026-02-18T02:26:54
<p>Information published.</p>
io_uring: prevent opcode speculation
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21863
17465-17084
17471-17084
17087-17086
20925-17086
21093-17086
17465-17084
17471-17084
17087-17086
20925-17086
21093-17086
Moderate
17465-17084
Moderate
17471-17084
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17465-17084
5.8
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
17471-17084
5.8
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
17087-17086
5.8
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
20925-17086
5.8
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
21093-17086
CBL-Mariner Releases
17465-17084
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17465-17084
17471-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
1.1
2026-02-21T02:23:12
<p>Information published.</p>
2.0
2026-03-03T14:45:24
<p>Information published.</p>
3.0
2026-03-31T14:59:00
<p>Information published.</p>
bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21867
17471-17084
17465-17084
17471-17084
17465-17084
Important
17471-17084
Important
17465-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17471-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17465-17084
CBL-Mariner Releases
17471-17084
17465-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17465-17084
CBL-Mariner Releases
1.1
2026-02-18T01:59:55
<p>Information published.</p>
1.0
2025-04-09T00:00:00
<p>Information published.</p>
ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21887
17471-17084
17099-17086
17095-16823
17465-17084
19705-17086
17471-17084
17099-17086
17095-16823
17465-17084
19705-17086
Important
17471-17084
Important
17099-17086
Important
17095-16823
Important
17465-17084
19705-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17471-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17099-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17095-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17465-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19705-17086
CBL-Mariner Releases
17471-17084
17465-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17465-17084
CBL-Mariner Releases
CBL-Mariner Releases
17099-17086
17095-16823
19705-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17099-17086
17095-16823
19705-17086
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
2.0
2025-05-05T00:00:00
<p>Information published.</p>
3.0
2026-02-18T01:52:27
<p>Information published.</p>
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2025-25724
Unchecked Return Value
19704-17086
19366-16823
19277-17084
19704-17086
19366-16823
19277-17084
Moderate
19704-17086
Moderate
19366-16823
Moderate
19277-17084
4.0
4.0
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
19704-17086
4.0
4.0
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
19366-16823
4.0
4.0
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
19277-17084
CBL-Mariner Releases
19704-17086
19366-16823
No
Security Update
3.6.1-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19704-17086
19366-16823
CBL-Mariner Releases
CBL-Mariner Releases
19277-17084
No
Security Update
3.7.7-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19277-17084
CBL-Mariner Releases
1.0
2025-03-19T00:00:00
<p>Information published.</p>
2.1
2025-07-17T00:00:00
<p>Added libarchive to CBL-Mariner 2.0
Added libarchive to Azure Linux 3.0</p>
2.0
2025-04-09T00:00:00
<p>Information published.</p>
2.2
2026-02-18T01:03:55
<p>Information published.</p>
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2025-27220
Inefficient Regular Expression Complexity
19723-17086
19393-17084
19723-17086
19393-17084
Moderate
19723-17086
Moderate
19393-17084
4.0
4.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L
19723-17086
4.0
4.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L
19393-17084
CBL-Mariner Releases
19723-17086
No
Security Update
3.1.4-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19723-17086
CBL-Mariner Releases
CBL-Mariner Releases
19393-17084
No
Security Update
3.3.5-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19393-17084
CBL-Mariner Releases
1.0
2025-03-19T00:00:00
<p>Information published.</p>
2.0
2025-04-19T00:00:00
<p>Information published.</p>
2.1
2026-02-18T01:16:01
<p>Information published.</p>
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2025-27221
Improper Removal of Sensitive Information Before Storage or Transfer
19393-17084
19723-17086
19393-17084
19723-17086
Low
19393-17084
Low
19723-17086
3.2
3.2
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
19393-17084
3.2
3.2
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
19723-17086
CBL-Mariner Releases
19393-17084
No
Security Update
3.3.5-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19393-17084
CBL-Mariner Releases
CBL-Mariner Releases
19723-17086
No
Security Update
3.1.4-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19723-17086
CBL-Mariner Releases
1.0
2025-03-19T00:00:00
<p>Information published.</p>
2.0
2025-04-19T00:00:00
<p>Information published.</p>
2.1
2026-02-18T01:13:11
<p>Information published.</p>
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
facebook
Yes
CVE-2025-27363
19394-16823
20108-17086
20114-17086
17906-17086
19394-16823
20108-17086
20114-17086
17906-17086
Important
19394-16823
20108-17086
Important
20114-17086
Important
17906-17086
8.1
7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
19394-16823
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
20108-17086
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
20114-17086
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
17906-17086
CBL-Mariner Releases
19394-16823
20108-17086
17906-17086
No
Security Update
2.13.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19394-16823
20108-17086
17906-17086
CBL-Mariner Releases
1.0
2025-03-15T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:59:01
<p>Information published.</p>
Jinja sandbox breakout through attr filter selecting format method
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-27516
Improper Neutralization of Special Elements Used in a Template Engine
19846-17086
19397-16823
19398-16823
19399-17084
19400-17084
19873-17086
19608-17084
19846-17086
19397-16823
19398-16823
19399-17084
19400-17084
19873-17086
19608-17084
Moderate
19846-17086
Moderate
19397-16823
Moderate
19398-16823
Moderate
19399-17084
Moderate
19400-17084
Moderate
19873-17086
Moderate
19608-17084
8.8
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
19846-17086
8.8
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
19397-16823
8.8
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
19398-16823
8.8
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
19399-17084
8.8
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
19400-17084
8.8
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
19873-17086
8.8
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
19608-17084
CBL-Mariner Releases
19846-17086
19398-16823
No
Security Update
3.0.3-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19846-17086
19398-16823
CBL-Mariner Releases
CBL-Mariner Releases
19397-16823
19873-17086
No
Security Update
18.20.3-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19397-16823
19873-17086
CBL-Mariner Releases
CBL-Mariner Releases
19399-17084
19608-17084
No
Security Update
20.14.0-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19399-17084
19608-17084
CBL-Mariner Releases
CBL-Mariner Releases
19400-17084
No
Security Update
3.1.2-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19400-17084
CBL-Mariner Releases
1.0
2025-03-10T00:00:00
<p>Information published.</p>
3.0
2025-03-19T00:00:00
<p>Information published.</p>
4.1
2026-02-18T01:19:32
<p>Information published.</p>
2.0
2025-03-18T00:00:00
<p>Information published.</p>
4.0
2025-04-24T00:00:00
<p>Information published.</p>
Vim vulnerable to potential data loss with zip.vim and special crafted zip files
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-29768
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
19408-16823
19409-17084
19396-17084
19744-17086
19408-16823
19409-17084
19396-17084
19744-17086
Moderate
19408-16823
Moderate
19409-17084
Moderate
19396-17084
Moderate
19744-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
19408-16823
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
19409-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
19396-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
19744-17086
CBL-Mariner Releases
19408-16823
19409-17084
19396-17084
19744-17086
No
Security Update
9.1.1198-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19408-16823
19409-17084
19396-17084
19744-17086
CBL-Mariner Releases
2.0
2025-03-28T00:00:00
<p>Information published.</p>
1.0
2025-03-25T00:00:00
<p>Information published.</p>
2.1
2026-02-21T02:32:01
<p>Information published.</p>
Memory Exhaustion in Expr Parser with Unrestricted Input
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-29786
Allocation of Resources Without Limits or Throttling
19342-17084
19347-17084
19410-16823
19411-17084
19412-17084
19413-17084
19867-17086
19908-17084
19342-17084
19347-17084
19410-16823
19411-17084
19412-17084
19413-17084
19867-17086
19908-17084
Important
19342-17084
Important
19347-17084
Important
19410-16823
Important
19411-17084
Important
19412-17084
Important
19413-17084
Important
19867-17086
Important
19908-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19342-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19347-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19410-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19411-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19412-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19413-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19867-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19908-17084
CBL-Mariner Releases
19342-17084
19413-17084
No
Security Update
0.37.0-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19342-17084
19413-17084
CBL-Mariner Releases
CBL-Mariner Releases
19347-17084
19412-17084
No
Security Update
2.14.1-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19347-17084
19412-17084
CBL-Mariner Releases
CBL-Mariner Releases
19410-16823
19867-17086
No
Security Update
1.11.1-17
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19410-16823
19867-17086
CBL-Mariner Releases
CBL-Mariner Releases
19411-17084
19908-17084
No
Security Update
1.11.4-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19411-17084
19908-17084
CBL-Mariner Releases
1.0
2025-03-28T00:00:00
<p>Information published.</p>
2.1
2026-02-18T15:03:36
<p>Information published.</p>
2.0
2025-04-08T00:00:00
<p>Information published.</p>
KEX init error results with excessive memory usage
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-30211
Memory Allocation with Excessive Size Value
20067-17086
19435-16823
19436-17084
19374-17084
20067-17086
19435-16823
19436-17084
19374-17084
Important
20067-17086
Important
19435-16823
Important
19436-17084
Important
19374-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20067-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19435-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19436-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19374-17084
CBL-Mariner Releases
20067-17086
19435-16823
No
Security Update
25.2-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20067-17086
19435-16823
CBL-Mariner Releases
CBL-Mariner Releases
19436-17084
19374-17084
No
Security Update
26.2.5.10-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19436-17084
19374-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
2.0
2025-04-11T00:00:00
<p>Information published.</p>
2.1
2026-02-18T01:48:02
<p>Information published.</p>
encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2025-30348
Inefficient Algorithmic Complexity
20114-17086
19441-17084
20114-17086
19441-17084
Moderate
20114-17086
Moderate
19441-17084
5.8
5.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
20114-17086
5.8
5.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
19441-17084
CBL-Mariner Releases
20114-17086
No
Security Update
5.12.11-16
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20114-17086
CBL-Mariner Releases
CBL-Mariner Releases
19441-17084
No
Security Update
6.6.3-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19441-17084
CBL-Mariner Releases
1.0
2025-03-28T00:00:00
<p>Information published.</p>
2.0
2025-07-11T00:00:00
<p>Added qt5-qtbase to CBL-Mariner 2.0
Added qtbase to Azure Linux 3.0</p>
2.1
2026-02-18T15:08:57
<p>Information published.</p>
An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.
This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
seal
Yes
CVE-2024-12905
Improper Link Resolution Before File Access ('Link Following')
19820-17086
19820-17086
Important
19820-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
19820-17086
CBL-Mariner Releases
19820-17086
No
Security Update
3.1.1-18
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19820-17086
CBL-Mariner Releases
1.0
2025-04-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:49:59
<p>Information published.</p>
Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2024-48615
NULL Pointer Dereference
17098-16823
17464-17084
20047-17086
19704-17086
17098-16823
17464-17084
20047-17086
19704-17086
Important
17098-16823
Important
17464-17084
Important
20047-17086
Important
19704-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17098-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17464-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20047-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19704-17086
CBL-Mariner Releases
17098-16823
20047-17086
No
Security Update
3.21.4-17
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17098-16823
20047-17086
CBL-Mariner Releases
CBL-Mariner Releases
17464-17084
No
Security Update
3.30.3-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17464-17084
CBL-Mariner Releases
CBL-Mariner Releases
19704-17086
No
Security Update
3.6.1-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19704-17086
CBL-Mariner Releases
1.0
2025-04-08T00:00:00
<p>Information published.</p>
2.0
2025-04-09T00:00:00
<p>Information published.</p>
3.1
2026-02-18T01:45:40
<p>Information published.</p>
3.0
2025-04-11T00:00:00
<p>Information published.</p>
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2024-55549
17469-17084
20191-17086
20197-17084
17469-17084
20191-17086
20197-17084
Important
17469-17084
Important
20191-17086
Important
20197-17084
7.8
7.8
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
17469-17084
7.8
7.8
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
20191-17086
7.8
7.8
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
20197-17084
CBL-Mariner Releases
17469-17084
20197-17084
No
Security Update
1.1.43-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17469-17084
20197-17084
CBL-Mariner Releases
CBL-Mariner Releases
20191-17086
No
Security Update
1.1.34-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20191-17086
CBL-Mariner Releases
2.0
2025-04-01T00:00:00
<p>Information published.</p>
1.0
2025-03-25T00:00:00
<p>Information published.</p>
2.1
2026-02-21T02:36:12
<p>Information published.</p>
drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58052
17095-16823
19705-17086
17099-17086
17095-16823
19705-17086
17099-17086
Moderate
17095-16823
19705-17086
17099-17086
CBL-Mariner Releases
17095-16823
19705-17086
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17095-16823
19705-17086
17099-17086
CBL-Mariner Releases
1.0
2025-05-05T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:15:35
<p>Information published.</p>
wifi: rtlwifi: fix memory leaks and invalid access at probe error path
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58063
Missing Release of Memory after Effective Lifetime
17095-16823
19705-17086
17099-17086
17095-16823
19705-17086
17099-17086
Moderate
17095-16823
19705-17086
17099-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17095-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19705-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17099-17086
CBL-Mariner Releases
17095-16823
19705-17086
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17095-16823
19705-17086
17099-17086
CBL-Mariner Releases
2.0
2026-02-18T01:18:23
<p>Information published.</p>
1.0
2025-05-05T00:00:00
<p>Information published.</p>
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58069
Out-of-bounds Write
17095-16823
19705-17086
17099-17086
17095-16823
19705-17086
17099-17086
Important
17095-16823
19705-17086
Important
17099-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17095-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19705-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17099-17086
CBL-Mariner Releases
17095-16823
19705-17086
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17095-16823
19705-17086
17099-17086
CBL-Mariner Releases
2.0
2026-02-18T01:20:01
<p>Information published.</p>
1.0
2025-05-05T00:00:00
<p>Information published.</p>
KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58083
17095-16823
19705-17086
17099-17086
17095-16823
19705-17086
17099-17086
Important
17095-16823
19705-17086
Important
17099-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17095-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19705-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17099-17086
CBL-Mariner Releases
17095-16823
19705-17086
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17095-16823
19705-17086
17099-17086
CBL-Mariner Releases
1.0
2025-05-05T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:57:57
<p>Information published.</p>
bpf: Fix deadlock when freeing cgroup storage
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58088
Improper Locking
17465-17084
17471-17084
17465-17084
17471-17084
Moderate
17465-17084
Moderate
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17465-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
CBL-Mariner Releases
17465-17084
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17465-17084
17471-17084
CBL-Mariner Releases
1.1
2026-02-21T02:26:33
<p>Information published.</p>
1.0
2025-04-09T00:00:00
<p>Information published.</p>
MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.
https://nvd.nist.gov/vuln/detail/CVE-2023-52971
https://nvd.nist.gov/vuln/detail/CVE-2023-52971
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-52971
Insecure Automated Optimizations
12357
12356
19283-17084
12357
12356
19283-17084
12357
12356
Moderate
19283-17084
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
12357
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
12356
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
19283-17084
mariadb
12357
mariadb-10.11.11-1.azl3.aarch64.rpm
0001-01-01T00:00:00
mariadb-server-10.11.11-1.azl3.aarch64.rpm
0001-01-01T00:00:00
mariadb-server-galera-10.11.11-1.azl3.aarch64.rpm
0001-01-01T00:00:00
mariadb-devel-10.11.11-1.azl3.aarch64.rpm
0001-01-01T00:00:00
mariadb-errmsg-10.11.11-1.azl3.aarch64.rpm
0001-01-01T00:00:00
mariadb-debuginfo-10.11.11-1.azl3.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
10.11.11-1
https://nvd.nist.gov/vuln/detail/CVE-2023-52971
12357
mariadb
mariadb
12356
mariadb-10.11.11-1.azl3.x86_64.rpm
0001-01-01T00:00:00
mariadb-server-10.11.11-1.azl3.x86_64.rpm
0001-01-01T00:00:00
mariadb-server-galera-10.11.11-1.azl3.x86_64.rpm
0001-01-01T00:00:00
mariadb-devel-10.11.11-1.azl3.x86_64.rpm
0001-01-01T00:00:00
mariadb-errmsg-10.11.11-1.azl3.x86_64.rpm
0001-01-01T00:00:00
mariadb-debuginfo-10.11.11-1.azl3.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
10.11.11-1
https://nvd.nist.gov/vuln/detail/CVE-2023-52971
12356
mariadb
CBL-Mariner Releases
19283-17084
No
Security Update
10.11.11-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19283-17084
CBL-Mariner Releases
1.1
2026-02-18T01:55:03
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
usb: gadget: f_tcm: Don't free command immediately
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58055
19705-17086
17099-17086
19705-17086
17099-17086
19705-17086
Important
17099-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19705-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17099-17086
CBL-Mariner Releases
19705-17086
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19705-17086
17099-17086
CBL-Mariner Releases
1.0
2025-05-05T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:17:00
<p>Information published.</p>
s390/ism: add release function for struct device
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21856
Use After Free
17471-17084
17471-17084
Important
17471-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17471-17084
CBL-Mariner Releases
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
CBL-Mariner Releases
1.1
2026-02-21T02:24:09
<p>Information published.</p>
1.0
2025-04-09T00:00:00
<p>Information published.</p>
powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21866
Allocation of Resources Without Limits or Throttling
19682-17086
18490-17086
17471-17084
19682-17086
18490-17086
17471-17084
19682-17086
Moderate
18490-17086
Moderate
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
CBL-Mariner Releases
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
CBL-Mariner Releases
2.0
2026-02-21T02:20:42
<p>Information published.</p>
1.0
2025-04-09T00:00:00
<p>Information published.</p>
HDF5 H5FL.c H5FL__blk_gc_list use after free
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-2913
Use After Free
19980-17086
17741-17084
17336-17086
19980-17086
17741-17084
17336-17086
19980-17086
Low
17741-17084
Low
17336-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
19980-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17741-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17336-17086
CBL-Mariner Releases
17741-17084
No
Security Update
1.14.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17741-17084
CBL-Mariner Releases
1.0
2025-09-03T21:17:42
<p>Information published.</p>
2.0
2025-12-16T01:36:11
<p>Information published.</p>
HDF5 H5MM.c H5MM_realloc double free
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-2925
Double Free
19980-17086
17741-17084
20762-17086
20755-17084
17336-17086
19980-17086
17741-17084
20762-17086
20755-17084
17336-17086
19980-17086
Low
17741-17084
Low
20762-17086
Low
20755-17084
Low
17336-17086
3.3
3.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P
19980-17086
3.3
3.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P
17741-17084
3.3
3.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P
20762-17086
3.3
3.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P
20755-17084
3.3
3.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P
17336-17086
CBL-Mariner Releases
17741-17084
20762-17086
20755-17084
17336-17086
No
Security Update
1.14.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17741-17084
20762-17086
20755-17084
17336-17086
CBL-Mariner Releases
4.0
2025-12-31T14:35:38
<p>Information published.</p>
5.0
2026-01-08T14:41:52
<p>Information published.</p>
1.0
2025-09-03T21:20:49
<p>Information published.</p>
2.0
2025-12-16T01:35:49
<p>Information published.</p>
3.0
2025-12-20T01:36:15
<p>Information published.</p>
HDF5 H5Ocache.c H5O__cache_chk_serialize null pointer dereference
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-2926
NULL Pointer Dereference
17741-17084
20762-17086
20755-17084
19980-17086
17336-17086
17741-17084
20762-17086
20755-17084
19980-17086
17336-17086
Low
17741-17084
Low
20762-17086
Low
20755-17084
19980-17086
Low
17336-17086
3.3
3.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P
17741-17084
3.3
3.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P
20762-17086
3.3
3.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P
20755-17084
3.3
3.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P
19980-17086
3.3
3.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P
17336-17086
CBL-Mariner Releases
17741-17084
20762-17086
20755-17084
17336-17086
No
Security Update
1.14.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17741-17084
20762-17086
20755-17084
17336-17086
CBL-Mariner Releases
1.0
2025-09-03T21:23:41
<p>Information published.</p>
3.0
2025-12-20T01:36:23
<p>Information published.</p>
4.0
2025-12-31T14:35:44
<p>Information published.</p>
5.0
2026-01-08T14:42:25
<p>Information published.</p>
2.0
2025-12-16T01:36:03
<p>Information published.</p>
HDF5 H5Fint.c H5F_addr_encode_len heap-based overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-2923
Heap-based Buffer Overflow
17741-17084
19980-17086
17336-17086
17741-17084
19980-17086
17336-17086
Low
17741-17084
19980-17086
Low
17336-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17741-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
19980-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17336-17086
CBL-Mariner Releases
17741-17084
No
Security Update
1.14.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17741-17084
CBL-Mariner Releases
1.0
2025-09-03T21:29:24
<p>Information published.</p>
2.0
2025-12-16T01:35:56
<p>Information published.</p>
HDF5 H5HLcache.c H5HL__fl_deserialize heap-based overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-2924
Heap-based Buffer Overflow
19980-17086
17741-17084
17336-17086
20762-17086
20755-17084
19980-17086
17741-17084
17336-17086
20762-17086
20755-17084
19980-17086
Low
17741-17084
Low
17336-17086
Low
20762-17086
Low
20755-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
19980-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17741-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17336-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
20762-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
20755-17084
CBL-Mariner Releases
17741-17084
17336-17086
20762-17086
20755-17084
No
Security Update
1.14.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17741-17084
17336-17086
20762-17086
20755-17084
CBL-Mariner Releases
1.0
2025-09-03T21:32:45
<p>Information published.</p>
4.0
2025-12-31T14:35:50
<p>Information published.</p>
5.0
2026-01-08T14:41:29
<p>Information published.</p>
2.0
2025-12-16T01:35:35
<p>Information published.</p>
3.0
2025-12-20T01:36:32
<p>Information published.</p>
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-52970
Insecure Automated Optimizations
20085-17086
19283-17084
20085-17086
19283-17084
Moderate
20085-17086
Moderate
19283-17084
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
20085-17086
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
19283-17084
CBL-Mariner Releases
20085-17086
No
Security Update
10.6.24-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20085-17086
