May 2025 Security Updates
Security Update
secure@microsoft.com
The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc.
2025-May
2025-May
Final
1.0
555
2026-05-17T14:48:41
May 2025 Security Updates
2025-05-13T07:00:00
2026-05-17T14:48:41
<h2 id="this-release-consists-of-the-following-80-microsoft-cves">This release consists of the following 80 Microsoft CVEs:</h2>
<table>
<thead>
<tr>
<th>Tag</th>
<th>CVE</th>
<th>Base Score</th>
<th>CVSS Vector</th>
<th>Exploitability</th>
<th>FAQs?</th>
<th>Workarounds?</th>
<th>Mitigations?</th>
</tr>
</thead>
<tbody>
<tr>
<td>Visual Studio Code</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21264">CVE-2025-21264</a></td>
<td>7.1</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kernel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24063">CVE-2025-24063</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>.NET, Visual Studio, and Build Tools for Visual Studio</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26646">CVE-2025-26646</a></td>
<td>8.0</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Remote Desktop Gateway Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26677">CVE-2025-26677</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Defender for Endpoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26684">CVE-2025-26684</a></td>
<td>6.7</td>
<td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Defender for Identity</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26685">CVE-2025-26685</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Secure Kernel Mode</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27468">CVE-2025-27468</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Hardware Lab Kit</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27488">CVE-2025-27488</a></td>
<td>6.7</td>
<td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure DevOps</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29813">CVE-2025-29813</a></td>
<td>10.0</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29825">CVE-2025-29825</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Dataverse</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29826">CVE-2025-29826</a></td>
<td>7.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Automation</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29827">CVE-2025-29827</a></td>
<td>9.9</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:P/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Trusted Runtime Interface Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29829">CVE-2025-29829</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Routing and Remote Access Service (RRAS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29830">CVE-2025-29830</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Remote Desktop Gateway Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29831">CVE-2025-29831</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Routing and Remote Access Service (RRAS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29832">CVE-2025-29832</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Virtual Machine Bus</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29833">CVE-2025-29833</a></td>
<td>7.7</td>
<td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Routing and Remote Access Service (RRAS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29835">CVE-2025-29835</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Routing and Remote Access Service (RRAS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29836">CVE-2025-29836</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Installer</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29837">CVE-2025-29837</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Drivers</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29838">CVE-2025-29838</a></td>
<td>7.4</td>
<td>CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows File Server</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29839">CVE-2025-29839</a></td>
<td>4.0</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Media</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29840">CVE-2025-29840</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Universal Print Management Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29841">CVE-2025-29841</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>UrlMon</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29842">CVE-2025-29842</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows LDAP - Lightweight Directory Access Protocol</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29954">CVE-2025-29954</a></td>
<td>5.9</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Role: Windows Hyper-V</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29955">CVE-2025-29955</a></td>
<td>6.2</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows SMB</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29956">CVE-2025-29956</a></td>
<td>5.4</td>
<td>CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Deployment Services</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29957">CVE-2025-29957</a></td>
<td>6.2</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Routing and Remote Access Service (RRAS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29958">CVE-2025-29958</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Routing and Remote Access Service (RRAS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29959">CVE-2025-29959</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Routing and Remote Access Service (RRAS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29960">CVE-2025-29960</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Routing and Remote Access Service (RRAS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29961">CVE-2025-29961</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Media</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29962">CVE-2025-29962</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Media</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29963">CVE-2025-29963</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Media</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29964">CVE-2025-29964</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Remote