CBL-Mariner Releases
CBL-Mariner Releases
19283-17084
No
Security Update
10.11.15-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19283-17084
CBL-Mariner Releases
2.0
2025-12-30T01:35:17
<p>Information published.</p>
3.0
2026-01-03T01:36:09
<p>Information published.</p>
1.0
2025-09-03T21:37:16
<p>Information published.</p>
HDF5 H5FScache.c H5FS__sinfo_Srialize_Sct_cb heap-based overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-2914
Heap-based Buffer Overflow
19980-17086
20762-17086
17741-17084
17336-17086
20755-17084
19980-17086
20762-17086
17741-17084
17336-17086
20755-17084
19980-17086
Low
20762-17086
Low
17741-17084
Low
17336-17086
Low
20755-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
19980-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
20762-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17741-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17336-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
20755-17084
CBL-Mariner Releases
20762-17086
17741-17084
17336-17086
20755-17084
No
Security Update
1.14.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20762-17086
17741-17084
17336-17086
20755-17084
CBL-Mariner Releases
1.0
2025-09-03T21:36:46
<p>Information published.</p>
4.0
2025-12-31T14:35:56
<p>Information published.</p>
2.0
2025-12-16T01:35:42
<p>Information published.</p>
3.0
2025-12-20T01:36:41
<p>Information published.</p>
5.0
2026-01-08T14:41:41
<p>Information published.</p>
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-52969
Insecure Automated Optimizations
19283-17084
20085-17086
20778-17086
19283-17084
20085-17086
20778-17086
Moderate
19283-17084
Moderate
20085-17086
Moderate
20778-17086
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
19283-17084
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
20085-17086
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
20778-17086
CBL-Mariner Releases
19283-17084
No
Security Update
10.11.15-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19283-17084
CBL-Mariner Releases
2.0
2026-01-03T01:36:21
<p>Information published.</p>
1.0
2025-09-03T21:40:13
<p>Information published.</p>
3.0
2026-02-21T03:02:44
<p>Information published.</p>
HDF5 H5Omessage.c H5O_msg_flush heap-based overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-2912
Heap-based Buffer Overflow
19980-17086
20755-17084
17741-17084
17336-17086
20762-17086
19980-17086
20755-17084
17741-17084
17336-17086
20762-17086
19980-17086
Low
20755-17084
Low
17741-17084
Low
17336-17086
Low
20762-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
19980-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
20755-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17741-17084
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
17336-17086
3.3
3.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
20762-17086
1.0
2025-09-03T21:40:19
<p>Information published.</p>
2.0
2026-01-03T01:36:40
<p>Information published.</p>
3.0
2026-01-08T14:42:01
<p>Information published.</p>
HDF5 H5Faccum.c H5F__accum_free heap-based overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-2915
Heap-based Buffer Overflow
20762-17086
20755-17084
21121-17084
21122-17086
17741-17084
19980-17086
17336-17086
20762-17086
20755-17084
21121-17084
21122-17086
17741-17084
19980-17086
17336-17086
Moderate
20762-17086
Moderate
20755-17084
Moderate
21121-17084
Moderate
21122-17086
Moderate
17741-17084
19980-17086
Moderate
17336-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20762-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20755-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
21121-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
21122-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17741-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19980-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17336-17086
CBL-Mariner Releases
20762-17086
20755-17084
21121-17084
21122-17086
No
Security Update
1.14.6-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20762-17086
20755-17084
21121-17084
21122-17086
CBL-Mariner Releases
3.0
2026-01-08T14:42:13
<p>Information published.</p>
5.0
2026-03-31T15:14:30
<p>Information published.</p>
1.0
2025-09-03T21:43:22
<p>Information published.</p>
2.0
2025-12-31T14:36:01
<p>Information published.</p>
4.0
2026-03-16T14:35:35
<p>Information published.</p>
Possible SSRF and Credential Leakage via Absolute URL in axios Requests
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-27152
Server-Side Request Forgery (SSRF)
19693-17084
19693-17084
Important
19693-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19693-17084
1.0
2025-09-03T21:44:02
<p>Information published.</p>
1.1
2026-02-18T01:56:01
<p>Information published.</p>
mm/khugepaged: fix ->anon_vma race
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2023-52935
Use After Free
17087-17086
17087-17086
Important
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
1.0
2025-09-03T21:50:22
<p>Information published.</p>
2.0
2026-02-24T14:35:18
<p>Information published.</p>
net: better track kernel sockets lifetime
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21884
19683-17084
20412-17084
19683-17084
20412-17084
19683-17084
Moderate
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
CBL-Mariner Releases
20412-17084
No
Security Update
6.6.104.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20412-17084
CBL-Mariner Releases
1.0
2025-09-03T21:56:18
<p>Information published.</p>
HDF5 h5 File H5SM.c H5SM_delete heap-based overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-2153
Heap-based Buffer Overflow
17741-17084
17336-17086
20762-17086
19980-17086
20755-17084
17741-17084
17336-17086
20762-17086
19980-17086
20755-17084
Moderate
17741-17084
Moderate
17336-17086
Moderate
20762-17086
19980-17086
Moderate
20755-17084
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H
17741-17084
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H
17336-17086
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H
20762-17086
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H
19980-17086
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H
20755-17084
CBL-Mariner Releases
17741-17084
17336-17086
20762-17086
20755-17084
No
Security Update
1.14.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17741-17084
17336-17086
20762-17086
20755-17084
CBL-Mariner Releases
1.0
2025-09-03T22:02:51
<p>Information published.</p>
3.0
2025-12-20T01:35:57
<p>Information published.</p>
4.0
2025-12-31T14:35:17
<p>Information published.</p>
2.0
2025-12-16T01:35:17
<p>Information published.</p>
5.0
2026-01-08T14:38:18
<p>Information published.</p>
mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21861
Use After Free
19529-17084
19682-17086
18490-17086
19529-17084
19682-17086
18490-17086
Moderate
19529-17084
19682-17086
Moderate
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
2.0
2026-02-21T02:25:37
<p>Information published.</p>
1.0
2025-09-03T22:10:12
<p>Information published.</p>
bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21825
19683-17084
20412-17084
20553-17084
20613-17084
20788-17084
20925-17086
20956-17084
21248-17084
21332-17084
17087-17086
20725-17084
20823-17084
20860-17084
21094-17084
21093-17086
21308-17084
21344-17084
19683-17084
20412-17084
20553-17084
20613-17084
20788-17084
20925-17086
20956-17084
21248-17084
21332-17084
17087-17086
20725-17084
20823-17084
20860-17084
21094-17084
21093-17086
21308-17084
21344-17084
19683-17084
Moderate
20412-17084
Moderate
20553-17084
Moderate
20613-17084
Moderate
20788-17084
Moderate
20925-17086
Moderate
20956-17084
Moderate
21248-17084
Moderate
21332-17084
Moderate
17087-17086
Moderate
20725-17084
Moderate
20823-17084
Moderate
20860-17084
Moderate
21094-17084
Moderate
21093-17086
Moderate
21308-17084
Moderate
21344-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
19683-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20412-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20553-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20613-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20788-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20956-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
21248-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
21332-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20725-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20823-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20860-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
21094-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
21308-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2025-12-07T01:46:49
<p>Information published.</p>
3.0
2026-01-08T14:45:49
<p>Information published.</p>
4.0
2026-01-20T14:41:16
<p>Information published.</p>
5.0
2026-02-19T01:44:09
<p>Information published.</p>
6.0
2026-03-03T14:47:06
<p>Information published.</p>
7.0
2026-03-04T14:40:30
<p>Information published.</p>
8.0
2026-03-31T14:57:35
<p>Information published.</p>
9.0
2026-04-29T14:47:39
<p>Information published.</p>
11.0
2026-05-11T01:41:16
<p>Information published.</p>
1.0
2025-09-03T22:12:13
<p>Information published.</p>
10.0
2026-05-06T14:42:21
<p>Information published.</p>
12.0
2026-05-17T14:42:29
<p>Information published.</p>
Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2025-27810
Use of Uninitialized Resource
19662-17086
17093-17086
17459-17084
19662-17086
17093-17086
17459-17084
19662-17086
Moderate
17093-17086
Moderate
17459-17084
5.4
5.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
19662-17086
5.4
5.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
17093-17086
5.4
5.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
17459-17084
1.0
2025-09-03T22:17:37
<p>Information published.</p>
2.0
2026-02-18T03:06:46
<p>Information published.</p>
squashfs: harden sanity check in squashfs_read_xattr_id_table
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2023-52979
NULL Pointer Dereference
19683-17084
19682-17086
20412-17084
18490-17086
19683-17084
19682-17086
20412-17084
18490-17086
19683-17084
19682-17086
Moderate
20412-17084
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
1.0
2025-09-03T22:18:39
<p>Information published.</p>
2.0
2026-02-18T01:06:23
<p>Information published.</p>
Khronos Group glslang Intermediate.cpp isConversionAllowed null pointer dereference
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-3010
NULL Pointer Dereference
20158-17084
20158-17084
Low
20158-17084
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
20158-17084
1.0
2025-09-03T22:23:00
<p>Information published.</p>
This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
kubernetes
Yes
CVE-2025-1767
Improper Input Validation
19340-17084
19761-17086
19340-17084
19761-17086
Moderate
19340-17084
Moderate
19761-17086
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
19340-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
19761-17086
1.0
2025-09-03T22:31:42
<p>Information published.</p>
1.1
2026-02-21T02:33:19
<p>Information published.</p>
btrfs: fix double accounting race when btrfs_run_delalloc_range() failed
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58089
Allocation of Resources Without Limits or Throttling
19683-17084
17087-17086
20412-17084
20613-17084
20725-17084
20823-17084
20925-17086
21094-17084
21248-17084
20553-17084
20788-17084
20860-17084
20956-17084
21093-17086
21308-17084
21332-17084
21344-17084
19683-17084
17087-17086
20412-17084
20613-17084
20725-17084
20823-17084
20925-17086
21094-17084
21248-17084
20553-17084
20788-17084
20860-17084
20956-17084
21093-17086
21308-17084
21332-17084
21344-17084
19683-17084
Moderate
17087-17086
Moderate
20412-17084
Moderate
20613-17084
Moderate
20725-17084
Moderate
20823-17084
Moderate
20925-17086
Moderate
21094-17084
Moderate
21248-17084
Moderate
20553-17084
Moderate
20788-17084
Moderate
20860-17084
Moderate
20956-17084
Moderate
21093-17086
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21094-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20956-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2025-09-03T23:19:40
<p>Information published.</p>
2.0
2025-12-07T01:39:39
<p>Information published.</p>
4.0
2026-01-20T14:36:53
<p>Information published.</p>
6.0
2026-03-03T14:45:07
<p>Information published.</p>
7.0
2026-03-04T14:36:38
<p>Information published.</p>
8.0
2026-03-31T14:58:32
<p>Information published.</p>
9.0
2026-04-29T14:41:24
<p>Information published.</p>
11.0
2026-05-11T01:38:29
<p>Information published.</p>
3.0
2026-01-08T14:38:28
<p>Information published.</p>
5.0
2026-02-21T03:28:13
<p>Information published.</p>
10.0
2026-05-06T14:38:04
<p>Information published.</p>
12.0
2026-05-17T14:39:14
<p>Information published.</p>
This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
kubernetes
Yes
CVE-2024-9042
Improper Input Validation
19761-17086
19761-17086
Moderate
19761-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
19761-17086
1.0
2025-09-03T23:27:21
<p>Information published.</p>
1.1
2026-02-18T02:29:50
<p>Information published.</p>
cifs: fix potential memory leaks in session setup
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2023-53008
Missing Release of Memory after Effective Lifetime
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2025-09-03T23:34:11
<p>Information published.</p>
2.0
2026-03-03T15:01:59
<p>Information published.</p>
3.0
2026-03-31T14:47:30
<p>Information published.</p>
drm/i915: Fix a memory leak with reused mmap_offset
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2023-53002
Missing Release of Memory after Effective Lifetime
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2025-09-03T23:37:44
<p>Information published.</p>
3.0
2026-03-31T14:47:52
<p>Information published.</p>
2.0
2026-03-03T15:02:17
<p>Information published.</p>
cpufreq: CPPC: Add u64 casts to avoid overflowing
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49750
Integer Overflow or Wraparound
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
2.0
2026-03-03T15:02:36
<p>Information published.</p>
3.0
2026-03-31T14:48:16
<p>Information published.</p>
1.0
2025-09-03T23:40:42
<p>Information published.</p>
net: allow small head cache usage with large MAX_SKB_FRAGS values
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21868
20613-17084
19683-17084
20412-17084
20553-17084
20613-17084
19683-17084
20412-17084
20553-17084
Moderate
20613-17084
19683-17084
Moderate
20412-17084
Moderate
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
1.0
2025-09-03T23:40:57
<p>Information published.</p>
2.0
2025-12-02T14:35:19
<p>Information published.</p>
ipvlan: ensure network headers are in skb linear part
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21891
Use of Uninitialized Resource
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-09-03T23:46:34
<p>Information published.</p>
2.0
2026-03-03T15:03:08
<p>Information published.</p>
3.0
2026-03-31T14:49:07
<p>Information published.</p>
RDMA/mlx5: Fix the recovery flow of the UMR QP
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21892
19683-17084
20613-17084
20725-17084
20788-17084
21094-17084
20412-17084
20553-17084
20823-17084
20860-17084
20956-17084
21248-17084
21308-17084
21332-17084
21344-17084
19683-17084
20613-17084
20725-17084
20788-17084
21094-17084
20412-17084
20553-17084
20823-17084
20860-17084
20956-17084
21248-17084
21308-17084
21332-17084
21344-17084
19683-17084
Moderate
20613-17084
Moderate
20725-17084
Moderate
20788-17084
Moderate
21094-17084
Moderate
20412-17084
Moderate
20553-17084
Moderate
20823-17084
Moderate
20860-17084
Moderate
20956-17084
Moderate
21248-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
21094-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20956-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2025-12-07T01:36:21
<p>Information published.</p>
3.0
2026-01-08T14:49:51
<p>Information published.</p>
5.0
2026-02-19T01:48:09
<p>Information published.</p>
7.0
2026-03-31T15:10:35
<p>Information published.</p>
10.0
2026-05-11T01:45:00
<p>Information published.</p>
1.0
2025-09-04T00:24:07
<p>Information published.</p>
4.0
2026-01-20T14:46:23
<p>Information published.</p>
6.0
2026-03-04T14:43:04
<p>Information published.</p>
8.0
2026-04-30T01:45:58
<p>Information published.</p>
9.0
2026-05-06T14:46:36
<p>Information published.</p>
11.0
2026-05-17T14:46:06
<p>Information published.</p>
mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2023-52939
NULL Pointer Dereference
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2025-09-04T00:26:59
<p>Information published.</p>
2.0
2026-03-03T15:03:25
<p>Information published.</p>
3.0
2026-03-31T14:49:31
<p>Information published.</p>
RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21885
20412-17084
20613-17084
20823-17084
20925-17086
20956-17084
21094-17084
21093-17086
21248-17084
19683-17084
20553-17084
17087-17086
20725-17084
20788-17084
20860-17084
21308-17084
21332-17084
21344-17084
20412-17084
20613-17084
20823-17084
20925-17086
20956-17084
21094-17084
21093-17086
21248-17084
19683-17084
20553-17084
17087-17086
20725-17084
20788-17084
20860-17084
21308-17084
21332-17084
21344-17084
Moderate
20412-17084
Moderate
20613-17084
Moderate
20823-17084
Moderate
20925-17086
Moderate
20956-17084
Moderate
21094-17084
Moderate
21093-17086
Moderate
21248-17084
19683-17084
Moderate
20553-17084
Moderate
17087-17086
Moderate
20725-17084
Moderate
20788-17084
Moderate
20860-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20956-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21094-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2025-09-04T00:32:12
<p>Information published.</p>
2.0
2025-12-07T01:36:42
<p>Information published.</p>
4.0
2026-01-20T14:46:43
<p>Information published.</p>
7.0
2026-03-04T14:43:16
<p>Information published.</p>
8.0
2026-03-31T15:11:29
<p>Information published.</p>
11.0
2026-05-11T01:45:18
<p>Information published.</p>
3.0
2026-01-08T14:50:08
<p>Information published.</p>
5.0
2026-02-19T01:48:27
<p>Information published.</p>
6.0
2026-03-03T14:44:21
<p>Information published.</p>
9.0
2026-04-29T14:52:20
<p>Information published.</p>
10.0
2026-05-06T14:46:54
<p>Information published.</p>
12.0
2026-05-17T14:46:23
<p>Information published.</p>
HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-2310
Heap-based Buffer Overflow
17741-17084
19980-17086
17336-17086
20762-17086
20755-17084
17741-17084
19980-17086
17336-17086
20762-17086
20755-17084
Moderate
17741-17084
19980-17086
Moderate
17336-17086
Moderate
20762-17086
Moderate
20755-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
17741-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
19980-17086
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
17336-17086
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
20762-17086
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
20755-17084
CBL-Mariner Releases
17741-17084
17336-17086
20762-17086
20755-17084
No
Security Update
1.14.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17741-17084
17336-17086
20762-17086
20755-17084
CBL-Mariner Releases
1.0
2025-09-04T01:09:05
<p>Information published.</p>
3.0
2025-12-20T01:36:06
<p>Information published.</p>
4.0
2025-12-31T14:35:33
<p>Information published.</p>
2.0
2025-12-16T01:35:24
<p>Information published.</p>
5.0
2026-01-08T14:39:11
<p>Information published.</p>
HDF5 Scale-Offset Filter H5Z__scaleoffset_decompress_one_byte heap-based overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-2308
Heap-based Buffer Overflow
17741-17084
19980-17086
17336-17086
20762-17086
20755-17084
21121-17084
21122-17086
17741-17084
19980-17086
17336-17086
20762-17086
20755-17084
21121-17084
21122-17086
Moderate
17741-17084
19980-17086
Moderate
17336-17086
Moderate
20762-17086
Moderate
20755-17084
Moderate
21121-17084
Moderate
21122-17086
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
17741-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
19980-17086
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
17336-17086
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
20762-17086
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
20755-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
21121-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
21122-17086
2.0
2025-11-18T01:35:31
<p>Information published.</p>
3.0
2025-12-31T14:35:22
<p>Information published.</p>
4.0
2026-01-08T14:39:21
<p>Information published.</p>
5.0
2026-03-31T15:04:31
<p>Information published.</p>
1.0
2025-09-04T01:14:31
<p>Information published.</p>
HDF5 Type Conversion Logic H5T__bit_copy heap-based overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-2309
Heap-based Buffer Overflow
17336-17086
20762-17086
21121-17084
21122-17086
17741-17084
19980-17086
20755-17084
17336-17086
20762-17086
21121-17084
21122-17086
17741-17084
19980-17086
20755-17084
Moderate
17336-17086
Moderate
20762-17086
Moderate
21121-17084
Moderate
21122-17086
Moderate
17741-17084
19980-17086
Moderate
20755-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
17336-17086
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
20762-17086
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
21121-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
21122-17086
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
17741-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
19980-17086
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
20755-17084
1.0
2025-09-04T01:19:47
<p>Information published.</p>
2.0
2025-11-18T01:35:39
<p>Information published.</p>
3.0
2025-12-31T14:35:27
<p>Information published.</p>
4.0
2026-01-08T14:39:31
<p>Information published.</p>
5.0
2026-03-31T15:05:08
<p>Information published.</p>
netfilter: allow exp not to be removed in nf_ct_find_expectation
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2023-52927
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
17087-17086
1.0
2025-09-04T03:00:35
<p>Information published.</p>
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2025-30258
Improper Check for Unusual or Exceptional Conditions
20331-17086
20333-17084
20795-17084
20904-17084
20945-17086
20331-17086
20333-17084
20795-17084
20904-17084
20945-17086
Low
20331-17086
Low
20333-17084
Low
20795-17084
Low
20904-17084
Low
20945-17086
2.7
2.6
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L/E:P
20331-17086
2.7
2.6
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L/E:P
20333-17084
2.7
2.6
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L/E:P
20795-17084
2.7
2.6
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L/E:P
20904-17084
2.7
2.6
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L/E:P
20945-17086
1.0
2025-09-04T03:09:31
<p>Information published.</p>
3.0
2026-02-18T15:08:24
<p>Information published.</p>
4.0
2026-03-03T14:50:20
<p>Information published.</p>
5.0
2026-04-15T01:37:50
<p>Information published.</p>
2.0
2026-01-08T14:39:52
<p>Information published.</p>
Network restriction bypass via race condition during namespace termination
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
kubernetes
Yes
CVE-2024-7598
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
20133-17084
20364-17086
20417-17084
20624-17084
20713-17084
20769-17086
20905-17084
20877-17086
20934-17086
20967-17084
21137-17084
21256-17084
19761-17086
20578-17084
20794-17084
20133-17084
20364-17086
20417-17084
20624-17084
20713-17084
20769-17086
20905-17084
20877-17086
20934-17086
20967-17084
21137-17084
21256-17084
19761-17086
20578-17084
20794-17084
20133-17084
Low
20364-17086
20417-17084
Low
20624-17084
Low
20713-17084
Low
20769-17086
Low
20905-17084
Low
20877-17086
Low
20934-17086
Low
20967-17084
Low
21137-17084
Low
21256-17084
19761-17086
Low
20578-17084
Low
20794-17084
3.1
3.1
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
20133-17084
3.1
3.1
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
20364-17086
3.1
3.1
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
20417-17084
3.1
3.1
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
20624-17084
3.1
3.1
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
20713-17084
3.1
3.1
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
20769-17086
3.1
3.1
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
20905-17084
3.1
3.1
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
20877-17086
3.1
3.1
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
20934-17086
3.1
3.1
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
20967-17084
3.1
3.1
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
21137-17084
3.1
3.1
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
21256-17084
3.1
3.1
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
19761-17086
3.1
3.1
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
20578-17084
3.1
3.1
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
20794-17084
1.0
2025-09-04T03:23:10
<p>Information published.</p>
3.0
2026-01-03T01:36:35
<p>Information published.</p>
5.0
2026-02-18T15:09:15
<p>Information published.</p>
6.0
2026-03-03T14:50:39
<p>Information published.</p>
9.0
2026-04-29T14:42:21
<p>Information published.</p>
2.0
2025-12-07T01:40:27
<p>Information published.</p>
4.0
2026-01-08T14:40:03
<p>Information published.</p>
7.0
2026-03-04T14:37:14
<p>Information published.</p>
8.0
2026-03-31T15:07:19
<p>Information published.</p>
Grub2: fs/hfs: strcpy() using the volume name (fs/hfs.c:382)
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2024-45782
Out-of-bounds Write
20107-17086
19588-17084
20521-17086
20560-17084
20107-17086
19588-17084
20521-17086
20560-17084
Moderate
20107-17086
Moderate
19588-17084
Moderate
20521-17086
Moderate
20560-17084
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
20107-17086
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
19588-17084
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
20521-17086
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
20560-17084
CBL-Mariner Releases
20107-17086
20521-17086
No
Security Update
2.06-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20107-17086
20521-17086
CBL-Mariner Releases
CBL-Mariner Releases
19588-17084
20560-17084
No
Security Update
2.06-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19588-17084
20560-17084
CBL-Mariner Releases
1.0
2025-09-04T07:36:59
<p>Information published.</p>
Grub2: reiserfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-0684
Out-of-bounds Write
19588-17084
20107-17086
20521-17086
20560-17084
19588-17084
20107-17086
20521-17086
20560-17084
Moderate
19588-17084
Moderate
20107-17086
Moderate
20521-17086
Moderate
20560-17084
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
19588-17084
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20107-17086
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20521-17086
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20560-17084
CBL-Mariner Releases
19588-17084
20560-17084
No
Security Update
2.06-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19588-17084
20560-17084
CBL-Mariner Releases
CBL-Mariner Releases
20107-17086
20521-17086
No
Security Update
2.06-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20107-17086
20521-17086
CBL-Mariner Releases
1.0
2025-09-04T07:58:23
<p>Information published.</p>
Grub2: jfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-0685
Out-of-bounds Write
20521-17086
20107-17086
19588-17084
20560-17084
20521-17086
20107-17086
19588-17084
20560-17084
Moderate
20521-17086
Moderate
20107-17086
Moderate
19588-17084
Moderate
20560-17084
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20521-17086
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20107-17086
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
19588-17084
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20560-17084
CBL-Mariner Releases
20521-17086
20107-17086
No
Security Update
2.06-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20521-17086
20107-17086
CBL-Mariner Releases
CBL-Mariner Releases
19588-17084
20560-17084
No
Security Update
2.06-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19588-17084
20560-17084
CBL-Mariner Releases
1.0
2025-09-04T08:05:32
<p>Information published.</p>
drm/i915: Fix request ref counting during error capture & debugfs dump
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2023-52981
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
Moderate
20925-17086
Moderate
21093-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
2.0
2026-03-03T14:41:29
<p>Information published.</p>
1.0
2025-10-30T01:01:26
<p>Information published.</p>
3.0
2026-03-31T14:52:16
<p>Information published.</p>
PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21831
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
Moderate
21093-17086
Moderate
17087-17086
Moderate
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
2.0
2026-03-03T14:43:49
<p>Information published.</p>
3.0
2026-03-31T14:54:38
<p>Information published.</p>
1.0
2025-10-31T01:02:56
<p>Information published.</p>
drm/amdkfd: Add sync after creating vram bo
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2023-53009
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
Moderate
20925-17086
Moderate
21093-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
2.0
2026-03-03T14:45:53
<p>Information published.</p>
3.0
2026-03-31T14:58:16
<p>Information published.</p>
1.0
2025-11-01T01:01:25
<p>Information published.</p>
bnxt: Do not read past the end of test names
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2023-53010
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
Moderate
20925-17086
Moderate
21093-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
2.0
2026-03-03T14:46:11
<p>Information published.</p>
3.0
2026-03-31T14:58:39
<p>Information published.</p>
1.0
2025-11-01T01:01:31
<p>Information published.</p>
efi: Don't map the entire mokvar table to determine its size
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21872
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
Moderate
20925-17086
Moderate
21093-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
2.0
2026-03-03T14:47:26
<p>Information published.</p>
3.0
2026-03-31T14:59:30
<p>Information published.</p>
1.0
2025-11-01T01:01:49
<p>Information published.</p>
uprobes: Reject the shared zeropage in uprobe_write_opcode()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21881
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
Moderate
21093-17086
Moderate
17087-17086
Moderate
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
1.0
2025-11-01T01:01:55
<p>Information published.</p>
2.0
2026-03-03T14:47:43
<p>Information published.</p>
3.0
2026-03-31T14:59:55
<p>Information published.</p>
Gnuplot: gnuplot segmentation fault on plot3d_points
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-31176
NULL Pointer Dereference
20005-17084
20003-17086
20005-17084
20003-17086
Moderate
20005-17084
Moderate
20003-17086
6.2
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20005-17084
6.2
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20003-17086
1.0
2025-09-03T20:54:29
<p>Information published.</p>
iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21833
17087-17086
20613-17084
20725-17084
20788-17084
20823-17084
20860-17084
20925-17086
21093-17086
21248-17084
19683-17084
20412-17084
20553-17084
20956-17084
21094-17084
21308-17084
21332-17084
21344-17084
17087-17086
20613-17084
20725-17084
20788-17084
20823-17084
20860-17084
20925-17086
21093-17086
21248-17084
19683-17084
20412-17084
20553-17084
20956-17084
21094-17084
21308-17084
21332-17084
21344-17084
17087-17086
20613-17084
20725-17084
20788-17084
20823-17084
20860-17084
20925-17086
21093-17086
21248-17084
19683-17084
20412-17084
20553-17084
20956-17084
21094-17084
21308-17084
21332-17084
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20956-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21094-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2025-09-03T19:54:32
<p>Information published.</p>
2.0
2025-12-07T01:41:29
<p>Information published.</p>
4.0
2026-01-20T14:38:28
<p>Information published.</p>
5.0
2026-02-18T15:13:00
<p>Information published.</p>
6.0
2026-03-03T14:54:26
<p>Information published.</p>
7.0
2026-03-04T14:38:00
<p>Information published.</p>
8.0
2026-03-31T15:13:08
<p>Information published.</p>
9.0
2026-04-29T14:43:27
<p>Information published.</p>
10.0
2026-05-06T14:39:15
<p>Information published.</p>
11.0
2026-05-11T01:39:32
<p>Information published.</p>
3.0
2026-01-08T14:41:05
<p>Information published.</p>
12.0
2026-05-17T14:40:26
<p>Information published.</p>
libxml streams use wrong content-type header when requesting a redirected resource
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
php
Yes
CVE-2025-1219
Inaccurate Comments
19238-16823
19269-17084
19996-17086
17550-17084
17167-17086
19238-16823
19269-17084
19996-17086
17550-17084
17167-17086
Moderate
19238-16823
Moderate
19269-17084
19996-17086
Moderate
17550-17084
Moderate
17167-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
19238-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
19269-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
19996-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
17550-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
17167-17086
CBL-Mariner Releases
19238-16823
19996-17086
17167-17086
No
Security Update
8.1.32-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19238-16823
19996-17086
17167-17086
CBL-Mariner Releases
CBL-Mariner Releases
19269-17084
17550-17084
No
Security Update
8.3.19-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19269-17084
17550-17084
CBL-Mariner Releases
1.0
2025-04-01T00:00:00
<p>Information published.</p>
3.0
2026-02-18T01:40:05
<p>Information published.</p>
2.0
2025-04-15T00:00:00
<p>Information published.</p>
Arbitrary Code Execution via Crafted Keras Config for Model Loading
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Google
Yes
CVE-2025-1550
Improper Control of Generation of Code ('Code Injection')
19276-17084
19276-17084
Important
19276-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19276-17084
CBL-Mariner Releases
19276-17084
No
Security Update
3.3.3-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19276-17084
CBL-Mariner Releases
1.1
2025-08-01T00:00:00
<p>Added keras to Azure Linux 3.0</p>
1.0
2025-03-18T00:00:00
<p>Information published.</p>
Stream HTTP wrapper header check might omit basic auth header
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
php
Yes
CVE-2025-1736
Improper Input Validation
19996-17086
17550-17084
19238-16823
19269-17084
17167-17086
19996-17086
17550-17084
19238-16823
19269-17084
17167-17086
19996-17086
Moderate
17550-17084
Moderate
19238-16823
Moderate
19269-17084
Moderate
17167-17086
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19996-17086
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
17550-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19238-16823
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19269-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
17167-17086
CBL-Mariner Releases
19996-17086
19238-16823
17167-17086
No
Security Update
8.1.32-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19996-17086
19238-16823
17167-17086
CBL-Mariner Releases
CBL-Mariner Releases
17550-17084
19269-17084
No
Security Update
8.3.19-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17550-17084
19269-17084
CBL-Mariner Releases
1.0
2025-04-01T00:00:00
<p>Information published.</p>
1.1
2025-07-02T00:00:00
<p>Added php to CBL-Mariner 2.0
Added php to Azure Linux 3.0</p>
2.0
2026-02-18T01:41:05
<p>Information published.</p>
smb: client: Add check for next_buffer in receive_encrypted_standard()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21844
NULL Pointer Dereference
17471-17084
17465-17084
17471-17084
17465-17084
Moderate
17471-17084
Moderate
17465-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17465-17084
CBL-Mariner Releases
17471-17084
17465-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17465-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:31:38
<p>Information published.</p>
nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21848
NULL Pointer Dereference
17103-16823
17465-17084
17471-17084
19682-17086
18490-17086
17103-16823
17465-17084
17471-17084
19682-17086
18490-17086
Moderate
17103-16823
Moderate
17465-17084
Moderate
17471-17084
19682-17086
Moderate
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17103-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17465-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17465-17084
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17465-17084
17471-17084
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
2.0
2026-02-18T02:25:19
<p>Information published.</p>
bpf: avoid holding freeze_mutex during mmap operation
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21853
17471-17084
17465-17084
19682-17086
18490-17086
17471-17084
17465-17084
19682-17086
18490-17086
Moderate
17471-17084
Moderate
17465-17084
19682-17086
Moderate
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
CBL-Mariner Releases
17471-17084
17465-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17465-17084
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
2.0
2026-02-18T02:22:05
<p>Information published.</p>
geneve: Fix use-after-free in geneve_find_dev().
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21858
17471-17084
19682-17086
18490-17086
17103-16823
17465-17084
17471-17084
19682-17086
18490-17086
17103-16823
17465-17084
Important
17471-17084
19682-17086
Important
18490-17086
Important
17103-16823
Important
17465-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17471-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19682-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18490-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17103-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17465-17084
CBL-Mariner Releases
17471-17084
17465-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17465-17084
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
2.0
2026-02-18T02:30:55
<p>Information published.</p>
USB: gadget: f_midi: f_midi_complete to call queue_work
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21859
Improper Locking
17471-17084
19682-17086
17103-16823
17465-17084
18490-17086
17471-17084
19682-17086
17103-16823
17465-17084
18490-17086
Moderate
17471-17084
19682-17086
Moderate
17103-16823
Moderate
17465-17084
Moderate
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17103-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17465-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
CBL-Mariner Releases
17471-17084
17465-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17465-17084
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
2.0
2026-02-18T02:24:08
<p>Information published.</p>
1.0
2025-04-09T00:00:00
<p>Information published.</p>
tcp: drop secpath at the same time as we currently drop dst
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21864
NULL Pointer Dereference
17465-17084
17471-17084
17465-17084
17471-17084
Moderate
17465-17084
Moderate
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17465-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
CBL-Mariner Releases
17465-17084
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17465-17084
17471-17084
CBL-Mariner Releases
1.1
2026-02-21T02:16:27
<p>Information published.</p>
1.0
2025-04-09T00:00:00
<p>Information published.</p>
HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Go
Yes
CVE-2025-22870
Misinterpretation of Input
19833-17086
19668-17086
20123-17086
19945-17086
19921-17086
19343-17084
17547-17084
19755-17086
19679-17084
17667-17084
17188-16823
17193-16823
19320-16823
17201-16823
17582-17084
17589-17084
17591-17084
17585-17084
19322-17084
19323-17084
19324-17084
17588-17084
17583-17084
19325-17084
19936-17086
19923-17086
19698-17086
19730-17086
19344-17084
19697-17084
18315-17084
19836-17086
19939-17086
19693-17084
19347-17084
19718-17086
19335-17084
20370-17086
18447-17086
19833-17086
19668-17086
20123-17086
19945-17086
19921-17086
19343-17084
17547-17084
19755-17086
19679-17084
17667-17084
17188-16823
17193-16823
19320-16823
17201-16823
17582-17084
17589-17084
17591-17084
17585-17084
19322-17084
19323-17084
19324-17084
17588-17084
17583-17084
19325-17084
19936-17086
19923-17086
19698-17086
19730-17086
19344-17084
19697-17084
18315-17084
19836-17086
19939-17086
19693-17084
19347-17084
19718-17086
19335-17084
20370-17086
18447-17086
Moderate
19833-17086
Moderate
19668-17086
Moderate
20123-17086
Moderate
19945-17086
Moderate
19921-17086
Low
19343-17084
Moderate
17547-17084
Moderate
19755-17086
Moderate
19679-17084
Moderate
17667-17084
Moderate
17188-16823
Moderate
17193-16823
Moderate
19320-16823
Moderate
17201-16823
Moderate
17582-17084
Moderate
17589-17084
Moderate
17591-17084
Moderate
17585-17084
Moderate
19322-17084
Moderate
19323-17084
Moderate
19324-17084
Moderate
17588-17084
Low
17583-17084
Moderate
19325-17084
Moderate
19936-17086
19923-17086
Moderate
19698-17086
Moderate
19730-17086
Moderate
19344-17084
Moderate
19697-17084
Moderate
18315-17084
Moderate
19836-17086
Moderate
19939-17086
Moderate
19693-17084
Moderate
19347-17084
19718-17086
Moderate
19335-17084
Moderate
20370-17086
Moderate
18447-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19833-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19668-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
20123-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19945-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19921-17086
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
19343-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
17547-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19755-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19679-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
17667-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
17188-16823
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
17193-16823
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19320-16823
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
17201-16823
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
17582-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
17589-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
17591-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
17585-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19322-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19323-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19324-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
17588-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
17583-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19325-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19936-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19923-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19698-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19730-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19344-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19697-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
18315-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19836-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19939-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19693-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19347-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19718-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19335-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
20370-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
18447-17086
CBL-Mariner Releases
19833-17086
No
Security Update
2.6.1-22
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19833-17086
CBL-Mariner Releases
CBL-Mariner Releases
20123-17086
No
Security Update
1.22.7-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20123-17086
CBL-Mariner Releases
CBL-Mariner Releases
19945-17086
17201-16823
No
Security Update
1.9.5-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19945-17086
17201-16823
CBL-Mariner Releases
CBL-Mariner Releases
19921-17086
17193-16823
17591-17084
No
Security Update
10.25.1-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19921-17086
17193-16823
17591-17084
CBL-Mariner Releases
CBL-Mariner Releases
19343-17084
17583-17084
No
Security Update
1.31.0-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19343-17084
17583-17084
CBL-Mariner Releases
CBL-Mariner Releases
17547-17084
19323-17084
No
Security Update
19.0.4-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17547-17084
19323-17084
CBL-Mariner Releases
CBL-Mariner Releases
19755-17086
No
Security Update
1.18.8-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19755-17086
CBL-Mariner Releases
CBL-Mariner Releases
17188-16823
19939-17086
No
Security Update
1.29.4-14
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17188-16823
19939-17086
CBL-Mariner Releases
CBL-Mariner Releases
19320-16823
19698-17086
No
Security Update
17.0.7-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19320-16823
19698-17086
CBL-Mariner Releases
CBL-Mariner Releases
17582-17084
No
Security Update
2.45.4-12
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17582-17084
CBL-Mariner Releases
CBL-Mariner Releases
17589-17084
19335-17084
No
Security Update
1.9.5-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17589-17084
19335-17084
CBL-Mariner Releases
CBL-Mariner Releases
17585-17084
19347-17084
No
Security Update
2.14.1-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17585-17084
19347-17084
CBL-Mariner Releases
CBL-Mariner Releases
19322-17084
No
Security Update
3.6.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19322-17084
CBL-Mariner Releases
CBL-Mariner Releases
19324-17084
No
Security Update
1.7.0-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19324-17084
CBL-Mariner Releases
CBL-Mariner Releases
17588-17084
19344-17084
No
Security Update
2.7.5-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17588-17084
19344-17084
CBL-Mariner Releases
CBL-Mariner Releases
19325-17084
No
Security Update
0.8.2-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19325-17084
CBL-Mariner Releases
CBL-Mariner Releases
19936-17086
No
Security Update
3.5.1-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19936-17086
CBL-Mariner Releases
CBL-Mariner Releases
19836-17086
No
Security Update
2.4.0-29
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19836-17086
CBL-Mariner Releases
1.0
2025-03-27T00:00:00
<p>Information published.</p>
2.0
2025-03-28T00:00:00
<p>Information published.</p>
8.0
2025-04-19T00:00:00
<p>Information published.</p>
1.0
2025-04-24T00:00:00
<p>Information published.</p>
3.0
2025-04-01T00:00:00
<p>Information published.</p>
4.0
2025-04-08T00:00:00
<p>Information published.</p>
5.0
2025-04-11T00:00:00
<p>Information published.</p>
6.0
2025-04-12T00:00:00
<p>Information published.</p>
7.0
2025-04-16T00:00:00
<p>Information published.</p>
9.0
2025-04-22T00:00:00
<p>Information published.</p>
10.0
2025-07-11T00:00:00
<p>Added golang to CBL-Mariner 2.0
Added git-lfs to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added azcopy to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added vitess to CBL-Mariner 2.0
Added prometheus to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added packer to Azure Linux 3.0
Added azcopy to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added git-lfs to Azure Linux 3.0
Added prometheus-process-exporter to Azure Linux 3.0
Added prometheus-node-exporter to Azure Linux 3.0
Added vitess to Azure Linux 3.0
Added telegraf to Azure Linux 3.0</p>
11.0
2026-02-18T02:16:11
<p>Information published.</p>
cifs.upcall makes an upcall to the wrong namespace in containerized environments
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat-cnalr
Yes
CVE-2025-2312
Exposure of Data Element to Wrong Session
19978-17086
19981-17084
19355-17084
19978-17086
19981-17084
19355-17084
Moderate
19978-17086
Moderate
19981-17084
Moderate
19355-17084
5.9
5.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
19978-17086
5.9
5.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
19981-17084
5.9
5.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
19355-17084
CBL-Mariner Releases
19978-17086
No
Security Update
6.14-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19978-17086
CBL-Mariner Releases
CBL-Mariner Releases
19981-17084
19355-17084
No
Security Update
7.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19981-17084
19355-17084
CBL-Mariner Releases
2.1
2026-02-18T01:36:26
<p>Information published.</p>
1.0
2025-04-08T00:00:00
<p>Information published.</p>
2.0
2025-04-09T00:00:00
<p>Information published.</p>
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2025-24855
Use After Free
20191-17086
20197-17084
17469-17084
20191-17086
20197-17084
17469-17084
Important
20191-17086
Important
20197-17084
Important
17469-17084
7.8
7.8
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
20191-17086
7.8
7.8
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
20197-17084
7.8
7.8
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
17469-17084
CBL-Mariner Releases
20191-17086
No
Security Update
1.1.34-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20191-17086
CBL-Mariner Releases
CBL-Mariner Releases
20197-17084
17469-17084
No
Security Update
1.1.43-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20197-17084
17469-17084
CBL-Mariner Releases
2.0
2025-04-01T00:00:00
<p>Information published.</p>
1.0
2025-03-25T00:00:00
<p>Information published.</p>
2.1
2026-02-18T14:42:46
<p>Information published.</p>
Hercules Augeas fa.c re_case_expand null pointer dereference
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-2588
NULL Pointer Dereference
20335-17086
19368-17084
20335-17086
19368-17084
Moderate
20335-17086
Moderate
19368-17084
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
20335-17086
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
19368-17084
CBL-Mariner Releases
20335-17086
19368-17084
No
Security Update
1.12.0-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20335-17086
19368-17084
CBL-Mariner Releases
1.0
2025-04-08T00:00:00
<p>Information published.</p>
2.0
2025-04-16T00:00:00
<p>Information published.</p>
2.1
2026-02-18T15:08:41
<p>Information published.</p>
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2025-27219
Allocation of Resources Without Limits or Throttling
19723-17086
19393-17084
19723-17086
19393-17084
Moderate
19723-17086
Moderate
19393-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19723-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19393-17084
CBL-Mariner Releases
19723-17086
No
Security Update
3.1.4-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19723-17086
CBL-Mariner Releases
CBL-Mariner Releases
19393-17084
No
Security Update
3.3.5-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19393-17084
CBL-Mariner Releases
1.0
2025-03-19T00:00:00
<p>Information published.</p>
2.0
2025-04-19T00:00:00
<p>Information published.</p>
2.1
2026-02-18T01:26:43
<p>Information published.</p>
Improper Input Validation in Vim
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-27423
Improper Neutralization of Special Elements used in a Command ('Command Injection')
19268-17084
19744-17086
19395-16823
19396-17084
19268-17084
19744-17086
19395-16823
19396-17084
Important
19268-17084
Important
19744-17086
Important
19395-16823
Important
19396-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
19268-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
19744-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
19395-16823
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
19396-17084
CBL-Mariner Releases
19268-17084
19744-17086
19395-16823
19396-17084
No
Security Update
9.1.1164-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19268-17084
19744-17086
19395-16823
19396-17084
CBL-Mariner Releases
2.0
2025-03-14T00:00:00
<p>Information published.</p>
1.0
2025-03-10T00:00:00
<p>Information published.</p>
2.1
2026-02-18T01:06:28
<p>Information published.</p>
PyTorch torch.mkldnn_max_pool2d denial of service
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-2953
Improper Resource Shutdown or Release
19407-17084
19949-17086
19407-17084
19949-17086
Moderate
19407-17084
Moderate
19949-17086
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
19407-17084
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
19949-17086
CBL-Mariner Releases
19407-17084
No
Security Update
2.2.2-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19407-17084
CBL-Mariner Releases
CBL-Mariner Releases
19949-17086
No
Security Update
2.0.0-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19949-17086
CBL-Mariner Releases
1.0
2025-05-27T00:00:00
<p>Information published.</p>
2.1
2026-02-21T03:37:40
<p>Information published.</p>
2.0
2025-07-11T00:00:00
<p>Added pytorch to CBL-Mariner 2.0
Added pytorch to Azure Linux 3.0</p>
go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-29923
Improper Input Validation
19343-17084
20739-17084
20797-17084
21127-17084
21258-17084
19414-17084
19347-17084
20969-17084
19343-17084
20739-17084
20797-17084
21127-17084
21258-17084
19414-17084
19347-17084
20969-17084
Low
19343-17084
Low
20739-17084
Low
20797-17084
Low
21127-17084