Desktop</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29966">CVE-2025-29966</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Remote Desktop Gateway Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29967">CVE-2025-29967</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Active Directory Certificate Services (AD CS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29968">CVE-2025-29968</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Fundamentals</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29969">CVE-2025-29969</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Brokering File System</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29970">CVE-2025-29970</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Web Threat Defense (WTD.sys)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29971">CVE-2025-29971</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Storage Resource Provider</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29972">CVE-2025-29972</a></td>
<td>9.9</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure File Sync</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29973">CVE-2025-29973</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kernel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29974">CVE-2025-29974</a></td>
<td>5.7</td>
<td>CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft PC Manager</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29975">CVE-2025-29975</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29976">CVE-2025-29976</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29977">CVE-2025-29977</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office PowerPoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29978">CVE-2025-29978</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29979">CVE-2025-29979</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30375">CVE-2025-30375</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30376">CVE-2025-30376</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30377">CVE-2025-30377</a></td>
<td>8.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30378">CVE-2025-30378</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30379">CVE-2025-30379</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30381">CVE-2025-30381</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30382">CVE-2025-30382</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30383">CVE-2025-30383</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30384">CVE-2025-30384</a></td>
<td>7.4</td>
<td>CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Common Log File System Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30385">CVE-2025-30385</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30386">CVE-2025-30386</a></td>
<td>8.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30387">CVE-2025-30387</a></td>
<td>9.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Win32K - GRFX</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30388">CVE-2025-30388</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30393">CVE-2025-30393</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Remote Desktop Gateway Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30394">CVE-2025-30394</a></td>
<td>5.9</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Scripting Engine</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30397">CVE-2025-30397</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td>
<td>Exploitation Detected</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows DWM</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30400">CVE-2025-30400</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td>
<td>Exploitation Detected</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Common Log File System Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32701">CVE-2025-32701</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td>
<td>Exploitation Detected</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Visual Studio</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32702">CVE-2025-32702</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Visual Studio</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32703">CVE-2025-32703</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32704">CVE-2025-32704</a></td>
<td>8.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Outlook</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32705">CVE-2025-32705</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Common Log File System Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32706">CVE-2025-32706</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td>
<td>Exploitation Detected</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows NTFS</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32707">CVE-2025-32707</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Ancillary Function Driver for WinSock</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32709">CVE-2025-32709</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Detected</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33072">CVE-2025-33072</a></td>
<td>8.1</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td></td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47161">CVE-2025-47161</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47181">CVE-2025-47181</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Dataverse</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47732">CVE-2025-47732</a></td>
<td>8.7</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Power Apps</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47733">CVE-2025-47733</a></td>
<td>9.1</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
</tbody>
</table>
<h2 id="we-are-republishing-15-non-microsoft-cves">We are republishing 15 non-Microsoft CVEs:</h2>
<table>
<thead>
<tr>
<th>CNA</th>
<th>Tag</th>
<th>CVE</th>
<th>FAQs?</th>
<th>Workarounds?</th>
<th>Mitigations?</th>
</tr>
</thead>