Low
21258-17084
Low
19414-17084
19347-17084
Low
20969-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
19343-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
20739-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
20797-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
21127-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
21258-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
19414-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
19347-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
20969-17084
CBL-Mariner Releases
19414-17084
19347-17084
No
Security Update
2.14.1-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19414-17084
19347-17084
CBL-Mariner Releases
1.0
2025-04-01T00:00:00
<p>Information published.</p>
2.0
2025-12-07T01:41:41
<p>Information published.</p>
3.0
2026-01-08T14:41:17
<p>Information published.</p>
4.0
2026-03-04T14:38:09
<p>Information published.</p>
5.0
2026-03-31T15:13:52
<p>Information published.</p>
6.0
2026-04-29T14:43:40
<p>Information published.</p>
jwt-go allows excessive memory allocation during header parsing
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-30204
Asymmetric Resource Consumption (Amplification)
19895-17084
17580-17084
19908-17084
19343-17084
19335-17084
19340-17084
19921-17086
19934-17086
19817-17086
19939-17086
19945-17086
20370-17086
19415-16823
19416-16823
19417-16823
19418-16823
19419-16823
17200-16823
19420-16823
19421-16823
19422-16823
19424-17084
17524-17084
19425-17084
19426-17084
19414-17084
19427-17084
19428-17084
19429-17084
19430-17084
19431-17084
19432-17084
19433-17084
19434-17084
17582-17084
17591-17084
19729-17084
19347-17084
19923-17086
19789-17086
19912-17086
19867-17086
19720-17086
19761-17086
18201-17086
19895-17084
17580-17084
19908-17084
19343-17084
19335-17084
19340-17084
19921-17086
19934-17086
19817-17086
19939-17086
19945-17086
20370-17086
19415-16823
19416-16823
19417-16823
19418-16823
19419-16823
17200-16823
19420-16823
19421-16823
19422-16823
19424-17084
17524-17084
19425-17084
19426-17084
19414-17084
19427-17084
19428-17084
19429-17084
19430-17084
19431-17084
19432-17084
19433-17084
19434-17084
17582-17084
17591-17084
19729-17084
19347-17084
19923-17086
19789-17086
19912-17086
19867-17086
19720-17086
19761-17086
18201-17086
Important
19895-17084
Important
17580-17084
Important
19908-17084
Important
19343-17084
Important
19335-17084
Important
19340-17084
Important
19921-17086
Important
19934-17086
Important
19817-17086
Important
19939-17086
Important
19945-17086
Important
20370-17086
Important
19415-16823
Important
19416-16823
Important
19417-16823
Important
19418-16823
Important
19419-16823
Important
17200-16823
Important
19420-16823
Important
19421-16823
Important
19422-16823
Important
19424-17084
Important
17524-17084
Important
19425-17084
Important
19426-17084
Important
19414-17084
Important
19427-17084
Important
19428-17084
Important
19429-17084
Important
19430-17084
Important
19431-17084
Important
19432-17084
Important
19433-17084
Important
19434-17084
Important
17582-17084
Important
17591-17084
Important
19729-17084
Important
19347-17084
19923-17086
Important
19789-17086
19912-17086
Important
19867-17086
Important
19720-17086
Important
19761-17086
Important
18201-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19895-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17580-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19908-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19343-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19335-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19340-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19921-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19934-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19817-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19939-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19945-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20370-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19415-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19416-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19417-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19418-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19419-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17200-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19420-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19421-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19422-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19424-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17524-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19425-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19426-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19414-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19427-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19428-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19429-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19430-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19431-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19432-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19433-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19434-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17582-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17591-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19729-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19347-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19923-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19789-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19912-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19867-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19720-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19761-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18201-17086
CBL-Mariner Releases
19895-17084
19434-17084
No
Security Update
0.24.2-12
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19895-17084
19434-17084
CBL-Mariner Releases
CBL-Mariner Releases
17580-17084
19934-17086
17200-16823
19431-17084
No
Security Update
3.5.21-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17580-17084
19934-17086
17200-16823
19431-17084
CBL-Mariner Releases
CBL-Mariner Releases
19908-17084
19428-17084
No
Security Update
1.11.4-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19908-17084
19428-17084
CBL-Mariner Releases
CBL-Mariner Releases
19343-17084
19425-17084
No
Security Update
1.31.0-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19343-17084
19425-17084
CBL-Mariner Releases
CBL-Mariner Releases
19335-17084
17524-17084
No
Security Update
1.9.5-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19335-17084
17524-17084
CBL-Mariner Releases
CBL-Mariner Releases
19340-17084
19424-17084
No
Security Update
1.30.10-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19340-17084
19424-17084
CBL-Mariner Releases
CBL-Mariner Releases
19921-17086
No
Security Update
10.25.1-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19921-17086
CBL-Mariner Releases
CBL-Mariner Releases
19817-17086
19418-16823
No
Security Update
1.11.2-21
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19817-17086
19418-16823
CBL-Mariner Releases
CBL-Mariner Releases
19939-17086
19417-16823
No
Security Update
1.29.4-13
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19939-17086
19417-16823
CBL-Mariner Releases
CBL-Mariner Releases
19945-17086
19415-16823
No
Security Update
1.9.5-12
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19945-17086
19415-16823
CBL-Mariner Releases
CBL-Mariner Releases
19416-16823
19761-17086
No
Security Update
1.28.4-16
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19416-16823
19761-17086
CBL-Mariner Releases
CBL-Mariner Releases
19419-16823
19720-17086
No
Security Update
2.37.9-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19419-16823
19720-17086
CBL-Mariner Releases
CBL-Mariner Releases
19420-16823
19867-17086
No
Security Update
1.11.1-16
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19420-16823
19867-17086
CBL-Mariner Releases
CBL-Mariner Releases
19421-16823
19912-17086
18201-17086
No
Security Update
1.3.2-24
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19421-16823
19912-17086
18201-17086
CBL-Mariner Releases
CBL-Mariner Releases
19422-16823
19789-17086
No
Security Update
24.0.9-16
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19422-16823
19789-17086
CBL-Mariner Releases
CBL-Mariner Releases
19426-17084
No
Security Update
1.7.7-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19426-17084
CBL-Mariner Releases
CBL-Mariner Releases
19414-17084
19347-17084
No
Security Update
2.14.1-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19414-17084
19347-17084
CBL-Mariner Releases
CBL-Mariner Releases
19427-17084
19729-17084
No
Security Update
25.0.3-12
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19427-17084
19729-17084
CBL-Mariner Releases
CBL-Mariner Releases
19429-17084
No
Security Update
2.3.2-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19429-17084
CBL-Mariner Releases
CBL-Mariner Releases
19430-17084
17591-17084
No
Security Update
10.25.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19430-17084
17591-17084
CBL-Mariner Releases
CBL-Mariner Releases
19432-17084
No
Security Update
1.12.15-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19432-17084
CBL-Mariner Releases
CBL-Mariner Releases
19433-17084
17582-17084
No
Security Update
2.45.4-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19433-17084
17582-17084
CBL-Mariner Releases
1.0
2025-04-01T00:00:00
<p>Information published.</p>
5.0
2025-04-23T00:00:00
<p>Information published.</p>
2.0
2025-04-08T00:00:00
<p>Information published.</p>
3.0
2025-04-11T00:00:00
<p>Information published.</p>
4.0
2025-04-12T00:00:00
<p>Information published.</p>
6.0
2025-04-26T00:00:00
<p>Information published.</p>
7.0
2026-02-18T01:30:15
<p>Information published.</p>
RabbitMQ has XSS Vulnerability in an Error Message in Management UI
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-30219
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
19983-17086
19440-17084
19983-17086
19440-17084
Moderate
19983-17086
Moderate
19440-17084
6.1
6.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L
19983-17086
6.1
6.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L
19440-17084
CBL-Mariner Releases
19983-17086
No
Security Update
3.11.24-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19983-17086
CBL-Mariner Releases
CBL-Mariner Releases
19440-17084
No
Security Update
3.13.7-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19440-17084
CBL-Mariner Releases
1.0
2025-04-08T00:00:00
<p>Information published.</p>
2.1
2026-02-18T01:37:27
<p>Information published.</p>
2.0
2025-04-16T00:00:00
<p>Information published.</p>
containerd has an integer overflow in User ID handling
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2024-40635
Integer Overflow or Wraparound
17461-17084
17467-17084
17468-17084
19845-17086
19972-17084
19848-17086
17461-17084
17467-17084
17468-17084
19845-17086
19972-17084
19848-17086
Moderate
17461-17084
Moderate
17467-17084
Moderate
17468-17084
Moderate
19845-17086
Moderate
19972-17084
Moderate
19848-17086
4.6
4.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
17461-17084
4.6
4.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
17467-17084
4.6
4.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
17468-17084
4.6
4.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
19845-17086
4.6
4.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
19972-17084
4.6
4.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
19848-17086
CBL-Mariner Releases
17461-17084
No
Security Update
1.7.7-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17461-17084
CBL-Mariner Releases
CBL-Mariner Releases
17467-17084
19972-17084
No
Security Update
2.0.0-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17467-17084
19972-17084
CBL-Mariner Releases
CBL-Mariner Releases
17468-17084
No
Security Update
1.7.13-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17468-17084
CBL-Mariner Releases
CBL-Mariner Releases
19845-17086
No
Security Update
1.6.26-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19845-17086
CBL-Mariner Releases
CBL-Mariner Releases
19848-17086
No
Security Update
1.7.7-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19848-17086
CBL-Mariner Releases
1.0
2025-05-05T00:00:00
<p>Information published.</p>
1.1
2026-02-18T15:02:44
<p>Information published.</p>
ubifs: skip dumping tnc tree when zroot is null
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58058
NULL Pointer Dereference
17095-16823
19705-17086
17099-17086
17095-16823
19705-17086
17099-17086
Moderate
17095-16823
19705-17086
17099-17086
CBL-Mariner Releases
17095-16823
19705-17086
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17095-16823
19705-17086
17099-17086
CBL-Mariner Releases
1.0
2025-05-05T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:19:05
<p>Information published.</p>
team: prevent adding a device which is already a team device lower
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58071
Improper Locking
17095-16823
19705-17086
17099-17086
17095-16823
19705-17086
17099-17086
Moderate
17095-16823
19705-17086
17099-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17095-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19705-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17099-17086
CBL-Mariner Releases
17095-16823
19705-17086
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17095-16823
19705-17086
17099-17086
CBL-Mariner Releases
1.0
2025-05-05T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:20:40
<p>Information published.</p>
clk: qcom: gcc-sm6350: Add missing parent_map for two clocks
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58076
NULL Pointer Dereference
17095-16823
19705-17086
17099-17086
17095-16823
19705-17086
17099-17086
Moderate
17095-16823
19705-17086
17099-17086
CBL-Mariner Releases
17095-16823
19705-17086
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17095-16823
19705-17086
17099-17086
CBL-Mariner Releases
1.0
2025-05-05T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:16:20
<p>Information published.</p>
Libexpat: expat: improper restriction of xml entity expansion depth in libexpat
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2024-8176
Uncontrolled Recursion
17470-17084
20047-17086
20210-17086
19681-17086
17464-17084
17604-17084
17470-17084
20047-17086
20210-17086
19681-17086
17464-17084
17604-17084
Important
17470-17084
Important
20047-17086
Important
20210-17086
Important
19681-17086
Important
17464-17084
Important
17604-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17470-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20047-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20210-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19681-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17464-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17604-17084
CBL-Mariner Releases
17470-17084
20210-17086
No
Security Update
2.6.4-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17470-17084
20210-17086
CBL-Mariner Releases
2.1
2026-02-21T02:38:52
<p>Information published.</p>
1.0
2025-03-26T00:00:00
<p>Information published.</p>
2.0
2025-04-12T00:00:00
<p>Information published.</p>
KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21839
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-21T03:45:17
<p>Information published.</p>
ibmvnic: Don't reference skb after sending to VIOS
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21855
18490-17086
17471-17084
19682-17086
18490-17086
17471-17084
19682-17086
Important
18490-17086
Important
17471-17084
19682-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18490-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17471-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19682-17086
CBL-Mariner Releases
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
CBL-Mariner Releases
2.0
2026-02-21T02:15:21
<p>Information published.</p>
1.0
2025-04-09T00:00:00
<p>Information published.</p>
gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21865
Out-of-bounds Write
17471-17084
17471-17084
Moderate
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
CBL-Mariner Releases
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:22:59
<p>Information published.</p>
RDMA/mlx5: Fix a WARN during dereg_mr for DM type
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21888
19683-17084
20412-17084
20725-17084
20823-17084
20860-17084
20925-17086
21094-17084
21093-17086
21248-17084
21332-17084
20553-17084
17087-17086
20613-17084
20788-17084
20956-17084
21308-17084
21344-17084
19683-17084
20412-17084
20725-17084
20823-17084
20860-17084
20925-17086
21094-17084
21093-17086
21248-17084
21332-17084
20553-17084
17087-17086
20613-17084
20788-17084
20956-17084
21308-17084
21344-17084
19683-17084
Moderate
20412-17084
Moderate
20725-17084
Moderate
20823-17084
Moderate
20860-17084
Moderate
20925-17086
Moderate
21094-17084
Moderate
21093-17086
Moderate
21248-17084
Moderate
21332-17084
Moderate
20553-17084
Moderate
17087-17086
Moderate
20613-17084
Moderate
20788-17084
Moderate
20956-17084
Moderate
21308-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21094-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20956-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2025-12-07T01:40:40
<p>Information published.</p>
4.0
2026-01-20T14:50:26
<p>Information published.</p>
8.0
2026-03-31T15:18:28
<p>Information published.</p>
9.0
2026-04-29T14:56:00
<p>Information published.</p>
1.0
2025-09-03T22:06:02
<p>Information published.</p>
3.0
2026-01-08T14:37:41
<p>Information published.</p>
5.0
2026-02-19T01:51:54
<p>Information published.</p>
6.0
2026-03-03T14:44:39
<p>Information published.</p>
7.0
2026-03-04T14:45:07
<p>Information published.</p>
10.0
2026-05-06T14:49:43
<p>Information published.</p>
11.0
2026-05-11T01:48:07
<p>Information published.</p>
12.0
2026-05-17T14:49:07
<p>Information published.</p>
ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21870
20613-17084
20725-17084
20956-17084
21094-17084
19683-17084
20412-17084
20553-17084
20788-17084
20823-17084
20860-17084
21248-17084
21308-17084
21332-17084
21344-17084
20613-17084
20725-17084
20956-17084
21094-17084
19683-17084
20412-17084
20553-17084
20788-17084
20823-17084
20860-17084
21248-17084
21308-17084
21332-17084
21344-17084
Moderate
20613-17084
Moderate
20725-17084
Moderate
20956-17084
Moderate
21094-17084
19683-17084
Moderate
20412-17084
Moderate
20553-17084
Moderate
20788-17084
Moderate
20823-17084
Moderate
20860-17084
Moderate
21248-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20956-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21094-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2025-09-03T22:08:37
<p>Information published.</p>
2.0
2025-12-07T01:40:50
<p>Information published.</p>
5.0
2026-02-19T01:52:00
<p>Information published.</p>
6.0
2026-03-04T14:45:14
<p>Information published.</p>
7.0
2026-03-31T15:18:35
<p>Information published.</p>
10.0
2026-05-11T01:48:16
<p>Information published.</p>
3.0
2026-01-08T14:37:51
<p>Information published.</p>
4.0
2026-01-20T14:50:35
<p>Information published.</p>
8.0
2026-04-30T01:48:36
<p>Information published.</p>
9.0
2026-05-06T14:49:50
<p>Information published.</p>
11.0
2026-05-17T14:49:15
<p>Information published.</p>
f2fs: initialize locks earlier in f2fs_fill_super()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49742
Improper Locking
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
1.0
2025-09-03T23:31:05
<p>Information published.</p>
2.0
2026-03-03T15:01:42
<p>Information published.</p>
3.0
2026-03-31T14:47:10
<p>Information published.</p>
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2023-53001
20036-17086
20036-17086
20036-17086
1.0
2025-09-04T00:24:12
<p>Information published.</p>
Potential iSCSI R2T PDU Vulnerability
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
TianoCore
Yes
CVE-2025-2295
Integer Overflow or Wraparound
19733-17086
19662-17086
17459-17084
20377-17086
20378-17086
20779-17086
20780-17086
20900-17086
20128-17084
20132-17086
20577-17084
20793-17084
20898-17084
20899-17086
17093-17086
19733-17086
19662-17086
17459-17084
20377-17086
20378-17086
20779-17086
20780-17086
20900-17086
20128-17084
20132-17086
20577-17084
20793-17084
20898-17084
20899-17086
17093-17086
19733-17086
19662-17086
Low
17459-17084
Low
20377-17086
Low
20378-17086
Low
20779-17086
Low
20780-17086
Low
20900-17086
Low
20128-17084
20132-17086
Low
20577-17084
Low
20793-17084
Low
20898-17084
Low
20899-17086
Low
17093-17086
3.5
3.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
19733-17086
3.5
3.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
19662-17086
3.5
3.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
17459-17084
3.5
3.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
20377-17086
3.5
3.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
20378-17086
3.5
3.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
20779-17086
3.5
3.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
20780-17086
3.5
3.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
20900-17086
3.5
3.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
20128-17084
3.5
3.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
20132-17086
3.5
3.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
20577-17084
3.5
3.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
20793-17084
3.5
3.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
20898-17084
3.5
3.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
20899-17086
3.5
3.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
17093-17086
CBL-Mariner Releases
20900-17086
No
Security Update
1.0.1-16
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20900-17086
CBL-Mariner Releases
CBL-Mariner Releases
20898-17084
No
Security Update
20240524git3e722403cd16-14
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20898-17084
CBL-Mariner Releases
CBL-Mariner Releases
20899-17086
No
Security Update
20230301gitf80f052277c8-45
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20899-17086
CBL-Mariner Releases
2.0
2026-01-03T01:36:30
<p>Information published.</p>
3.0
2026-01-08T14:39:00
<p>Information published.</p>
4.0
2026-02-18T14:59:30
<p>Information published.</p>
1.0
2025-09-04T01:04:20
<p>Information published.</p>
Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2025-27809
Initialization of a Resource with an Insecure Default
19662-17086
17459-17084
17093-17086
19662-17086
17459-17084
17093-17086
19662-17086
Moderate
17459-17084
Moderate
17093-17086
5.4
5.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
19662-17086
5.4
5.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
17459-17084
5.4
5.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
17093-17086
1.0
2025-09-04T04:49:10
<p>Information published.</p>
2.0
2026-02-18T02:56:16
<p>Information published.</p>
Grub2: fs/tar: integer overflow causes heap oob write
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2024-45780
Out-of-bounds Write
19588-17084
20107-17086
20521-17086
20560-17084
19588-17084
20107-17086
20521-17086
20560-17084
Moderate
19588-17084
Moderate
20107-17086
Moderate
20521-17086
Moderate
20560-17084
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
19588-17084
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
20107-17086
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
20521-17086
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
20560-17084
CBL-Mariner Releases
19588-17084
20560-17084
No
Security Update
2.06-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19588-17084
20560-17084
CBL-Mariner Releases
CBL-Mariner Releases
20107-17086
20521-17086
No
Security Update
2.06-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20107-17086
20521-17086
CBL-Mariner Releases
1.0
2025-09-04T06:35:46
<p>Information published.</p>
Grub2: fs/bfs: integer overflow leads to heap oob read in the bfs parser
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2024-45779
Integer Overflow or Wraparound
19588-17084
20107-17086
20521-17086
20560-17084
19588-17084
20107-17086
20521-17086
20560-17084
Moderate
19588-17084
Moderate
20107-17086
Moderate
20521-17086
Moderate
20560-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
19588-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
20107-17086
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
20521-17086
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
20560-17084
CBL-Mariner Releases
19588-17084
20560-17084
No
Security Update
2.06-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19588-17084
20560-17084
CBL-Mariner Releases
CBL-Mariner Releases
20107-17086
20521-17086
No
Security Update
2.06-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20107-17086
20521-17086
CBL-Mariner Releases
1.0
2025-09-04T06:42:54
<p>Information published.</p>
Grub2: udf: heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-0689
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
19588-17084
20107-17086
20521-17086
20560-17084
19588-17084
20107-17086
20521-17086
20560-17084
Moderate
19588-17084
Moderate
20107-17086
Moderate
20521-17086
Moderate
20560-17084
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
19588-17084
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20107-17086
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20521-17086
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20560-17084
CBL-Mariner Releases
19588-17084
20560-17084
No
Security Update
2.06-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19588-17084
20560-17084
CBL-Mariner Releases
CBL-Mariner Releases
20107-17086
20521-17086
No
Security Update
2.06-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20107-17086
20521-17086
CBL-Mariner Releases
1.0
2025-09-04T06:48:57
<p>Information published.</p>
Grub2: fs/hfs: integer overflow may lead to heap based out-of-bounds write
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-1125
Out-of-bounds Write
20521-17086
19588-17084
20107-17086
20560-17084
20521-17086
19588-17084
20107-17086
20560-17084
Moderate
20521-17086
Moderate
19588-17084
Moderate
20107-17086
Moderate
20560-17084
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20521-17086
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
19588-17084
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20107-17086
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20560-17084
CBL-Mariner Releases
20521-17086
20107-17086
No
Security Update
2.06-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20521-17086
20107-17086
CBL-Mariner Releases
CBL-Mariner Releases
19588-17084
20560-17084
No
Security Update
2.06-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19588-17084
20560-17084
CBL-Mariner Releases
1.0
2025-09-04T06:54:25
<p>Information published.</p>
Grub2: squash4: integer overflow may lead to heap based out-of-bounds write when reading data
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-0678
Integer Overflow or Wraparound
19588-17084
20521-17086
20560-17084
20107-17086
19588-17084
20521-17086
20560-17084
20107-17086
Moderate
19588-17084
Moderate
20521-17086
Moderate
20560-17084
Moderate
20107-17086
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
19588-17084
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20521-17086
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20560-17084
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20107-17086
CBL-Mariner Releases
19588-17084
20560-17084
No
Security Update
2.06-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19588-17084
20560-17084
CBL-Mariner Releases
CBL-Mariner Releases
20521-17086
20107-17086
No
Security Update
2.06-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20521-17086
20107-17086
CBL-Mariner Releases
1.0
2025-09-04T07:43:19
<p>Information published.</p>
Grub2: romfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading dat
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-0686
Out-of-bounds Write
19588-17084
20107-17086
20521-17086
20560-17084
19588-17084
20107-17086
20521-17086
20560-17084
Moderate
19588-17084
Moderate
20107-17086
Moderate
20521-17086
Moderate
20560-17084
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
19588-17084
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20107-17086
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20521-17086
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20560-17084
CBL-Mariner Releases
19588-17084
20560-17084
No
Security Update
2.06-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19588-17084
20560-17084
CBL-Mariner Releases
CBL-Mariner Releases
20107-17086
20521-17086
No
Security Update
2.06-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20107-17086
20521-17086
CBL-Mariner Releases
1.0
2025-09-04T07:49:23
<p>Information published.</p>
Grub2: fs/bfs: integer overflow in the bfs parser.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2024-45778
Integer Overflow or Wraparound
20107-17086
19588-17084
20521-17086
20560-17084
20107-17086
19588-17084
20521-17086
20560-17084
Moderate
20107-17086
Moderate
19588-17084
Moderate
20521-17086
Moderate
20560-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20107-17086
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
19588-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20521-17086
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20560-17084
CBL-Mariner Releases
20107-17086
20521-17086
No
Security Update
2.06-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20107-17086
20521-17086
CBL-Mariner Releases
CBL-Mariner Releases
19588-17084
20560-17084
No
Security Update
2.06-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19588-17084
20560-17084
CBL-Mariner Releases
1.0
2025-09-04T08:11:42
<p>Information published.</p>
rxrpc: Fix handling of received connection abort
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58053
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
Moderate
20925-17086
Moderate
21093-17086
Moderate
17087-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20925-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21093-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
17087-17086
1.0
2025-10-29T01:01:32
<p>Information published.</p>
3.0
2026-03-31T14:49:27
<p>Information published.</p>
2.0
2026-03-03T14:40:56
<p>Information published.</p>
usb: gadget: core: flush gadget workqueue after device removal
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21838
20925-17086
17087-17086
21093-17086
20925-17086
17087-17086
21093-17086
Moderate
20925-17086
Moderate
17087-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
2.0
2026-03-03T14:44:06
<p>Information published.</p>
3.0
2026-03-31T14:54:59
<p>Information published.</p>
1.0
2025-10-31T01:03:01
<p>Information published.</p>
thermal: core: call put_device() only after device_register() fails
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2023-53012
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
Low
21093-17086
Low
17087-17086
Low
20925-17086
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
21093-17086
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
17087-17086
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
20925-17086
1.0
2025-11-01T01:01:36
<p>Information published.</p>
2.0
2026-03-03T14:46:31
<p>Information published.</p>
3.0
2026-03-31T14:59:06
<p>Information published.</p>
PyTorch torch.nn.utils.rnn.pad_packed_sequence memory corruption
Mariner
VulDB
Yes
CVE-2025-2998
Improper Restriction of Operations within the Bounds of a Memory Buffer
19407-17084
19949-17086
19407-17084
19949-17086
Moderate
19407-17084
Moderate
19949-17086
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
19407-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
19949-17086
1.0
2025-11-15T01:01:24
<p>Information published.</p>
PyTorch torch.lstm_cell memory corruption
Mariner
VulDB
Yes
CVE-2025-3001
Improper Restriction of Operations within the Bounds of a Memory Buffer
20694-17086
20729-17084
20799-17084
20874-17086
20694-17086
20729-17084
20799-17084
20874-17086
Moderate
20694-17086
Moderate
20729-17084
Moderate
20799-17084
Moderate
20874-17086
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
20694-17086
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
20729-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
20799-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
20874-17086
CBL-Mariner Releases
20694-17086
20874-17086
No
Security Update
2.0.0-12
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20694-17086
20874-17086
CBL-Mariner Releases
CBL-Mariner Releases
20729-17084
20799-17084
No
Security Update
2.2.2-10
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20729-17084
20799-17084
CBL-Mariner Releases
1.0
2025-12-25T01:06:25
<p>Information published.</p>
2.0
2025-12-25T01:38:09
<p>Information published.</p>
3.0
2026-01-05T01:38:00
<p>Information published.</p>
4.0
2026-01-08T14:42:11
<p>Information published.</p>
5.0
2026-02-18T02:40:12
<p>Information published.</p>
Gnuplot: gnuplot segmentation fault on x11_graphics
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-31181
NULL Pointer Dereference
20003-17086
20005-17084
20003-17086
20005-17084
Moderate
20003-17086
Moderate
20005-17084
6.2
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20003-17086
6.2
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20005-17084
1.0
2025-09-03T21:08:11
<p>Information published.</p>
Gnuplot: gnuplot segmentation fault on xstrftime
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-31179
NULL Pointer Dereference
20003-17086
20005-17084
20003-17086
20005-17084
Moderate
20003-17086
Moderate
20005-17084
6.2
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20003-17086
6.2
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20005-17084
1.0
2025-09-03T21:05:02
<p>Information published.</p>
atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2025-31160
Reachable Assertion
19971-17086
20689-17086
19974-17084
20741-17084
19971-17086
20689-17086
19974-17084
20741-17084
Low
19971-17086
Low
20689-17086
Low
19974-17084
Low
20741-17084
2.9
2.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U
19971-17086
2.9
2.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U
20689-17086
2.9
2.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U
19974-17084
2.9
2.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U
20741-17084
CBL-Mariner Releases
19971-17086
20689-17086
No
Security Update
2.6.0-10
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19971-17086
20689-17086
CBL-Mariner Releases
CBL-Mariner Releases
19974-17084
20741-17084
No
Security Update
2.9.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19974-17084
20741-17084
CBL-Mariner Releases
1.0
2025-09-03T20:44:50
<p>Information published.</p>
4.0
2025-12-06T14:35:36
<p>Information published.</p>
5.0
2025-12-07T01:41:54
<p>Information published.</p>
2.0
2025-11-20T01:34:52
<p>Information published.</p>
3.0
2025-12-01T01:35:44
<p>Information published.</p>
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
<p>Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources.</p>
<p>Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.</p>
<p>Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.</p>
<p><strong>Why are we publishing this Kubernetes CVE in the Security Update Guide?</strong></p>
<p>We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnerabilities in the Kubernetes NGINX Ingress Controller. Some of these vulnerabilities might affect you if you have this component running in your Kubernetes cluster.</p>
<p><strong>How do I know if I am affected by these vulnerabilities?</strong></p>
<p>If you are running your own <strong>Kubernetes NGINX Ingress Controller, please review the CVEs and mitigate by updating to the latest patch versions</strong> (v1.11.5 and v1.12.1).</p>
<p><strong>If you are using the</strong> <a href="http://learn.microsoft.com/en-us/azure/aks/app-routing">Managed NGINX ingress with the application routing add-on</a> on AKS, the patches are being rolled out to all regions and should be completed in a few days. No customer action is required.</p>
<p>The status of the AKS deployment can be monitored here: <a href="https://releases.aks.azure.com/">AKS Release Status</a>.</p>
<p><strong>Where can I find more information about these vulnerabilities?</strong></p>
<table>
<thead>
<tr>
<th>CVE ID</th>
<th>Link to Github Issue</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1098">CVE-2025-1098</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131008">Github 131008</a></td>
</tr>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1974">CVE-2025-1974</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131009">Github 131009</a></td>
</tr>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1097">CVE-2025-1097</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131007">Github 131007</a></td>
</tr>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24514">CVE-2025-24514</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131006">Github 131006</a></td>
</tr>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24513">CVE-2025-24513</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131005">Github 131005</a></td>
</tr>
</tbody>
</table>
Microsoft Azure Kubernetes Service
Kubernetes
Yes
CVE-2025-24513
11870
11870
11870
1.0
2025-03-24T07:00:00
<p>Information published.</p>
Windows Remote Desktop Services Remote Code Execution Vulnerability
<p>Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could successfully exploit this vulnerability by attempting to connect to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.</p>
Windows Remote Desktop Services
Microsoft
Yes
CVE-2025-24035
Sensitive Data Storage in Improperly Locked Memory
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
12437
Critical
12242
Critical
12243
Critical
12244
Critical
12389
Critical
12390
Critical
12436
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053888
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053888
5052038
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23168
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053888
5053888
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053995
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053995
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23168
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053995
5053995
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053620
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620
5052016
10051
10049
Yes
Monthly Rollup
6.1.7601.27618
https://support.microsoft.com/help/5053620
10051
10049
5053620
5053627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627
10051
10049
Yes
Security Only
6.1.7601.27618
https://support.microsoft.com/help/5053627
10051
10049
5053627
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
ʌ!ɔ⊥ojv with Kunlun Lab
Anonymous
Anonymous
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability
<p><strong>Why is this Synaptics CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is Synaptics' Audio Effects component, which is consumed by Microsoft Windows. It is being documented in the Security Update Guide to announce that the latest builds of Windows are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p>
Microsoft Windows
Synaptics, Inc.
Yes
CVE-2024-9157
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053888
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053888
5052038
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23168
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053888
5053888
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053995
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053995
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23168
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053995
5053995
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053620
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620
5052016
10051
10049
Yes
Monthly Rollup
6.1.7601.27618
https://support.microsoft.com/help/5053620
10051
10049
5053620
5053627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627
10051
10049
Yes
Security Only
6.1.7601.27618
https://support.microsoft.com/help/5053627
10051
10049
5053627
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
<a href="https://www.facebook.com/hantwister/">Harrison Neal</a> with <a href="https://www.patchadvisor.com/">PatchAdvisor</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
<p>Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Win32 Kernel Subsystem
Microsoft
Yes
CVE-2025-24044
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
Benjamin Rodes from Microsoft
<a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities & Mitigations
1.0
2025-03-11T07:00:00
<p>Information published.</p>
1.1
2025-12-17T08:00:00
<p>Added an acknowledgement. This is an informational change only.</p>
WinDbg Remote Code Execution Vulnerability
<p>Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p>
.NET
Microsoft
Yes
CVE-2025-24043
Improper Verification of Cryptographic Signature
12498
Remote Code Execution
12498
Important
12498
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12498
Release Notes
https://apps.microsoft.com/detail/WinDbg Preview/9PGJGD53TN86?launch=true&mode=mini
12498
Maybe
Security Update
1.2502.25002.0
https://learn.microsoft.com/en-us/windows-hardware/drivers/debuggercmds/windbg-release-notes#12502250020
12498
Release Notes
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
Microsoft Office
Microsoft
Yes
CVE-2025-24057
Heap-based Buffer Overflow
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10753
10754
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10753
Remote Code Execution
10754
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10753
Important
10754
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10753
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10754
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.95.25030928
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002693
https://www.microsoft.com/en-us/download/details.aspx?id=108030
5002686
10753
10754
Maybe
Security Update
16.0.5491.1001
https://support.microsoft.com/help/5002693
10753
10754
5002693
0x140ce(Peace & Love)
1.0
2025-03-11T07:00:00
<p>Information published.</p>
ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
<p>Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain the privileges of the compromised user.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p>
ASP.NET Core & Visual Studio
Microsoft
Yes
CVE-2025-24070
Weak Authentication
12256
12507
12459
12506
12271
12322
Elevation of Privilege
12256
Elevation of Privilege
12507
Elevation of Privilege
12459
Elevation of Privilege
12506
Elevation of Privilege
12271
Elevation of Privilege
12322
Important
12256
Important
12507
Important
12459
Important
12506
Important
12271
Important
12322
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C
12256
7.0
6.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C
12507
7.0
6.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C
12459
7.0
6.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C
12506
7.0
6.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C
12271
7.0
6.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C
12322
5054229
https://dotnet.microsoft.com/en-us/download/dotnet/8.0
12256
Maybe
Security Update
8.0.14
https://support.microsoft.com/help/5054229
12256
5054229
5054230
https://dotnet.microsoft.com/en-us/download/dotnet/9.0
12507
Maybe
Security Update
9.0.3
https://support.microsoft.com/help/5054230
12507
5054230
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12
12459
Maybe
Security Update
17.12.6
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12459
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.13
12506
Maybe
Security Update
17.13.3
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12506
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8
12271
Maybe
Security Update
17.8.19
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12271
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10
12322
Maybe
Security Update
17.10.12
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12322
Release Notes
Zahid TOKAT
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Microsoft Word Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Word
Microsoft
Yes
CVE-2025-24077
Use After Free
11762
11763
11951
12420
12421
12440
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Important
11762
Important
11763
Important
11951
Important
12420
Important
12421
Important
12440
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
Click to Run
11762
11763
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates
11762
11763
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.95.25030928
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Microsoft Word Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Word
Microsoft
Yes
CVE-2025-24078
Use After Free
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10746
10747
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10746
Remote Code Execution
10747
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10746
Important
10747
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10746
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10747
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.95.25030928
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002662
https://www.microsoft.com/en-us/download/details.aspx?id=108028
5002619
10746
10747
Maybe
Security Update
16.0.18526.20080
https://support.microsoft.com/help/5002662
10746
10747
5002662
Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Microsoft Word Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Word
Microsoft
Yes
CVE-2025-24079
Use After Free
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10746
10747
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10746
Remote Code Execution
10747
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10746
Important
10747
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10746
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10747
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.95.25030928
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002662
https://www.microsoft.com/en-us/download/details.aspx?id=108028
5002619
10746
10747
Maybe
Security Update
16.0.18526.20080
https://support.microsoft.com/help/5002662
10746
10747
5002662
Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office
Microsoft
Yes
CVE-2025-24080
Use After Free
11573
11574
11762
11763
11952
11953
12420
12421
10753
10754
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
10753
Remote Code Execution
10754
Important
11573
Important
11574
Important
11762
Important
11763
Important
11952
Important
11953
Important
12420
Important
12421
Important
10753
Important
10754
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10753
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10754
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
5002693
https://www.microsoft.com/en-us/download/details.aspx?id=108030
5002686
10753
10754
Maybe
Security Update
16.0.5491.1001
https://support.microsoft.com/help/5002693
10753
10754
5002693
Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p>
<p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-24081
Use After Free
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002690
https://www.microsoft.com/en-us/download/details.aspx?id=108026
5002679
10836
Maybe
Security Update
16.0.10416.20073
https://support.microsoft.com/help/5002690
10836
5002690
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.95.25030928
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002696
https://www.microsoft.com/en-us/download/details.aspx?id=108022
5002687
10739
10740
Maybe
Security Update
16.0.5491.1000
https://support.microsoft.com/help/5002696
10739
10740
5002696
5002694
https://www.microsoft.com/en-us/download/details.aspx?id=108029
5002684
10739
10740
Maybe
Security Update
16.0.5491.1000
https://support.microsoft.com/help/5002696
10739
10740
5002694
Anonymous
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-24082
Use After Free
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002690
https://www.microsoft.com/en-us/download/details.aspx?id=108026
5002679
10836
Maybe
Security Update
16.0.10416.20073
https://support.microsoft.com/help/5002690
10836
5002690
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.95.25030928
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002696
https://www.microsoft.com/en-us/download/details.aspx?id=108022
5002687
10739
10740
Maybe
Security Update
16.0.5491.1000
https://support.microsoft.com/help/5002696
10739
10740
5002696
f4
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
Microsoft Office
Microsoft
Yes
CVE-2025-24083
Untrusted Pointer Dereference
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10753
10754
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10753
Remote Code Execution
10754
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10753
Important
10754
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10753
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10754
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.95.25030928
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002693
https://www.microsoft.com/en-us/download/details.aspx?id=108030
5002686
10753
10754
Maybe
Security Update
16.0.5491.1001
https://support.microsoft.com/help/5002693
10753
10754
5002693
0x140ce(Peace & Love)
Exodus Intelligence Vendor Disclosure Team with <a href="https://exodusintel.com/">Exodus Intelligence</a>
Exodus Intelligence Vendor Disclosure Team with <a href="https://exodusintel.com/">Exodus Intelligence</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Azure Promptflow Remote Code Execution Vulnerability
<p>Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p>
<p>While an attacker can access some data, that data is not customer’s data, or any highly sensitive/critical information; furthermore an attacker cannot affect the availability of the product.</p>
Azure PromptFlow
Microsoft
Yes
CVE-2025-24986
Improper Isolation or Compartmentalization
12509
12510
Remote Code Execution
12509
Remote Code Execution
12510
Important
12509
Important
12510
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
12509
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
12510
Release Notes
https://pypi.org/project/promptflow-core/1.17.2/
12509
No
Security Update
1.17.2
https://microsoft.github.io/promptflow/reference/changelog/promptflow-core.html#v1-17-2-2025-1-23
12509
Release Notes
Release Notes
https://pypi.org/project/promptflow-tools/1.6.0/
12510
No
Security Update
1.6.0
https://pypi.org/project/promptflow-tools/1.6.0/
12510
Release Notes
l1k3beef
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
<p>Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows USB Video Driver
Microsoft
Yes
CVE-2025-24987
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053888
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053888
5052038
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23168
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053888
5053888
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053995
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053995
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23168
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053995
5053995
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053620
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620
5052016
10051
10049
Yes
Monthly Rollup
6.1.7601.27618
https://support.microsoft.com/help/5053620
10051
10049
5053620
5053627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627
10051
10049
Yes
Security Only
6.1.7601.27618
https://support.microsoft.com/help/5053627
10051
10049
5053627
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
Adel and Benjamin Rodes
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
<p>Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows USB Video Driver
Microsoft
Yes
CVE-2025-24988
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053888
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053888
5052038
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23168
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053888
5053888
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053995
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053995
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23168
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053995
5053995
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053620
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620
5052016
10051
10049
Yes
Monthly Rollup
6.1.7601.27618
https://support.microsoft.com/help/5053620
10051
10049
5053620
5053627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627
10051
10049
Yes
Security Only
6.1.7601.27618
https://support.microsoft.com/help/5053627
10051
10049
5053627
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
Adel and Benjamin Rodes.