<tbody>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-4050">CVE-2025-4050</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-4051">CVE-2025-4051</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-4052">CVE-2025-4052</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-4096">CVE-2025-4096</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-4372">CVE-2025-4372</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-4609">CVE-2025-4609</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-4664">CVE-2025-4664</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-5063">CVE-2025-5063</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-5064">CVE-2025-5064</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-5065">CVE-2025-5065</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-5066">CVE-2025-5066</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-5067">CVE-2025-5067</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-5280">CVE-2025-5280</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-5281">CVE-2025-5281</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-5283">CVE-2025-5283</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
</tbody>
</table>
<h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2>
<table>
<thead>
<tr>
<th>Date</th>
<th>Blog Post</th>
</tr>
</thead>
<tbody>
<tr>
<td>November 12, 2024</td>
<td><a href="https://aka.ms/MSRC-CSAF-Blog">Toward greater transparency: Publishing machine-readable CSAF files</a></td>
</tr>
<tr>
<td>June 27, 2024</td>
<td><a href="https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves/">Toward greater transparency: Unveiling Cloud Service CVEs</a></td>
</tr>
<tr>
<td>April 9, 2024</td>
<td><a href="https://aka.ms/MSRC-CWE-Blog">Toward greater transparency: Security Update Guide now shares CWEs for CVEs</a></td>
</tr>
<tr>
<td>January 6, 2023</td>
<td><a href="https://msrc.microsoft.com/blog/2023/01/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/">Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API</a></td>
</tr>
<tr>
<td>January 11, 2022</td>
<td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td>
</tr>
<tr>
<td>February 9, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td>
</tr>
<tr>
<td>January 13, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td>
</tr>
<tr>
<td>December 8, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td>
</tr>
<tr>
<td>November 9, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td>
</tr>
</tbody>
</table>
<h2 id="relevant-resources">Relevant Resources</h2>
<ul>
<li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li>
<li>Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li>
<li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li>
<li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li>
<li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li>
<li>Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li>
</ul>
<h2 id="known-issues">Known Issues</h2>
<p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p>
<p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p>
<table>
<thead>
<tr>
<th>KB Article</th>
<th>Applies To</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://support.microsoft.com/help/5058379">5058379</a></td>
<td>Windows 10, version 21H2, Windows 10, version 22H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5058392">5058392</a></td>
<td>Windows 10, version 1809, Windows Server 2019</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5058429">5058429</a></td>
<td>Windows Server 2008 (Security-only update)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5058449">5058449</a></td>
<td>Windows Server 2008 (Monthly Rollup)</td>
</tr>
</tbody>
</table>
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Microsoft Edge (Chromium-based)
Microsoft Edge (Chromium-based) Updater
.NET 8.0 installed on Windows
.NET 8.0 installed on Linux
.NET 8.0 installed on Mac OS
.NET 9.0 installed on Linux
.NET 9.0 installed on Mac OS
.NET 9.0 installed on Windows
Microsoft Visual Studio 2022 version 17.12
Microsoft Visual Studio 2022 version 17.13
Microsoft Visual Studio 2022 version 17.8
Microsoft Visual Studio 2022 version 17.10
Build Tools for Visual Studio 2022
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Visual Studio Code
Microsoft Visual Studio Code CoPilot Chat Extension
Azure DevOps
Microsoft Defender for Endpoint for Linux
Microsoft Defender for Identity
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows Server 2025 (Server Core installation)
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows Server 2025
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows App Client for Windows Desktop
Remote Desktop client for Windows Desktop
Windows HLK for Windows Server 2025
Windows 11 HLK 24H2
Windows HLK, version 1809
Windows 10 HLK version 21H1
Windows 11 HLK 22H2
Windows 10 HLK version 20H2
Windows 10 HLK Version 22H2
Windows 10 HLK version 21H2
Windows HLK for Windows 10 version 2004
Windows HLK for Windows Server 2019
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Azure File Sync v19
Azure File Sync v20
Azure AI Document Intelligence Studio
Microsoft msagsfeedback.azurewebsites.net
Windows HLK for Windows Server 2022
Azure Storage Resource Provider (SRP)
Azure Automation
Microsoft PC Manager
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft SharePoint Server Subscription Edition
Office Online Server
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2024 for 32-bit editions
Microsoft Office LTSC 2024 for 64-bit editions
Microsoft Office LTSC for Mac 2024
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office for Android
Microsoft Office for Universal
Microsoft Dataverse
Microsoft Power Pages
azl3 syslog-ng 4.3.1-3 on Azure Linux 3.0
cbl2 syslog-ng 3.33.2-8 on CBL Mariner 2.0
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Windows Server 2016
Office Online Server
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016 (Server Core installation)
Microsoft SharePoint Enterprise Server 2016
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft SharePoint Server 2019
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Visual Studio Code
Microsoft Edge (Chromium-based)
Azure Automation
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Remote Desktop client for Windows Desktop
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft SharePoint Server Subscription Edition
Azure DevOps
Microsoft Defender for Endpoint for Linux
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Microsoft Edge (Chromium-based) Updater
Microsoft Office for Android