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Windows exFAT File System Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p>
<p>An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.</p>
Windows exFAT File System
Microsoft
Yes
CVE-2025-21180
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053888
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053888
5052038
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23168
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053888
5053888
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053995
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053995
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23168
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053995
5053995
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053620
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620
5052016
10051
10049
Yes
Monthly Rollup
6.1.7601.27618
https://support.microsoft.com/help/5053620
10051
10049
5053620
5053627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627
10051
10049
Yes
Security Only
6.1.7601.27618
https://support.microsoft.com/help/5053627
10051
10049
5053627
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
<a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities & Mitigations
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Kernel Streaming WOW Thunk Service Driver
Microsoft
Yes
CVE-2025-24995
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
<a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
NTLM Hash Disclosure Spoofing Vulnerability
<p>External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing the file could trigger this vulnerability.</p>
Windows NTLM
Microsoft
Yes
CVE-2025-24996
External Control of File Name or Path
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
10051
10049
10378
10379
10483
10543
Spoofing
11568
Spoofing
11569
Spoofing
11571
Spoofing
11572
Spoofing
11923
Spoofing
11924
Spoofing
11929
Spoofing
11930
Spoofing
11931
Spoofing
12085
Spoofing
12086
Spoofing
12097
Spoofing
12098
Spoofing
12099
Spoofing
12437
Spoofing
12242
Spoofing
12243
Spoofing
12244
Spoofing
12389
Spoofing
12390
Spoofing
12436
Spoofing
10729
Spoofing
10735
Spoofing
10852
Spoofing
10853
Spoofing
10816
Spoofing
10855
Spoofing
10051
Spoofing
10049
Spoofing
10378
Spoofing
10379
Spoofing
10483
Spoofing
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053620
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620
5052016
10051
10049
Yes
Monthly Rollup
6.1.7601.27618
https://support.microsoft.com/help/5053620
10051
10049
5053620
5053627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627
10051
10049
Yes
Security Only
6.1.7601.27618
https://support.microsoft.com/help/5053627
10051
10049
5053627
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
Aakriti Shukla with Microsoft
1.0
2025-03-11T07:00:00
<p>Information published.</p>
DirectX Graphics Kernel File Denial of Service Vulnerability
<p>Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally.</p>
<p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device.</p>
Windows Kernel Memory
Microsoft
Yes
CVE-2025-24997
NULL Pointer Dereference
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
Denial of Service
11923
Denial of Service
11924
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
12437
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
Benoît Sevens and Vlad Stolyarov of Google Threat Analysis Group
1.0
2025-03-11T07:00:00
<p>Information published.</p>
1.1
2025-03-13T07:00:00
<p>Added an acknowledgement. This is an informational change only.</p>
Visual Studio Elevation of Privilege Vulnerability
<p>Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L), privileges are low (PR:L), and user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires an authenticated attacker to place a specially crafted .dll file in a local network location. When a victim runs this file, it loads the malicious DLL.</p>
Visual Studio
Microsoft
Yes
CVE-2025-24998
Uncontrolled Search Path Element
12506
12459
11600
11935
12271
12322
Elevation of Privilege
12506
Elevation of Privilege
12459
Elevation of Privilege
11600
Elevation of Privilege
11935
Elevation of Privilege
12271
Elevation of Privilege
12322
Important
12506
Important
12459
Important
11600
Important
11935
Important
12271
Important
12322
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12506
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12459
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11600
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11935
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12271
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12322
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.13
12506
Maybe
Security Update
17.13.3
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12506
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12
12459
Maybe
Security Update
17.12.6
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12459
Release Notes
Release Notes
http://aka.ms/vs/15/release/latest
11600
Maybe
Security Update
15.9.71
https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes
11600
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11
11935
Maybe
Security Update
16.11.45
https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11
11935
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8
12271
Maybe
Security Update
17.8.19
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12271
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10
12322
Maybe
Security Update
17.10.12
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12322
Release Notes
Polar Penguin
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Visual Studio Elevation of Privilege Vulnerability
<p>Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>The attacker would gain the rights of the user that is running the affected application.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of this vulnerability requires that a user trigger the payload in the application.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
Visual Studio
Microsoft
Yes
CVE-2025-25003
Uncontrolled Search Path Element
11935
12271
12322
12459
12506
Elevation of Privilege
11935
Elevation of Privilege
12271
Elevation of Privilege
12322
Elevation of Privilege
12459
Elevation of Privilege
12506
Important
11935
Important
12271
Important
12322
Important
12459
Important
12506
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11935
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12271
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12322
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12459
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12506
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11
11935
Maybe
Security Update
16.11.45
https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11
11935
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8
12271
Maybe
Security Update
17.8.19
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12271
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10
12322
Maybe
Security Update
17.10.12
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12322
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12
12459
Maybe
Security Update
17.12.6
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12459
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.13
12506
Maybe
Security Update
17.13.3
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12506
Release Notes
<a href="https://github.com/ycdxsb">ycdxsb</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Windows Server Elevation of Privilege Vulnerability
<p>Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker would be able to delete targeted files on a system.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), but could lead to major loss on integrity (I:H) and availability (A:H). What does that mean for this vulnerability?</strong></p>
<p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.</p>
Microsoft Windows
Microsoft
Yes
CVE-2025-25008
Improper Link Resolution Before File Access ('Link Following')
11571
11924
12436
10816
10855
11572
11923
12244
12437
Elevation of Privilege
11571
Elevation of Privilege
11924
Elevation of Privilege
12436
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
12244
Elevation of Privilege
12437
Important
11571
Important
11924
Important
12436
Important
10816
Important
10855
Important
11572
Important
11923
Important
12244
Important
12437
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11571
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11924
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12436
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10816
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10855
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11572
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11923
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12244
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12437
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11924
11923
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11924
11923
5053603
5053638
5052106
11924
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11924
11923
5053638
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12436
12437
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12436
12437
5053598
5053598
https://support.microsoft.com/help/5053598
12436
12437
5053636
5052105
12436
12437
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12436
12437
5053636
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10816
10855
5053594
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
Lockheed Martin Red Team
1.0
2025-03-11T07:00:00
<p>Information published.</p>
1.1
2025-03-23T07:00:00
<p>Updated links to security updates. This is an informational change only.</p>
Chromium: CVE-2025-1919 Out of bounds read in Media
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>134.0.3124.51</td>
<td>3/7//2025</td>
<td>134.0.6998.45</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-1919
11655
11655
11655
Release Notes
11655
No
Security Update
134.0.3124.51
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-03-07T08:00:10
<p>Information published.</p>
Chromium: CVE-2025-1916 Use after free in Profiles
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>134.0.3124.51</td>
<td>3/7//2025</td>
<td>134.0.6998.45</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-1916
11655
11655
11655
Release Notes
11655
No
Security Update
134.0.3124.51
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-03-07T08:00:01
<p>Information published.</p>
Chromium: CVE-2025-1918 Out of bounds read in PDFium
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>134.0.3124.51</td>
<td>3/7//2025</td>
<td>134.0.6998.45</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-1918
11655
11655
11655
Release Notes
11655
No
Security Update
134.0.3124.51
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-03-07T08:00:07
<p>Information published.</p>
Chromium: CVE-2025-1917 Inappropriate Implementation in Browser UI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>134.0.3124.51</td>
<td>3/7//2025</td>
<td>134.0.6998.45</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-1917
11655
11655
11655
Release Notes
11655
No
Security Update
134.0.3124.51
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-03-07T08:00:04
<p>Information published.</p>
Chromium: CVE-2025-1921 Inappropriate Implementation in Media Stream
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>134.0.3124.51</td>
<td>3/7//2025</td>
<td>134.0.6998.45</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-1921
11655
11655
11655
Release Notes
11655
No
Security Update
134.0.3124.51
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-03-07T08:00:13
<p>Information published.</p>
Chromium: CVE-2025-1915 Improper Limitation of a Pathname to a Restricted Directory in DevTools
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>134.0.3124.51</td>
<td>3/7//2025</td>
<td>134.0.6998.45</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-1915
11655
11655
11655
Release Notes
11655
No
Security Update
134.0.3124.51
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-03-07T08:00:58
<p>Information published.</p>
Chromium: CVE-2025-1923 Inappropriate Implementation in Permission Prompts
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>134.0.3124.51</td>
<td>3/7//2025</td>
<td>134.0.6998.45</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-1923
11655
11655
11655
Release Notes
11655
No
Security Update
134.0.3124.51
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-03-07T08:00:20
<p>Information published.</p>
Chromium: CVE-2025-1922 Inappropriate Implementation in Selection
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>134.0.3124.51</td>
<td>3/7//2025</td>
<td>134.0.6998.45</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-1922
11655
11655
11655
Release Notes
11655
No
Security Update
134.0.3124.51
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-03-07T08:00:17
<p>Information published.</p>
Chromium: CVE-2025-1914 Out of bounds read in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>134.0.3124.51</td>
<td>3/7//2025</td>
<td>134.0.6998.45</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-1914
11655
11655
11655
Release Notes
11655
No
Security Update
134.0.3124.51
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-03-07T08:00:54
<p>Information published.</p>
Chromium: CVE-2025-2135 Type Confusion in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>134.0.3124.62</td>
<td>3/12//2025</td>
<td>134.0.6998.89</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-2135
11655
11655
11655
Release Notes
11655
No
Security Update
134.0.3124.62
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-03-12T15:32:38
<p>Information published.</p>
Chromium: CVE-2025-1920 Type Confusion in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>134.0.3124.62</td>
<td>3/12//2025</td>
<td>134.0.6998.89</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-1920
11655
11655
11655
Release Notes
11655
No
Security Update
134.0.3124.62
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-03-12T15:32:34
<p>Information published.</p>
Microsoft Dataverse Remote Code Execution Vulnerability
<p>Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Microsoft Dataverse
Microsoft
No
CVE-2025-29807
Deserialization of Untrusted Data
Improper Control of Generation of Code ('Code Injection')
12338
Remote Code Execution
12338
Critical
12338
Publicly Disclosed:No;Exploited:No
8.7
7.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C
12338
<a href="https://nl.linkedin.com/in/erik-donker-50a887bb">Erik Donker</a> with Microsoft
1.0
2025-03-20T07:00:00
<p>Information published.</p>
Microsoft Partner Center Elevation of Privilege Vulnerability
<p>Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Microsoft Partner Center
Microsoft
No
CVE-2025-29814
Improper Input Validation
12429
Elevation of Privilege
12429
Critical
12429
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
9.3
8.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H/E:P/RL:O/RC:C
12429
Anonymous
1.0
2025-03-20T07:00:00
<p>Information published.</p>
Chromium: CVE-2025-2476 Use after free in Lens
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>134.0.3124.83</td>
<td>3/21/2025</td>
<td>134.0.6998.117/.118</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-2476
11655
11655
11655
Release Notes
11655
No
Security Update
134.0.3124.83
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-03-21T07:00:43
<p>Information published.</p>
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
<p>No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>129.0.2792.52</td>
<td>129.0.6668.58/.59</td>
<td>9/19/2024</td>
</tr>
</tbody>
</table>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>Successful exploitation of this vulnerability requires the victim user to click a malicious link so that the attacker can initiate remote code execution on the renderer process.</p>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2025-29806
Access of Resource Using Incompatible Type ('Type Confusion')
11655
Remote Code Execution
11655
Important
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
6.5
5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
129.0.2792.52
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
<a href="https://x.com/eternalsakura13">Nan Wang(@eternalsakura13)</a>
1.0
2025-03-21T07:00:00
<p>Information published.</p>
1.1
2025-04-02T07:00:00
<p>Updated CWE value. This is an informational change only.</p>
Azure Playwright Elevation of Privilege Vulnerability
<p>Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Playwright
Microsoft
No
CVE-2025-26683
Improper Authorization
12517
Elevation of Privilege
12517
Critical
12517
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12517
<a href="https://twitter.com/yanir_">Yanir Tsarimi</a>
1.0
2025-03-31T07:00:00
<p>Information published.</p>
Azure Health Bot Elevation of Privilege Vulnerability
<p>An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Health Bot
Microsoft
No
CVE-2025-21384
Protection Mechanism Failure
12401
Elevation of Privilege
12401
Critical
12401
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
8.3
7.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12401
Anonymous
1.0
2025-03-31T07:00:00
<p>Information published.</p>
MapUrlToZone Security Feature Bypass Vulnerability
<p>Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p>
<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p>
<ul>
<li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li>
<li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li>
</ul>
<p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?</strong></p>
<p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p>
<p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p>
Windows MapUrlToZone
Microsoft
Yes
CVE-2025-21247
Improper Resolution of Path Equivalence
12436
12437
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12242
12243
12244
12389
12390
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Security Feature Bypass
12436
Security Feature Bypass
12437
Security Feature Bypass
11568
Security Feature Bypass
11569
Security Feature Bypass
11571
Security Feature Bypass
11572
Security Feature Bypass
11923
Security Feature Bypass
11924
Security Feature Bypass
11929
Security Feature Bypass
11930
Security Feature Bypass
11931
Security Feature Bypass
12085
Security Feature Bypass
12086
Security Feature Bypass
12097
Security Feature Bypass
12098
Security Feature Bypass
12099
Security Feature Bypass
12242
Security Feature Bypass
12243
Security Feature Bypass
12244
Security Feature Bypass
12389
Security Feature Bypass
12390
Security Feature Bypass
10729
Security Feature Bypass
10735
Security Feature Bypass
10852
Security Feature Bypass
10853
Security Feature Bypass
10816
Security Feature Bypass
10855
Security Feature Bypass
9312
Security Feature Bypass
10287
Security Feature Bypass
9318
Security Feature Bypass
9344
Security Feature Bypass
10051
Security Feature Bypass
10049
Security Feature Bypass
10378
Security Feature Bypass
10379
Security Feature Bypass
10483
Security Feature Bypass
10543
Important
12436
Important
12437
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
12436
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
12437
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
11568
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
11569
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
11571
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
11572
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
11923
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
11924
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
11929
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
11930
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
11931
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
12085
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
12086
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
12097
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
12098
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
12099
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
12242
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
12243
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
12244
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
12389
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
12390
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
10729
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
10735
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
10852
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
10853
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
10816
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
10855
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
9312
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
10287
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
9318
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
9344
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
10051
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
10049
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
10378
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
10379
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
10483
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
10543
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12436
12437
12389
12390
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12436
12437
12389
12390
5053598
5053598
https://support.microsoft.com/help/5053598
12436
12437
12389
12390
5053636
5052105
12436
12437
12389
12390
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12436
12437
12389
12390
5053636
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053888
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053888
5052038
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23168
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053888
5053888
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053995
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053995
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23168
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053995
5053995
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053593
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053593
9312
10287
10051
10049
10483
10543
Yes
IE Cumulative
1.000
https://support.microsoft.com/help/5053593
9312
10287
10051
10049
10483
10543
5053593
5053620
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620
5052016
10051
10049
Yes
Monthly Rollup
6.1.7601.27618
https://support.microsoft.com/help/5053620
10051
10049
5053620
5053627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627
10051
10049
Yes
Security Only
6.1.7601.27618
https://support.microsoft.com/help/5053627
10051
10049
5053627
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
<a href="https://x.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities & Mitigations
<a href="https://x.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities & Mitigations
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Azure Agent Installer for Backup and Site Recovery Elevation of Privilege Vulnerability
<p>Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Successful exploitation of this vulnerability requires an administrator to install the bootstrapping agent on the target device where an attacker has planted specially crafted malicious files.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to have access to the location where the target file will be run. They would then need to plant a specific file that would be used as part of the exploitation.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p>
<p><strong>What are the fixed build numbers for the versions of Azure Site Recovery addressed in Update Rollup 76 for Azure Site Recovery?</strong></p>
<table>
<thead>
<tr>
<th>Component Name</th>
<th>Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>ASR V2A Agent (Classic VMware/Physical to Azure)</td>
<td>9.63.7233.1</td>
</tr>
<tr>
<td>ASR H2A Agent (Hyper-V or VMM to Azure)</td>
<td>5.1.8116.0</td>
</tr>
<tr>
<td>ASR Mars</td>
<td>2.0.9940.0</td>
</tr>
</tbody>
</table>
<p>**Are there any any prerequisites for installing the update?</p>
<p>To install Microsoft Azure Site Recovery Provider Update Rollup 76, you must have one of the following installed:</p>
<ul>
<li>Microsoft Azure Site Recovery Provider (version 5.23.x or a later version)</li>
<li>Microsoft Azure Recovery Services Agent (version 2.0.9263.0 or a later version)</li>
</ul>
Azure Agent Installer
Microsoft
Yes
CVE-2025-21199
Improper Privilege Management
12473
12511
Elevation of Privilege
12473
Elevation of Privilege
12511
Important
12473
Important
12511
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12473
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12511
Release Notes
https://support.microsoft.com/en-us/topic/update-rollup-76-for-azure-site-recovery-6ca6833a-5b0f-4bdf-9946-41cd0aa8d6e4
12473
Maybe
Security Update
9.30
https://support.microsoft.com/en-us/topic/update-rollup-76-for-azure-site-recovery-6ca6833a-5b0f-4bdf-9946-41cd0aa8d6e4
12473
Release Notes
Release Notes
https://support.microsoft.com/en-us/topic/update-rollup-76-for-azure-site-recovery-6ca6833a-5b0f-4bdf-9946-41cd0aa8d6e4
12511
Maybe
Security Update
2.0.9940.0
https://support.microsoft.com/en-us/topic/update-for-azure-backup-for-microsoft-azure-recovery-services-agent-706ac5f8-b61d-4e5f-abc1-91e15af784cf
12511
Release Notes
R4nger & Zhiniang Peng with HUST
1.0
2025-03-11T07:00:00
<p>Information published.</p>
1.1
2025-04-25T07:00:00
<p>Updated acknowledgment. This is an informational change only.</p>
Windows Remote Desktop Services Remote Code Execution Vulnerability
<p>Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows Remote Desktop Services
Microsoft
Yes
CVE-2025-24045
Sensitive Data Storage in Improperly Locked Memory
11571
11572
11923
11924
12437
12244
12436
10816
10855
10378
10379
10483
10543
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
12437
Remote Code Execution
12244
Remote Code Execution
12436
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
12437
Critical
12244
Critical
12436
Critical
10816
Critical
10855
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12436
5053636
5052105
12437
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12436
5053636
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10816
10855
5053594
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
ʌ!ɔ⊥ojv with Kunlun Lab
Ashana Sharan with Microsoft India
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
<p>Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Microsoft Streaming Service
Microsoft
Yes
CVE-2025-24046
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
<a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Windows Hyper-V Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain Kernel Memory Access.</p>
Role: Windows Hyper-V
Microsoft
Yes
CVE-2025-24048
Heap-based Buffer Overflow
Out-of-bounds Read
11569
11571
11572
11923
11924
11931
12085
12086
12097
12437
12242
12243
12244
12389
12390
12436
10853
10816
10855
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11931
Important
12085
Important
12086
Important
12097
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11931
12097
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10853
10816
10855
5053594
<a href="https://github.com/cbwang505">ChengBin Wang</a> with <a href="https://www.guolisec.com/">ZheJiang Guoli Security Technology</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Windows Hyper-V Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain Kernel Memory Access.</p>
Role: Windows Hyper-V
Microsoft
Yes
CVE-2025-24050
Heap-based Buffer Overflow
Out-of-bounds Read
11569
11571
11572
11923
11924
11931
12085
12086
12097
12437
12242
12243
12244
12389
12390
12436
10853
10816
10855
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11931
Important
12085
Important
12086
Important
12097
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11931
12097
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10853
10816
10855
5053594
<a href="https://github.com/cbwang505">ChengBin Wang</a> with <a href="https://www.guolisec.com/">ZheJiang Guoli Security Technology</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p>
Windows Routing and Remote Access Service (RRAS)
Microsoft
Yes
CVE-2025-24051
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053888
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053888
5052038
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23168
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053888
5053888
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053995
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053995
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23168
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053995
5053995
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053620
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620
5052016
10051
10049
Yes
Monthly Rollup
6.1.7601.27618
https://support.microsoft.com/help/5053620
10051
10049
5053620
5053627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627
10051
10049
Yes
Security Only
6.1.7601.27618
https://support.microsoft.com/help/5053627
10051
10049
5053627
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
Anonymous
1.0
2025-03-11T07:00:00
<p>Information published.</p>
NTLM Hash Disclosure Spoofing Vulnerability
<p>External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing the file could trigger this vulnerability.</p>
Windows NTLM
Microsoft
Yes
CVE-2025-24054
External Control of File Name or Path
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
10051
10049
10378
10379
10483
10543
Spoofing
11568
Spoofing
11569
Spoofing
11571
Spoofing
11572
Spoofing
11923
Spoofing
11924
Spoofing
11929
Spoofing
11930
Spoofing
11931
Spoofing
12085
Spoofing
12086
Spoofing
12097
Spoofing
12098
Spoofing
12099
Spoofing
12437
Spoofing
12242
Spoofing
12243
Spoofing
12244
Spoofing
12389
Spoofing
12390
Spoofing
12436
Spoofing
10729
Spoofing
10735
Spoofing
10852
Spoofing
10853
Spoofing
10816
Spoofing
10855
Spoofing
10051
Spoofing
10049
Spoofing
10378
Spoofing
10379
Spoofing
10483
Spoofing
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053620
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620
5052016
10051
10049
Yes
Monthly Rollup
6.1.7601.27618
https://support.microsoft.com/help/5053620
10051
10049
5053620
5053627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627
10051
10049
Yes
Security Only
6.1.7601.27618
https://support.microsoft.com/help/5053627
10051
10049
5053627
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
Rintaro Koike with NTT Security Holdings
<a href="https://x.com/0x6rss">0x6rss</a>
<a href="http://hyp3rlinx.altervista.org">hyp3rlinx</a>
<a href="https://twitter.com/j00sean">j00sean</a>
1.2
2025-04-25T07:00:00
<p>Added an acknowledgement. This is an informational change only.</p>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
1.1
2025-03-18T07:00:00
<p>Added an acknowledgement. This is an informational change only.</p>
Windows USB Video Class System Driver Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
Windows USB Video Driver
Microsoft
Yes
CVE-2025-24055
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
4.3
3.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053888
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053888
5052038
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23168
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053888
5053888
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053995
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053995
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23168
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053995
5053995
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053620
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620
5052016
10051
10049
Yes
Monthly Rollup
6.1.7601.27618
https://support.microsoft.com/help/5053620
10051
10049
5053620
5053627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627
10051
10049
Yes
Security Only
6.1.7601.27618
https://support.microsoft.com/help/5053627
10051
10049
5053627
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
Adel from MSRC V&M
1.1
2025-03-30T07:00:00
<p>Fixed a typographical error. This is an information change only.</p>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Windows Telephony Service Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p>
Windows Telephony Server
Microsoft
Yes
CVE-2025-24056
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053888
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053888
5052038
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23168
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053888
5053888
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053995
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053995
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23168
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053995
5053995
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053620
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620
5052016
10051
10049
Yes
Monthly Rollup
6.1.7601.27618
https://support.microsoft.com/help/5053620
10051
10049
5053620
5053627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627
10051
10049
Yes
Security Only
6.1.7601.27618
https://support.microsoft.com/help/5053627
10051
10049
5053627
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
Anonymous
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Windows Common Log File System Driver Elevation of Privilege Vulnerability
<p>Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Common Log File System Driver
Microsoft
Yes
CVE-2025-24059
Incorrect Conversion between Numeric Types
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053888
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053888
5052038
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23168
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053888
5053888
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053995
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053995
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23168
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053995
5053995
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053620
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620
5052016
10051
10049
Yes
Monthly Rollup
6.1.7601.27618
https://support.microsoft.com/help/5053620
10051
10049
5053620
5053627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627
10051
10049
Yes
Security Only
6.1.7601.27618
https://support.microsoft.com/help/5053627
10051
10049
5053627
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
Anonymous
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Windows Mark of the Web Security Feature Bypass Vulnerability
<p>Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<ul>
<li>In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass.</li>
<li>In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file that is designed to exploit the bypass.</li>
<li>Compromised websites or websites that accept or host user-provided content could contain specially crafted content to exploit the security feature bypass.</li>
</ul>
<p>In all cases an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment.</p>
<p>Please see <a href="https://learn.microsoft.com/en-us/deployoffice/security/internet-macros-blocked#additional-information-about-mark-of-the-web">Additional information about Mark of the Web</a> for further clarification</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>An attacker who successfully exploited the vulnerability could evade Mark of the Web (MOTW) defenses.</p>
Windows Mark of the Web (MOTW)
Microsoft
Yes
CVE-2025-24061
Protection Mechanism Failure
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Security Feature Bypass
11568
Security Feature Bypass
11569
Security Feature Bypass
11571
Security Feature Bypass
11572
Security Feature Bypass
11923
Security Feature Bypass
11924
Security Feature Bypass
11929
Security Feature Bypass
11930
Security Feature Bypass
11931
Security Feature Bypass
12085
Security Feature Bypass
12086
Security Feature Bypass
12097
Security Feature Bypass
12098
Security Feature Bypass
12099
Security Feature Bypass
12437
Security Feature Bypass
12242
Security Feature Bypass
12243
Security Feature Bypass
12244
Security Feature Bypass
12389
Security Feature Bypass
12390
Security Feature Bypass
12436
Security Feature Bypass
10729
Security Feature Bypass
10735
Security Feature Bypass
10852
Security Feature Bypass
10853
Security Feature Bypass
10816
Security Feature Bypass
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
<a href="https://www.facebook.com/skorikjr">SkorikARI</a> with SkorikARI
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Windows Domain Name Service Remote Code Execution Vulnerability
<p>Use after free in DNS Server allows an unauthorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>In a network-based attack an attacker sending a dynamic DNS update message with perfect timing to a DNS server could potentially execute code remotely on the target server.</p>
Role: DNS Server
Microsoft
Yes
CVE-2025-24064
Use After Free
11571
11572
11923
11924
12437
12244
12436
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
12437
Remote Code Execution
12244
Remote Code Execution
12436
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
12437
Critical
12244
Critical
12436
Critical
10816
Critical
10855
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12436
5053636
5052105
12437
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12436
5053636
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10816
10855
5053594
5053888
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053888
5052038
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23168
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053888
5053888
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053995
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053995
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23168
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053995
5053995
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053620
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620
5052016
10051
10049
Yes
Monthly Rollup
6.1.7601.27618
https://support.microsoft.com/help/5053620
10051
10049
5053620
5053627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627
10051
10049
Yes
Security Only
6.1.7601.27618
https://support.microsoft.com/help/5053627
10051
10049
5053627
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
Jay Ladhad with <a href="https://www.microsoft.com/">Microsoft</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Kernel-Mode Drivers
Microsoft
Yes
CVE-2025-24066
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
<a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Microsoft Streaming Service
Microsoft
Yes
CVE-2025-24067
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
<a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Microsoft Windows File Explorer Spoofing Vulnerability
<p>Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>A user would need to be tricked into opening a folder that contains a specially crafted file.</p>
Windows File Explorer
Microsoft
Yes
CVE-2025-24071
Exposure of Sensitive Information to an Unauthorized Actor
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
10483
10543
Spoofing
11568
Spoofing
11569
Spoofing
11571
Spoofing
11572
Spoofing
11923
Spoofing
11924
Spoofing
11929
Spoofing
11930
Spoofing
11931
Spoofing
12085
Spoofing
12086
Spoofing
12097
Spoofing
12098
Spoofing
12099
Spoofing
12437
Spoofing
12242
Spoofing
12243
Spoofing
12244
Spoofing
12389
Spoofing
12390
Spoofing
12436
Spoofing
10729
Spoofing
10735
Spoofing
10852
Spoofing
10853
Spoofing
10816
Spoofing
10855
Spoofing
10483
Spoofing
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
<a href="https://www.facebook.com/skorikjr">SkorikARI</a> with SkorikARI
<a href="https://x9090.x.com/">Wayne Low of Synapxe</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
1.1
2025-04-03T07:00:00
<p>Added an FAQ and updated the CVSS score. This is an informational change only.</p>
Microsoft Local Security Authority (LSA) Server Elevation of Privilege Vulnerability
<p>Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Microsoft Local Security Authority Server (lsasrv)
Microsoft
Yes
CVE-2025-24072
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053888
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053888
5052038
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23168
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053888
5053888
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053995
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053995
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23168
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053995
5053995
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053620
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620
5052016
10051
10049
Yes
Monthly Rollup
6.1.7601.27618
https://support.microsoft.com/help/5053620
10051
10049
5053620
5053627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627
10051
10049
Yes
Security Only
6.1.7601.27618
https://support.microsoft.com/help/5053627
10051
10049
5053627
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
Florian Schweins
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-24075
Stack-based Buffer Overflow
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002690
https://www.microsoft.com/en-us/download/details.aspx?id=108026
5002679
10836
Maybe
Security Update
16.0.10416.20073
https://support.microsoft.com/help/5002690
10836
5002690
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.95.25030928
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002696
https://www.microsoft.com/en-us/download/details.aspx?id=108022
5002687
10739
10740
Maybe
Security Update
16.0.5491.1000
https://support.microsoft.com/help/5002696
10739
10740
5002696
Li Shuang and willJ with Vulnerability Research Institute
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability
<p>Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then trigger an event that could exploit the vulnerability and save an invalid state to a database or trigger other unintended actions.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Exploitation of the vulnerability requires an attack vector involving both attacker authentication (to modify the DLL) and user interaction (to initiate the Link-to-Phone feature installation and enable the 'Use as a connected camera' option).</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Cross Device Service
Microsoft
Yes
CVE-2025-24076
Improper Access Control
12085
12086
12437
12242
12243
12244
12389
12390
12436
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
12085
Important
12086
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
John Ostrowski with <a href="https://www.compass-security.com/en">Compass Security</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability
<p>Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>Exploitation of this vulnerability requires that an attacker send a malicious link to the victim via email, or that they convince the user to click the link, typically by way of an enticement in an email or Instant Messenger message. In the worst-case email attack scenario, an attacker could send a specially crafted email to the user without a requirement that the victim open, read, or click on the link. This could result in the attacker executing remote code on the victim's machine. When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk (UI:N).</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
Windows Subsystem for Linux
Microsoft
Yes
CVE-2025-24084
Untrusted Pointer Dereference
11923
11924
12085
12086
12437
12242
12243
12244
12389
12390
12436
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Critical
11923
Critical
11924
Critical
12085
Critical
12086
Critical
12437
Critical
12242
Critical
12243
Critical
12244
Critical
12389
Critical
12390
Critical
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
Benoît Sevens and Vlad Stolyarov of Google Threat Analysis Group
1.0
2025-03-11T07:00:00
<p>Information published.</p>
1.1
2025-03-13T07:00:00
<p>Added an acknowledgement. This is an informational change only.</p>
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
<p>Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Win32 Kernel Subsystem
Microsoft
Yes
CVE-2025-24983
Use After Free
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10729
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10735
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10852
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10853
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10816
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10855
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9312
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10287
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9318
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9344
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10051
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10049
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10378
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10379
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10483
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10543
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053888
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053888
5052038
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23168
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053888
5053888
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053995
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053995
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23168
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053995
5053995
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053620
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620
5052016
10051
10049
Yes
Monthly Rollup
6.1.7601.27618
https://support.microsoft.com/help/5053620
10051
10049
5053620
5053627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627
10051
10049
Yes
Security Only
6.1.7601.27618
https://support.microsoft.com/help/5053627
10051
10049
5053627
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
Filip Jurčacko with <a href="https://www.eset.com/">ESET</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Windows NTFS Information Disclosure Vulnerability
<p>Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.</p>
<p><strong>According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?</strong></p>
<p>An attacker needs physical access to the target computer to plug in a malicious USB drive.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p>
Windows NTFS
Microsoft
Yes
CVE-2025-24984
Insertion of Sensitive Information into Log File
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11568
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11569
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11571
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11572
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11923
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11924
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11929
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11930
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11931
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12085
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12086
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12097
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12098
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12099
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12437
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12242
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12243
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12244
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12389
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12390
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12436
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10729
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10735
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10852
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10853
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10816
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10855
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10378
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10379
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10483
4.6
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10543
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
Anonymous
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Windows Fast FAT File System Driver Remote Code Execution Vulnerability
<p>Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p>
<p>An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.</p>
Windows Fast FAT Driver
Microsoft
Yes
CVE-2025-24985
Integer Overflow or Wraparound
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11568
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11569
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11571
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11572
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11923
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11924
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11929
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11930
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11931
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12085
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12086
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12097
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12098
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12099
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12437
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12242
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12243
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12244
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12389
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12390
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12436
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10729
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10735
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10852
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10853
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10816
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10855
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9312
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10287
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9318
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9344
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10051
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10049
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10378
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10379
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10483
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10543
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053888
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053888
5052038
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23168
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053888
5053888
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053995
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053995
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23168
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053995
5053995
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053620
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620
5052016
10051
10049
Yes
Monthly Rollup
6.1.7601.27618
https://support.microsoft.com/help/5053620
10051
10049
5053620
5053627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627
10051
10049
Yes
Security Only
6.1.7601.27618
https://support.microsoft.com/help/5053627
10051
10049
5053627
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
Anonymous
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Windows NTFS Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p>
<p>An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.</p>
Windows NTFS
Microsoft
Yes
CVE-2025-24991
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11568
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11569
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11571
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11572
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11923
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11924
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11929
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11930
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11931
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12085
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12097
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12098
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12099
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12437
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12242
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12243
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12244
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12389
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12390
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12436
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10729
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10735
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10852
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10853
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10816
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10855
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
9312
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10287
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
9318
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
9344
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10051
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10049
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10378
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10379
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10483
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10543
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053888
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053888
5052038
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23168
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053888
5053888
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053995
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053995
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23168
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053995
5053995
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053620
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620
5052016
10051
10049
Yes
Monthly Rollup
6.1.7601.27618
https://support.microsoft.com/help/5053620
10051
10049
5053620
5053627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627
10051
10049
Yes
Security Only
6.1.7601.27618
https://support.microsoft.com/help/5053627
10051
10049
5053627
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
Anonymous
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Windows NTFS Information Disclosure Vulnerability
<p>Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p>
<p>An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.</p>
Windows NTFS
Microsoft
Yes
CVE-2025-24992
Buffer Over-read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053888
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053888
5052038
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23168
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053888
5053888
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053995
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053995
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23168
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053995
5053995
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053620
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620
5052016
10051
10049
Yes
Monthly Rollup
6.1.7601.27618
https://support.microsoft.com/help/5053620
10051
10049
5053620
5053627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627
10051
10049
Yes
Security Only
6.1.7601.27618
https://support.microsoft.com/help/5053627
10051
10049
5053627
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
<a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities & Mitigations
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Windows NTFS Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p>
<p>An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.</p>
Windows NTFS
Microsoft
Yes
CVE-2025-24993
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11568
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11569
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11571
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11572
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11923
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11924
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11929
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11930
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11931
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12085
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12086
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12097
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12098
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12099
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12437
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12242
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12243
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12244
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12389
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12390
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12436
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10729
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10735
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10852
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10853
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10816
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10855
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9312
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10287
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9318
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9344
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10051
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10049
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10378
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10379
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10483
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10543
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053888
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053888
5052038
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23168
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053888
5053888
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053995
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053995
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23168
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053995
5053995
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053620
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620
5052016
10051
10049
Yes
Monthly Rollup
6.1.7601.27618
https://support.microsoft.com/help/5053620
10051
10049
5053620
5053627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627
10051
10049
Yes
Security Only
6.1.7601.27618
https://support.microsoft.com/help/5053627
10051
10049
5053627
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
Anonymous
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability
<p>Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then trigger an event that could exploit the vulnerability and save an invalid state to a database or trigger other unintended actions.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Exploitation of the vulnerability requires an attack vector involving both attacker authentication (to modify the DLL) and user interaction (to initiate the Link-to-Phone feature installation and enable the 'Use as a connected camera' option).</p>
Windows Cross Device Service
Microsoft
Yes
CVE-2025-24994
Improper Access Control
12085
12086
12242
12243
12389
12390
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12389
Elevation of Privilege
12390
Important
12085
Important
12086
Important
12242
Important
12243
Important
12389
Important
12390
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12389
12390