Microsoft Office for Universal
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Microsoft Visual Studio 2022 version 17.8
Microsoft Visual Studio 2022 version 17.10
Microsoft Dataverse
Azure Linux 3.0 x64
Azure Linux 3.0 ARM
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
.NET 8.0 installed on Windows
.NET 8.0 installed on Linux
.NET 8.0 installed on Mac OS
Microsoft Office LTSC 2024 for 32-bit editions
Microsoft Office LTSC 2024 for 64-bit editions
.NET 9.0 installed on Linux
.NET 9.0 installed on Mac OS
.NET 9.0 installed on Windows
Windows Server 2025
Windows Server 2025 (Server Core installation)
Microsoft Office LTSC for Mac 2024
Microsoft PC Manager
Windows App Client for Windows Desktop
Microsoft Visual Studio 2022 version 17.12
Microsoft Power Pages
Microsoft Visual Studio 2022 version 17.13
Microsoft Defender for Identity
Azure AI Document Intelligence Studio
Microsoft msagsfeedback.azurewebsites.net
Azure File Sync v19
Azure File Sync v20
Azure Storage Resource Provider (SRP)
Windows 11 HLK 22H2
Windows HLK for Windows Server 2025
Windows 11 HLK 24H2
Windows HLK for Windows Server 2022
Windows HLK for Windows Server 2019
Windows HLK, version 1809
Windows 10 HLK Version 22H2
Windows 10 HLK version 21H2
Windows 10 HLK version 21H1
Windows 10 HLK version 20H2
Windows HLK for Windows 10 version 2004
Build Tools for Visual Studio 2022
Microsoft Visual Studio Code CoPilot Chat Extension
azl3 libglvnd 1.7.0-2 on Azure Linux 3.0
azl3 kernel 6.6.96.1-1 on Azure Linux 3.0
cbl2 kernel 5.15.186.1-1 on CBL Mariner 2.0
cbl2 mysql 8.0.41-1 on CBL Mariner 2.0
cbl2 python-virtualenv 20.26.6-1 on CBL Mariner 2.0
cbl2 rust 1.72.0-10 on CBL Mariner 2.0
cbl2 hdf5 1.14.4-1 on CBL Mariner 2.0
cbl2 glibc 2.35-7 on CBL Mariner 2.0
azl3 syslog-ng 4.3.1-3 on Azure Linux 3.0
azl3 cmake 3.30.3-6 on Azure Linux 3.0
azl3 mysql 8.0.41-1 on Azure Linux 3.0
azl3 python3 3.12.9-1 on Azure Linux 3.0
azl3 tensorflow 2.16.1-9 on Azure Linux 3.0
azl3 hdf5 1.14.4.3-1 on Azure Linux 3.0
cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0
azl3 curl 8.11.1-3 on Azure Linux 3.0
cbl2 postgresql 14.16-1 on CBL Mariner 2.0
azl3 postgresql 16.7-1 on Azure Linux 3.0
azl3 pytorch 2.2.2-7 on Azure Linux 3.0
azl3 fluent-bit 3.1.9-4 on Azure Linux 3.0
azl3 erlang 26.2.5.11-1 on Azure Linux 3.0
azl3 python-setuptools 69.0.3-5 on Azure Linux 3.0
azl3 yasm 1.3.0-17 on Azure Linux 3.0
azl3 jq 1.7.1-3 on Azure Linux 3.0
azl3 kernel 6.6.92.2-1 on Azure Linux 3.0
cbl2 python3 3.9.19-14 on CBL Mariner 2.0
cm2 jq 1.6-3 on CBL Mariner 2.0
cm2 libsoup 3.0.4-7 on CBL Mariner 2.0
cm2 perl 5.34.1-491 on CBL Mariner 2.0
cm2 postgresql 14.18-1 on CBL Mariner 2.0
cm2 erlang 25.3.2.21-1 on CBL Mariner 2.0
cm2 net-tools 2.10-4 on CBL Mariner 2.0
cm2 jq 1.6-4 on CBL Mariner 2.0
cbl2 libsoup 3.0.4-8 on CBL Mariner 2.0
cbl2 icu 68.2.0.9-2 on CBL Mariner 2.0
azl3 glibc 2.38-11 on Azure Linux 3.0
azl3 valkey 8.0.3-3 on Azure Linux 3.0
azl3 libsoup 3.4.4-7 on Azure Linux 3.0
azl3 bind 9.20.9-1 on Azure Linux 3.0
azl3 postgresql 16.9-1 on Azure Linux 3.0
azl3 python3 3.12.9-2 on Azure Linux 3.0
azl3 rust 1.75.0-16 on Azure Linux 3.0
azl3 opa 0.63.0-2 on Azure Linux 3.0
azl3 erlang 26.2.5.12-1 on Azure Linux 3.0
azl3 net-tools 2.10-4 on Azure Linux 3.0
azl3 nodejs 20.14.0-8 on Azure Linux 3.0
azl3 containerd2 2.0.0-12 on Azure Linux 3.0
azl3 jq 1.7.1-4 on Azure Linux 3.0
azl3 gh 2.62.0-9 on Azure Linux 3.0
azl3 cmake 3.30.3-7 on Azure Linux 3.0
azl3 libsoup 3.4.4-8 on Azure Linux 3.0
azl3 binutils 2.41-6 on Azure Linux 3.0
cbl2 systemd 250.3-22 on CBL Mariner 2.0
azl3 ceph 18.2.2-8 on Azure Linux 3.0
cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0
azl3 rust 1.75.0-14 on Azure Linux 3.0
cbl2 python3 3.9.19-13 on CBL Mariner 2.0
cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0
azl3 rust 1.86.0-1 on Azure Linux 3.0
azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0
azl3 kata-containers 3.15.0.aks0-1 on Azure Linux 3.0
cbl2 rust 1.72.0-10 on CBL Mariner 2.0
azl3 kata-containers-cc 3.15.0.aks0-1 on Azure Linux 3.0
azl3 kernel 6.6.85.1-4 on Azure Linux 3.0
cbl2 nghttp2 1.57.0-2 on CBL Mariner 2.0
cbl2 fluent-bit 3.0.6-2 on CBL Mariner 2.0
cbl2 curl 8.8.0-6 on CBL Mariner 2.0
cbl2 postgresql 14.16-1 on CBL Mariner 2.0
cbl2 python-virtualenv 20.26.6-1 on CBL Mariner 2.0
cbl2 mysql 8.0.41-1 on CBL Mariner 2.0
cbl2 nodejs18 18.20.3-6 on CBL Mariner 2.0
cbl2 glibc 2.35-7 on CBL Mariner 2.0
azl3 kernel 6.6.92.2-2 on Azure Linux 3.0
cbl2 glib 2.71.0-5 on CBL Mariner 2.0
azl3 nodejs 20.14.0-9 on Azure Linux 3.0
cbl2 pytorch 2.0.0-9 on CBL Mariner 2.0
cbl2 hdf5 1.14.4-1 on CBL Mariner 2.0
cbl2 nodejs18 18.20.3-8 on CBL Mariner 2.0
cbl2 libglvnd 1.3.2-5 on CBL Mariner 2.0
cbl2 apparmor 3.0.4-4 on CBL Mariner 2.0
azl3 systemd 255-22 on Azure Linux 3.0
cbl2 icu 68.2.0.9-1 on CBL Mariner 2.0
azl3 icu 72.1.0.3-2 on Azure Linux 3.0
cbl2 libsoup 3.0.4-7 on CBL Mariner 2.0
azl3 libsoup 3.4.4-9 on Azure Linux 3.0
cbl2 yasm 1.3.0-17 on CBL Mariner 2.0
cbl2 gdb 11.2-6 on CBL Mariner 2.0
cbl2 binutils 2.37-15 on CBL Mariner 2.0
cbl2 syslog-ng 3.33.2-8 on CBL Mariner 2.0
cbl2 erlang 25.3.2.20-1 on CBL Mariner 2.0
cbl2 jq 1.6-4 on CBL Mariner 2.0
azl3 kata-containers-cc 3.15.0.aks0-4 on Azure Linux 3.0
azl3 rust 1.86.0-3 on Azure Linux 3.0
cbl2 azl-compliance 1.0.2-2 on CBL Mariner 2.0
azl3 kata-containers 3.15.0.aks0-2 on Azure Linux 3.0
azl3 bind 9.20.5-4 on Azure Linux 3.0
cbl2 net-tools 2.10-4 on CBL Mariner 2.0
azl3 glib 2.78.6-3 on Azure Linux 3.0
cbl2 iputils 20211215-3 on CBL Mariner 2.0
azl3 iputils 20240117-2 on Azure Linux 3.0
cbl2 jq 1.6-3 on CBL Mariner 2.0
cbl2 perl 5.34.1-491 on CBL Mariner 2.0
azl3 perl 5.38.2-509 on Azure Linux 3.0
cbl2 glib 2.71.0-7 on CBL Mariner 2.0
cbl2 nodejs18 18.20.3-9 on CBL Mariner 2.0
cbl2 libsoup 3.0.4-9 on CBL Mariner 2.0
cbl2 apparmor 3.0.4-5 on CBL Mariner 2.0
azl3 kernel 6.6.96.2-2 on Azure Linux 3.0
azl3 kata-containers-cc 3.15.0.aks0-5 on Azure Linux 3.0
azl3 glibc 2.38-12 on Azure Linux 3.0
azl3 systemd 255-23 on Azure Linux 3.0
azl3 apparmor 3.1.7-1 on Azure Linux 3.0
cbl2 open-vm-tools 11.3.0-4 on CBL Mariner 2.0
azl3 open-vm-tools 12.3.5-2 on Azure Linux 3.0
cbl2 glib 2.71.0-6 on CBL Mariner 2.0
cbl2 gdb 11.2-7 on CBL Mariner 2.0
cbl2 systemd 250.3-23 on CBL Mariner 2.0
azl3 kernel 6.6.104.2-4 on Azure Linux 3.0