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12389
12390
5053598
5053598
https://support.microsoft.com/help/5053598
12389
12390
5053636
5052105
12389
12390
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12389
12390
5053636
John Ostrowski with <a href="https://www.compass-security.com/en">Compass Security</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability
<p>Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>The attacker would gain the rights of the user that is running the affected application.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability by passing a specially crafted key-value argument to Azure CLI, injecting arbitrary Python code that modifies runtime behavior.</p>
Azure CLI
Microsoft
Yes
CVE-2025-24049
Improper Neutralization of Special Elements used in a Command ('Command Injection')
12103
Elevation of Privilege
12103
Important
12103
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12103
Release Notes
https://learn.microsoft.com/en-us/cli/azure/install-azure-cli
12103
Maybe
Security Update
2.69.0
https://learn.microsoft.com/en-us/cli/azure/release-notes-azure-cli
12103
Release Notes
<a href="https://jackfromeast.github.io/">Zhengyu Liu</a> and <a href="https://www.linkedin.com/in/gavin-zhong/">Jiacheng(Gavin) Zhong</a> with <a href="https://isi.jhu.edu/">Johns Hopkins University</a>
<a href="https://jackfromeast.github.io/">Zhengyu Liu</a> with <a href="https://www.cs.jhu.edu/">Johns Hopkins University</a>
<a href="https://www.linkedin.com/in/gavin-zhong/">Jiacheng(Gavin) Zhong</a> with <a href="https://isi.jhu.edu/">Johns Hopkins University</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Azure Arc Installer Elevation of Privilege Vulnerability
<p>Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>How do I know if I'm affected by this vulnerability?</strong></p>
<p>Only machines onboarded via Group Policy that have the GPO applied to them are affected.</p>
<p>The GPO name is '[MSFT] Azure Arc Servers Onboarding' followed by a datetimestamp
e.g. '[MSFT] Azure Arc Servers Onboarding20250220113589'</p>
<p><strong>What steps are needed to protect from this vulnerability?</strong></p>
<ol>
<li>Unassign and delete the previous Group Policy Object from the Group Policy Management Console (GPMC).</li>
<li>Download the new scripts from the <strong>Fixed agent proxy parameter</strong> release in the Github repository <a href="https://github.com/Azure/ArcEnabledServersGroupPolicy/releases/tag/1.0.10">1.0.10</a>.</li>
<li>Run the DeployGPO script as before using the same parameters.</li>
<li>Assign the new Group Policy Object to your groups/domains/units.</li>
</ol>
<p>For further information, please go to the Arc blade of Azure Portal and follow the instructions for GPO onboarding.</p>
<p>Only machines onboarded via Group Policy that have the GPO applied to them are affected</p>
<p>The GPO name is '[MSFT] Azure Arc Servers Onboarding' followed by a datetimestamp
e.g. '[MSFT] Azure Arc Servers Onboarding20250220113589'</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to carefully time their actions to exploit the timing differences in the execution of specific operations. They must accurately measure these timing variations to infer sensitive information or gain unauthorized access. This often involves sophisticated techniques to manipulate and observe the timing behavior of the target system.</p>
Azure Arc
Microsoft
Yes
CVE-2025-26627
Improper Neutralization of Special Elements used in a Command ('Command Injection')
12068
Elevation of Privilege
12068
Important
12068
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12068
What's new
https://docs.microsoft.com/en-us/azure/azure-arc/servers/agent-release-notes
12068
Maybe
Security Update
1.0.10
https://github.com/Azure/ArcEnabledServersGroupPolicy/releases/tag/1.0.10
12068
What's new
SP with <a href="https://consulting.withsecure.com/">WithSecure Consulting</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office
Microsoft
Yes
CVE-2025-26629
Use After Free
11762
11763
12420
12421
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
12420
Remote Code Execution
12421
Important
11762
Important
11763
Important
12420
Important
12421
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
Click to Run
11762
11763
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates
11762
11763
12420
12421
Click to Run
Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
1.2
2025-05-13T07:00:00
<p>To comprehensively address CVE-2025-26629, Microsoft has released May 2025 security updates for all affected versions of Microsoft Office. Customers running any of these versions should ensure that they have the latest build installed. For more information and to verify the build version, see <a href="https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates">https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates</a>.</p>
Microsoft Access Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>A user needs to be tricked into running malicious files.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Access
Microsoft
Yes
CVE-2025-26630
Use After Free
11573
11574
11762
11763
11952
11953
12420
12421
10751
10752
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
10751
Remote Code Execution
10752
Important
11573
Important
11574
Important
11762
Important
11763
Important
11952
Important
11953
Important
12420
Important
12421
Important
10751
Important
10752
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10751
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10752
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
5002697
https://www.microsoft.com/en-us/download/details.aspx?id=108027
5002670
10751
10752
Maybe
Security Update
16.0.5491.1001
https://support.microsoft.com/kb/5002697
10751
10752
5002697
<a href="https://www.unpatched.ai">Unpatched.ai</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Visual Studio Code Elevation of Privilege Vulnerability
<p>Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>An authorized attacker must send the user a malicious file and convince the user to open it.</p>
Visual Studio Code
Microsoft
Yes
CVE-2025-26631
Uncontrolled Search Path Element
11622
Elevation of Privilege
11622
Important
11622
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11622
Release Notes
https://code.visualstudio.com/download
11622
Maybe
Security Update
1.98.0
https://code.visualstudio.com/updates/v1_98
11622
Release Notes
<a href="https://medium.com/@spoppi">Sandro Poppi</a>
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Microsoft Management Console Security Feature Bypass Vulnerability
<p>Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted file that is designed to exploit the vulnerability.</p>
<p>In any case an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p>
<ul>
<li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li>
<li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li>
</ul>
<p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
Microsoft Management Console
Microsoft
Yes
CVE-2025-26633
Improper Neutralization
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Security Feature Bypass
11568
Security Feature Bypass
11569
Security Feature Bypass
11571
Security Feature Bypass
11572
Security Feature Bypass
11923
Security Feature Bypass
11924
Security Feature Bypass
11929
Security Feature Bypass
11930
Security Feature Bypass
11931
Security Feature Bypass
12085
Security Feature Bypass
12086
Security Feature Bypass
12097
Security Feature Bypass
12098
Security Feature Bypass
12099
Security Feature Bypass
12437
Security Feature Bypass
12242
Security Feature Bypass
12243
Security Feature Bypass
12244
Security Feature Bypass
12389
Security Feature Bypass
12390
Security Feature Bypass
12436
Security Feature Bypass
10729
Security Feature Bypass
10735
Security Feature Bypass
10852
Security Feature Bypass
10853
Security Feature Bypass
10816
Security Feature Bypass
10855
Security Feature Bypass
9312
Security Feature Bypass
10287
Security Feature Bypass
9318
Security Feature Bypass
9344
Security Feature Bypass
10051
Security Feature Bypass
10049
Security Feature Bypass
10378
Security Feature Bypass
10379
Security Feature Bypass
10483
Security Feature Bypass
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11568
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11569
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11571
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11572
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11923
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11924
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11929
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11930
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11931
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12085
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12086
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12097
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12098
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12099
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12437
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12242
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12243
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12244
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12389
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12390
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12436
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10729
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10735
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10852
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10853
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10816
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10855
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9312
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10287
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9318
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9344
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10051
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10049
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10378
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10379
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10483
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10543
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053888
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053888
5052038
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23168
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053888
5053888
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053995
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053995
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23168
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053995
5053995
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053620
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620
5052016
10051
10049
Yes
Monthly Rollup
6.1.7601.27618
https://support.microsoft.com/help/5053620
10051
10049
5053620
5053627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627
10051
10049
Yes
Security Only
6.1.7601.27618
https://support.microsoft.com/help/5053627
10051
10049
5053627
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
Aliakbar Zahravi with Trend Micro
1.0
2025-03-11T07:00:00
<p>Information published.</p>
Microsoft Edge (Chromium-based) Spoofing Vulnerability
<p>The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability has limited impacts to Confidentiality and Integrity and no impact on Availability. An attacker would need to combine this vulnerability with other vulnerabilities to perform an attack.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could bypass the permissions dialog feature prompt presented to users when initiating a download.</p>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2025-26643
The UI Performs the Wrong Action
11655
Spoofing
11655
Low
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
134.0.3124.51
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
<a href="https://linkedin.com/in/frozzipies">Farras Givari</a> with <a href="https://meta4sec.com/">Meta4sec</a>
Ahmed ElMasry
<a href="https://www.linkedin.com/in/afif-hidayatullah">Om Apip</a> with <a href="https://itsec.asia/">ITSEC Asia</a>
<a href="https://x.com/i_am_canalun">canalun</a>
1.0
2025-03-07T08:00:00
<p>Information published.</p>
Remote Desktop Client Remote Code Execution Vulnerability
<p>Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacker's server with the vulnerable Remote Desktop Client.</p>
Remote Desktop Client
Microsoft
Yes
CVE-2025-26645
Relative Path Traversal
Improper Access Control
12457
11568
11569
11571
11572
11849
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
12457
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11849
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
12457
Critical
11568
Critical
11569
Critical
11571
Critical
11572
Critical
11849
Critical
11923
Critical
11924
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
12437
Critical
12242
Critical
12243
Critical
12244
Critical
12389
Critical
12390
Critical
12436
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12457
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11849
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
Release Notes
https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows
12457
Maybe
Security Update
2.0.365.0
https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows
12457
Release Notes
5053596
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596
5052000
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7009
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
5053596
5053596
https://support.microsoft.com/help/5053596
11568
11569
11571
11572
Release Notes
https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-1260170
11849
Maybe
Security Update
1.2.6017.0
https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-1260170
11849
Release Notes
5053603
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603
5051979
11923
11924
Yes
Security Update
10.0.20348.3328
https://support.microsoft.com/help/5053603
11923
11924
5053603
5053638
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3270
https://support.microsoft.com/help/5053638
11923
11924
5053638
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
11929
11930
11931
Yes
Security Update
10.0.19044.5608
https://support.microsoft.com/help/5053606
11929
11930
11931
5053606
5053606
https://support.microsoft.com/help/5053606
11929
11930
11931
12097
12098
12099
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12085
12086
Yes
Security Update
10.0.22621.5039
https://support.microsoft.com/help/5053602
12085
12086
5053602
5053602
https://support.microsoft.com/help/5053602
12085
12086
12242
12243
5053606
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606
5051974
12097
12098
12099
Yes
Security Update
10.0.19045.5608
https://support.microsoft.com/help/5053606
12097
12098
12099
5053606
5053598
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598
5051987
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3476
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053598
5053598
https://support.microsoft.com/help/5053598
12437
12389
12390
12436
5053636
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3403
https://support.microsoft.com/help/5053636
12437
12389
12390
12436
5053636
5053602
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602
5051989
12242
12243
Yes
Security Update
10.0.22631.5039
https://support.microsoft.com/help/5053602
12242
12243
5053602
5053599
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599
5051980
12244
Yes
Security Update
10.0.25398.1486
https://support.microsoft.com/help/5053599
12244
5053599
5053599
https://support.microsoft.com/help/5053599
12244
5053618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618
5052040
10729
10735
Yes
Security Update
10.0.10240.20947
https://support.microsoft.com/help/5053618
10729
10735
5053618
5053594
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594
5052006
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7876
https://support.microsoft.com/help/5053594
10852
10853
10816
10855
5053594
5053888
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053888
5052038
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23168
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053888
5053888
https://support.microsoft.com/help/5053888
9312
10287
9318
9344
5053995
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053995
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23168
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053995
5053995
https://support.microsoft.com/help/5053995
9312
10287
9318
9344
5053620
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620
5052016
10051
10049
Yes
Monthly Rollup
6.1.7601.27618
https://support.microsoft.com/help/5053620
10051
10049
5053620
5053627
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627
10051
10049
Yes
Security Only
6.1.7601.27618
https://support.microsoft.com/help/5053627
10051
10049
5053627
5053886
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886
5052020
10378
10379
Yes
Monthly Rollup
6.2.9200.25368
https://support.microsoft.com/help/5053886
10378
10379
5053886
5053887
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887
5052042
10483
10543
Yes
Monthly Rollup
6.3.9600.22470
https://support.microsoft.com/help/5053887
10483
10543
5053887
1.0
2025-03-11T07:00:00
<p>Information published.</p>
1.1
2025-03-23T07:00:00
<p>Updated links to security updates. This is an informational change only.</p>
Chromium: CVE-2025-2137 Out of bounds read in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>134.0.3124.62</td>
<td>3/12//2025</td>
<td>134.0.6998.89</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-2137
11655
11655
11655
Release Notes
11655
No
Security Update
134.0.3124.62
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-03-12T15:32:42
<p>Information published.</p>
Chromium: CVE-2025-2136 Use after free in Inspector
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>134.0.3124.62</td>
<td>3/12//2025</td>
<td>134.0.6998.89</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-2136
11655
11655
11655
Release Notes
11655
No
Security Update
134.0.3124.62
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-03-12T15:32:40
<p>Information published.</p>
Chromium: CVE-2025-24201 Out of bounds write in GPU on Mac
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p>Google is aware of reports that an exploit for CVE-2025-24201 exists in the wild.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>134.0.3124.62</td>
<td>3/12//2025</td>
<td>134.0.6998.89</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-24201
11655
11655
11655
Release Notes
11655
No
Security Update
134.0.3124.62
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-03-12T07:00:00
<p>Information published.</p>
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
<p>Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources.</p>
<p>Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.</p>
<p>Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.</p>
<p><strong>Why are we publishing this Kubernetes CVE in the Security Update Guide?</strong></p>
<p>We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnerabilities in the Kubernetes NGINX Ingress Controller. Some of these vulnerabilities might affect you if you have this component running in your Kubernetes cluster.</p>
<p><strong>How do I know if I am affected by these vulnerabilities?</strong></p>
<p>If you are running your own <strong>Kubernetes NGINX Ingress Controller, please review the CVEs and mitigate by updating to the latest patch versions</strong> (v1.11.5 and v1.12.1).</p>
<p><strong>If you are using the</strong> <a href="http://learn.microsoft.com/en-us/azure/aks/app-routing">Managed NGINX ingress with the application routing add-on</a> on AKS, the patches are being rolled out to all regions and should be completed in a few days. No customer action is required.</p>
<p>The status of the AKS deployment can be monitored here: <a href="https://releases.aks.azure.com/">AKS Release Status</a>.</p>
<p><strong>Where can I find more information about these vulnerabilities?</strong></p>
<table>
<thead>
<tr>
<th>CVE ID</th>
<th>Link to Github Issue</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1098">CVE-2025-1098</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131008">Github 131008</a></td>
</tr>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1974">CVE-2025-1974</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131009">Github 131009</a></td>
</tr>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1097">CVE-2025-1097</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131007">Github 131007</a></td>
</tr>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24514">CVE-2025-24514</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131006">Github 131006</a></td>
</tr>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24513">CVE-2025-24513</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131005">Github 131005</a></td>
</tr>
</tbody>
</table>
Microsoft Azure Kubernetes Service
Kubernetes
Yes
CVE-2025-1097
11870
11870
11870
1.0
2025-03-24T07:00:00
<p>Information published.</p>
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
<p>Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources.</p>
<p>Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.</p>
<p>Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.</p>
<p><strong>Why are we publishing this Kubernetes CVE in the Security Update Guide?</strong></p>
<p>We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnerabilities in the Kubernetes NGINX Ingress Controller. Some of these vulnerabilities might affect you if you have this component running in your Kubernetes cluster.</p>
<p><strong>How do I know if I am affected by these vulnerabilities?</strong></p>
<p>If you are running your own <strong>Kubernetes NGINX Ingress Controller, please review the CVEs and mitigate by updating to the latest patch versions</strong> (v1.11.5 and v1.12.1).</p>
<p><strong>If you are using the</strong> <a href="http://learn.microsoft.com/en-us/azure/aks/app-routing">Managed NGINX ingress with the application routing add-on</a> on AKS, the patches are being rolled out to all regions and should be completed in a few days. No customer action is required.</p>
<p>The status of the AKS deployment can be monitored here: <a href="https://releases.aks.azure.com/">AKS Release Status</a>.</p>
<p><strong>Where can I find more information about these vulnerabilities?</strong></p>
<table>
<thead>
<tr>
<th>CVE ID</th>
<th>Link to Github Issue</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1098">CVE-2025-1098</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131008">Github 131008</a></td>
</tr>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1974">CVE-2025-1974</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131009">Github 131009</a></td>
</tr>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1097">CVE-2025-1097</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131007">Github 131007</a></td>
</tr>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24514">CVE-2025-24514</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131006">Github 131006</a></td>
</tr>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24513">CVE-2025-24513</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131005">Github 131005</a></td>
</tr>
</tbody>
</table>
Microsoft Azure Kubernetes Service
Kubernetes
Yes
CVE-2025-1098
11870
11870
11870
1.0
2025-03-24T07:00:00
<p>Information published.</p>
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
<p>Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources.</p>
<p>Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.</p>
<p>Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.</p>
<p><strong>Why are we publishing this Kubernetes CVE in the Security Update Guide?</strong></p>
<p>We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnerabilities in the Kubernetes NGINX Ingress Controller. Some of these vulnerabilities might affect you if you have this component running in your Kubernetes cluster.</p>
<p><strong>How do I know if I am affected by these vulnerabilities?</strong></p>
<p>If you are running your own <strong>Kubernetes NGINX Ingress Controller, please review the CVEs and mitigate by updating to the latest patch versions</strong> (v1.11.5 and v1.12.1).</p>
<p><strong>If you are using the</strong> <a href="http://learn.microsoft.com/en-us/azure/aks/app-routing">Managed NGINX ingress with the application routing add-on</a> on AKS, the patches are being rolled out to all regions and should be completed in a few days. No customer action is required.</p>
<p>The status of the AKS deployment can be monitored here: <a href="https://releases.aks.azure.com/">AKS Release Status</a>.</p>
<p><strong>Where can I find more information about these vulnerabilities?</strong></p>
<table>
<thead>
<tr>
<th>CVE ID</th>
<th>Link to Github Issue</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1098">CVE-2025-1098</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131008">Github 131008</a></td>
</tr>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1974">CVE-2025-1974</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131009">Github 131009</a></td>
</tr>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1097">CVE-2025-1097</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131007">Github 131007</a></td>
</tr>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24514">CVE-2025-24514</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131006">Github 131006</a></td>
</tr>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24513">CVE-2025-24513</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131005">Github 131005</a></td>
</tr>
</tbody>
</table>
Microsoft Azure Kubernetes Service
Kubernetes
Yes
CVE-2025-1974
11870
11870
11870
1.0
2025-03-24T07:00:00
<p>Information published.</p>
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
<p>Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources.</p>
<p>Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.</p>
<p>Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.</p>
<p><strong>Why are we publishing this Kubernetes CVE in the Security Update Guide?</strong></p>
<p>We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnerabilities in the Kubernetes NGINX Ingress Controller. Some of these vulnerabilities might affect you if you have this component running in your Kubernetes cluster.</p>
<p><strong>How do I know if I am affected by these vulnerabilities?</strong></p>
<p>If you are running your own <strong>Kubernetes NGINX Ingress Controller, please review the CVEs and mitigate by updating to the latest patch versions</strong> (v1.11.5 and v1.12.1).</p>
<p><strong>If you are using the</strong> <a href="http://learn.microsoft.com/en-us/azure/aks/app-routing">Managed NGINX ingress with the application routing add-on</a> on AKS, the patches are being rolled out to all regions and should be completed in a few days. No customer action is required.</p>
<p>The status of the AKS deployment can be monitored here: <a href="https://releases.aks.azure.com/">AKS Release Status</a>.</p>
<p><strong>Where can I find more information about these vulnerabilities?</strong></p>
<table>
<thead>
<tr>
<th>CVE ID</th>
<th>Link to Github Issue</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1098">CVE-2025-1098</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131008">Github 131008</a></td>
</tr>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1974">CVE-2025-1974</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131009">Github 131009</a></td>
</tr>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1097">CVE-2025-1097</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131007">Github 131007</a></td>
</tr>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24514">CVE-2025-24514</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131006">Github 131006</a></td>
</tr>
<tr>
<td><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24513">CVE-2025-24513</a></td>
<td><a href="https://github.com/kubernetes/kubernetes/issues/131005">Github 131005</a></td>
</tr>
</tbody>
</table>
Microsoft Azure Kubernetes Service
Kubernetes
Yes
CVE-2025-24514
11870
11870
11870
1.0
2025-03-24T07:00:00
<p>Information published.</p>
Windows Core Messaging Elevation of Privileges Vulnerability
<p>Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Core Messaging
Microsoft
Yes
CVE-2025-26634
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
YanZiShuang@BigCJTeam of cyberkl
1.0
2025-03-11T07:00:00
<p>Information published. This CVE was addressed by updates that were released in February 2025, but the CVE was inadvertently omitted from the February 2025 Security Updates. This is an informational change only. Customers who have already installed the February 2025 updates do not need to take any further action.</p>
Microsoft Dataverse Elevation of Privilege Vulnerability
<p>Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Microsoft Dataverse
Microsoft
No
CVE-2025-24053
Improper Authorization
12338
Elevation of Privilege
12338
Critical
12338
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
7.2
6.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12338
<a href="https://nl.linkedin.com/in/erik-donker-50a887bb">Erik Donker</a> with Microsoft
1.0
2025-03-13T07:00:00
<p>Information published.</p>
Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
<p>Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>The attacker would gain the rights of the user that is running the affected application.</p>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2025-29795
Improper Link Resolution Before File Access ('Link Following')
12470
Elevation of Privilege
12470
Important
12470
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12470
Release Notes
12470
Security Update
1.3.195.45
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
12470
Release Notes
<a href="https://twitter.com/sim0nsecurity">Simon (@sim0nsecurity)</a>
1.0
2025-03-21T07:00:00
<p>Information published.</p>
Chromium: CVE-2025-2783 Incorrect handle provided in unspecified circumstances in Mojo on Windows
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>134.0.3124.93</td>
<td>3/26/2025</td>
<td>134.0.6998.177/.178</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-2783
11655
11655
11655
Release Notes
11655
No
Security Update
134.0.3124.93
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-03-26T21:55:19
<p>Information published.</p>