azl3 systemd 255-24 on Azure Linux 3.0
cbl2 gdb 11.2-10 on CBL Mariner 2.0
azl3 kernel 6.6.112.1-2 on Azure Linux 3.0
azl3 kernel 6.6.116.1-1 on Azure Linux 3.0
cbl2 nodejs18 18.20.3-10 on CBL Mariner 2.0
azl3 kernel 6.6.117.1-1 on Azure Linux 3.0
azl3 nodejs 20.14.0-10 on Azure Linux 3.0
azl3 rust 1.75.0-22 on Azure Linux 3.0
azl3 hdf5 1.14.6-1 on Azure Linux 3.0
cbl2 hdf5 1.14.6-1 on CBL Mariner 2.0
azl3 rust 1.86.0-10 on Azure Linux 3.0
azl3 kernel 6.6.119.3-1 on Azure Linux 3.0
azl3 rust 1.90.0-1 on Azure Linux 3.0
azl3 kernel 6.6.119.3-3 on Azure Linux 3.0
azl3 kata-containers-cc 3.15.0.aks0-6 on Azure Linux 3.0
azl3 kernel 6.6.121.1-1 on Azure Linux 3.0
azl3 rust 1.75.0-24 on Azure Linux 3.0
azl3 rust 1.90.0-3 on Azure Linux 3.0
azl3 nodejs 20.14.0-13 on Azure Linux 3.0
cbl2 glibc 2.35-9 on CBL Mariner 2.0
cbl2 nodejs18 18.20.3-11 on CBL Mariner 2.0
azl3 python-virtualenv 20.36.1-1 on Azure Linux 3.0
cbl2 kernel 5.15.200.1-1 on CBL Mariner 2.0
cbl2 glibc 2.35-10 on CBL Mariner 2.0
azl3 kernel 6.6.126.1-1 on Azure Linux 3.0
azl3 rust 1.90.0-4 on Azure Linux 3.0
azl3 kata-containers-cc 3.15.0.aks0-7 on Azure Linux 3.0
cbl2 kernel 5.15.202.1-1 on CBL Mariner 2.0
azl3 kernel 6.6.130.1-3 on Azure Linux 3.0
azl3 nodejs 20.14.0-14 on Azure Linux 3.0
azl3 hdf5 1.14.6-2 on Azure Linux 3.0
cbl2 hdf5 1.14.6-2 on CBL Mariner 2.0
azl3 kata-containers-cc 3.15.0.aks0-8 on Azure Linux 3.0
cbl2 nodejs18 18.20.3-12 on CBL Mariner 2.0
azl3 kernel 6.6.134.1-2 on Azure Linux 3.0
azl3 nodejs 20.14.0-15 on Azure Linux 3.0
azl3 kata-containers-cc 3.15.0.aks0-9 on Azure Linux 3.0
azl3 kernel 6.6.137.1-2 on Azure Linux 3.0
azl3 kernel 6.6.138.1-1 on Azure Linux 3.0
azl3 kernel 6.6.139.1-1 on Azure Linux 3.0
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-47273
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
19849-17086
17604-17084
17171-17086
19458-17084
17667-17084
20918-17084
19849-17086
17604-17084
17171-17086
19458-17084
17667-17084
20918-17084
19849-17086
Important
17604-17084
Important
17171-17086
Important
19458-17084
Important
17667-17084
Important
20918-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19849-17086
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17604-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17171-17086
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19458-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17667-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20918-17084
CBL-Mariner Releases
19458-17084
No
Security Update
69.0.3-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19458-17084
CBL-Mariner Releases
1.1
2025-06-13T00:00:00
<p>Added python-setuptools to Azure Linux 3.0</p>
2.0
2026-02-21T03:02:49
<p>Information published.</p>
1.0
2025-05-30T00:00:00
<p>Information published.</p>
tranport: TLS host name wildcard matching too lax
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2024-47619
Improper Certificate Validation
17458-17084
20245-17086
17458-17084
20245-17086
Important
17458-17084
Important
20245-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
17458-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
20245-17086
CBL-Mariner Releases
17458-17084
No
Security Update
4.3.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17458-17084
CBL-Mariner Releases
CBL-Mariner Releases
20245-17086
No
Security Update
3.33.2-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20245-17086
CBL-Mariner Releases
1.0
2025-05-14T00:00:00
<p>Information published.</p>
2.1
2026-02-21T02:43:29
<p>Information published.</p>
2.0
2025-05-15T00:00:00
<p>Information published.</p>
jq has signed integer overflow in jv.c:jvp_array_write
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2024-23337
Integer Overflow or Wraparound
19526-17084
19535-16823
20292-17086
19526-17084
19535-16823
20292-17086
Moderate
19526-17084
Moderate
19535-16823
Moderate
20292-17086
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
19526-17084
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
19535-16823
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
20292-17086
CBL-Mariner Releases
19526-17084
No
Security Update
1.7.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19526-17084
CBL-Mariner Releases
CBL-Mariner Releases
19535-16823
20292-17086
No
Security Update
1.6-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19535-16823
20292-17086
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-21T03:05:37
<p>Information published.</p>
backlight: led_bl: Hold led_access lock when calling led_sysfs_disable()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-23144
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T03:01:25
<p>Information published.</p>
mptcp: fix NULL pointer in can_accept_new_subflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-23145
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:57:06
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
ext4: fix off-by-one error in do_split
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-23150
Off-by-one Error
19529-17084
19734-17084
19529-17084
19734-17084
Important
19529-17084
Important
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
8.4
8.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T14:19:06
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
media: venus: hfi_parser: refactor hfi packet parsing logic
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-23156
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-21T03:56:19
<p>Information published.</p>
PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-23161
19529-17084
19734-17084
19529-17084
19734-17084
Low
19529-17084
Low
19734-17084
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:23:27
<p>Information published.</p>
net: vlan: don't propagate flags on open
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-23163
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:45:28
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
jfs: add sanity check for agwidth in dbMount
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37740
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:26:51
<p>Information published.</p>
jfs: Prevent copying of nlink with value 0 from disk inode
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37741
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:20:03
<p>Information published.</p>
net: libwx: handle page_pool_dev_alloc_pages error
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37755
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:29:56
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
net: tls: explicitly disallow disconnect
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37756
19529-17084
19734-17084
19529-17084
19734-17084
Low
19529-17084
Low
19734-17084
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:24:26
<p>Information published.</p>
drm/nouveau: prime: fix ttm_bo_delayed_delete oops
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37765
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T14:33:26
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
drm/amd/pm: Prevent division by zero
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37767
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T14:10:36
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
RDMA/cma: Fix workqueue crash in cma_netevent_work_handler
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37772
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:20:52
<p>Information published.</p>
virtiofs: add filesystem context source name check
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37773
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:52:34
<p>Information published.</p>
ksmbd: Fix dangling pointer in krb_authenticate
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37778
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T14:14:59
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
i2c: cros-ec-tunnel: defer probe if parent EC is not present
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37781
NULL Pointer Dereference
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:19:07
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37787
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:42:01
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
net: openvswitch: fix nested key length validation in the set() action
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37789
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19529-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:13:28
<p>Information published.</p>
wifi: mac80211: Purge vif txq in ieee80211_do_stop()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37794
NULL Pointer Dereference
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:22:59
<p>Information published.</p>
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
https://nvd.nist.gov/vuln/detail/CVE-2025-37795
https://nvd.nist.gov/vuln/detail/CVE-2025-37795
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37795
12357
12356
12357
12356
12357
12356
kernel
12357
kernel-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
python3-perf-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
bpftool-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.6.92.2-1
https://nvd.nist.gov/vuln/detail/CVE-2025-37795
12357
kernel
kernel
12356
kernel-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
python3-perf-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
bpftool-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.6.92.2-1
https://nvd.nist.gov/vuln/detail/CVE-2025-37795
12356
kernel
1.0
2025-07-11T00:00:00
<p>Information published.</p>
spi: spi-imx: Add check for spi_imx_setupxfer()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37801
19529-17084
19734-17084
20925-17086
21093-17086
17087-17086
19529-17084
19734-17084
20925-17086
21093-17086
17087-17086
Moderate
19529-17084
Moderate
19734-17084
Moderate
20925-17086
Moderate
21093-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:32:13
<p>Information published.</p>
2.0
2026-03-03T14:37:58
<p>Information published.</p>
3.0
2026-03-31T15:19:02
<p>Information published.</p>
crypto: null - Use spin lock instead of mutex
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37808
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:09:43
<p>Information published.</p>
usb: dwc3: gadget: check that event count does not exceed event buffer length
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37810
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:56:12
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37819
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:17:24
<p>Information published.</p>
net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37823
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:33:49
<p>Information published.</p>
cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37830
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:21:36
<p>Information published.</p>
cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37831
NULL Pointer Dereference
19529-17084
19734-17084
19529-17084
19734-17084
Important
19529-17084
Important
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:21:37
<p>Information published.</p>
jbd2: remove wrong sb->s_sequence check
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37839
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:21:08
<p>Information published.</p>
pm: cpupower: bench: Prevent NULL dereference on malloc failure
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37841
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:39:29
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
fbdev: omapfb: Add 'plane' value check
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37851
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:42:37
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
drm/amdkfd: debugfs hang_hws skip GPU with MES
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37853
19529-17084
19734-17084
17087-17086
20925-17086
21093-17086
19529-17084
19734-17084
17087-17086
20925-17086
21093-17086
Moderate
19529-17084
Moderate
19734-17084
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2025-11-19T01:01:57
<p>Information published.</p>
2.1
2026-02-18T14:07:02
<p>Information published.</p>
4.0
2026-03-31T14:49:18
<p>Information published.</p>
3.0
2026-03-03T14:39:20
<p>Information published.</p>
net: dsa: clean up FDB, MDB, VLAN entries on unbind
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37864
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:13:00
<p>Information published.</p>
HID: pidff: Fix null pointer dereference in pidff_find_fields
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37862
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-21T03:48:29
<p>Information published.</p>
igc: fix PTM cycle trigger logic
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37875
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:51:38
<p>Information published.</p>
bpf: Fix deadlock between rcu_tasks_trace and event_mutex.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37884
Improper Locking
19529-17084
17087-17086
21093-17086
19734-17084
20925-17086
19529-17084
17087-17086
21093-17086
19734-17084
20925-17086
Moderate
19529-17084
Moderate
17087-17086
Moderate
21093-17086
Moderate
19734-17084
Moderate
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:12:22
<p>Information published.</p>
2.0
2026-03-03T15:01:52
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
3.0
2026-03-31T14:41:29
<p>Information published.</p>
KVM: x86: Reset IRTE to host control if *new* route isn't postable
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37885
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-21T03:59:58
<p>Information published.</p>
mtd: inftlcore: Add error check for inftl_read_oob()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37892
19529-17084
19734-17084
19529-17084
19734-17084
Important
19529-17084
Important
19734-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T14:30:02
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
net: lan743x: Fix memleak issue when GSO enabled
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37909
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:30:45
<p>Information published.</p>
firmware: arm_scmi: Balance device refcount when destroying devices
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37905
19529-17084
19734-17084
19529-17084
19734-17084
Low
19529-17084
Low
19734-17084
2.3
2.3
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:07:40
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
net_sched: drr: Fix double list add in class with netem as child qdisc
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37915
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
6.3
6.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:58:40
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
tracing: Fix oob write in trace_seq_to_buffer()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37923
Out-of-bounds Write
19529-17084
19734-17084
19529-17084
19734-17084
Important
19529-17084
Important
19734-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19529-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T14:31:40
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
ksmbd: fix use-after-free in kerberos authentication
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37924
19529-17084
19734-17084
17087-17086
19529-17084
19734-17084
17087-17086
Moderate
19529-17084
Moderate
19734-17084
Important
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:20:40
<p>Information published.</p>
perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37936
19529-17084
19734-17084
19529-17084
19734-17084
Important
19529-17084
Important
19734-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T03:01:51
<p>Information published.</p>
wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi
https://nvd.nist.gov/vuln/detail/CVE-2025-37943
https://nvd.nist.gov/vuln/detail/CVE-2025-37943
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37943
12357
12356
19734-17084
12357
12356
19734-17084
12357
12356
Important
19734-17084
8.0
8.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
kernel
12357
kernel-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
python3-perf-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
bpftool-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.6.92.2-1
https://nvd.nist.gov/vuln/detail/CVE-2025-37943
12357
kernel
kernel
12356
kernel-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
python3-perf-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
bpftool-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.6.92.2-1
https://nvd.nist.gov/vuln/detail/CVE-2025-37943
12356
kernel
CBL-Mariner Releases
19734-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T03:03:42
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
ksmbd: prevent out-of-bounds stream writes by validating *pos
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37947
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:19:33
<p>Information published.</p>
smb: client: Avoid race in open_cached_dir with lease breaks
https://nvd.nist.gov/vuln/detail/CVE-2025-37954
https://nvd.nist.gov/vuln/detail/CVE-2025-37954
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37954
12356
12357
19734-17084
17087-17086
12356
12357
19734-17084
17087-17086
12356
12357
Moderate
19734-17084
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12356
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12357
7.0
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
kernel
12356
kernel-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
python3-perf-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
bpftool-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.6.92.2-1
https://nvd.nist.gov/vuln/detail/CVE-2025-37954
12356
kernel
kernel
12357
kernel-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
python3-perf-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
bpftool-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.6.92.2-1
https://nvd.nist.gov/vuln/detail/CVE-2025-37954
12357
kernel
CBL-Mariner Releases
19734-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2025-11-18T01:37:57
<p>Information published.</p>
3.1
2026-02-18T14:05:04
<p>Information published.</p>
3.0
2025-11-25T01:36:41
<p>Information published.</p>
ksmbd: prevent rename with empty string
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37956
19529-17084
17087-17086
19734-17084
19529-17084
17087-17086
19734-17084
Moderate
19529-17084
Moderate
17087-17086
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
3.0
2025-11-25T01:36:47
<p>Information published.</p>
3.1
2026-02-18T02:53:39
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2025-11-18T01:38:02
<p>Information published.</p>
memblock: Accept allocated memory before use in memblock_double_array()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37960
19529-17084
19734-17084
19529-17084
19734-17084
Important
19529-17084
Important
19734-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-21T03:47:33
<p>Information published.</p>
arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users
https://nvd.nist.gov/vuln/detail/CVE-2025-37963
https://nvd.nist.gov/vuln/detail/CVE-2025-37963
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37963
12356
12357
19734-17084
12356
12357
19734-17084
12356
12357
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12356
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12357
7.0
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
19734-17084
kernel
12356
kernel-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
python3-perf-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
bpftool-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.6.92.2-1
https://nvd.nist.gov/vuln/detail/CVE-2025-37963
12356
kernel
kernel
12357
kernel-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
python3-perf-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
bpftool-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.6.92.2-1
https://nvd.nist.gov/vuln/detail/CVE-2025-37963
12357
kernel
CBL-Mariner Releases
19734-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:16:24
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
ipvs: fix uninit-value for saddr in do_output_route4
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37961
19529-17084
19734-17084
17087-17086
21093-17086
20925-17086
19529-17084
19734-17084
17087-17086
21093-17086
20925-17086
Moderate
19529-17084
Moderate
19734-17084
Moderate
17087-17086
Moderate
21093-17086
Moderate
20925-17086
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
2.0
2025-12-18T01:01:24
<p>Information published.</p>
2.1
2026-02-21T03:42:19
<p>Information published.</p>
3.0
2026-03-03T14:42:58
<p>Information published.</p>
4.0
2026-03-31T14:51:26
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37973
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
6.7
6.7
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T03:00:59
<p>Information published.</p>
USB: wdm: close race between wdm_open and wdm_wwan_port_stop
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37985
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-21T03:54:33
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
qibfs: fix _another_ leak
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37983
19734-17084
19734-17084
Moderate
19734-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:51:26
<p>Information published.</p>
net_sched: Flush gso_skb list too during ->change()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37992
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T01:56:24
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
netfilter: ipset: fix region locking in hash types
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37997
19529-17084
19734-17084
19529-17084
19734-17084
Important
19529-17084
Important
19734-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:48:25
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
DNS message with invalid TSIG causes an assertion failure
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
isc
Yes
CVE-2025-40775
Improper Handling of Undefined Values
19599-17084
20269-17084
19599-17084
20269-17084
Important
19599-17084
Important
20269-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19599-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20269-17084
CBL-Mariner Releases
19599-17084
20269-17084
No
Security Update
9.20.9-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19599-17084
20269-17084
CBL-Mariner Releases
1.1
2026-02-21T03:07:06
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
PostgreSQL
Yes
CVE-2025-4207
Buffer Over-read
19555-16823
19600-17084
19262-17084
19844-17086
20744-17084
20822-17084
19261-17086
20865-17084
20964-17084
19555-16823
19600-17084
19262-17084
19844-17086
20744-17084
20822-17084
19261-17086
20865-17084
20964-17084
Moderate
19555-16823
Moderate
19600-17084
Moderate
19262-17084
19844-17086
Moderate
20744-17084
Moderate
20822-17084
Moderate
19261-17086
Moderate
20865-17084
Moderate
20964-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
19555-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
19600-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
19262-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
19844-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
20744-17084
5.9
5.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
20822-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
19261-17086
5.9
5.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
20865-17084
5.9
5.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
20964-17084
CBL-Mariner Releases
19555-16823
19844-17086
19261-17086
No
Security Update
14.18-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19555-16823
19844-17086
19261-17086
CBL-Mariner Releases
CBL-Mariner Releases
19600-17084
19262-17084
No
Security Update
16.9-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19600-17084
19262-17084
CBL-Mariner Releases
CBL-Mariner Releases
20865-17084
20964-17084
No
Security Update
1.90.0-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20865-17084
20964-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
3.0
2026-02-21T02:45:06
<p>Information published.</p>
2.0
2026-01-21T01:05:40
<p>Information published.</p>
4.0
2026-03-04T14:36:18
<p>Information published.</p>
Ring: some aes functions may panic when overflow checking is enabled in ring
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-4432
Allocation of Resources Without Limits or Throttling
19693-17084
20744-17084
20767-17084
19711-17084
19722-17084
20864-17084
19693-17084
20744-17084
20767-17084
19711-17084
19722-17084
20864-17084
Moderate
19693-17084
Moderate
20744-17084
Moderate
20767-17084
Low
19711-17084
Low
19722-17084
Moderate
20864-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19693-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20744-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20767-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
19711-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
19722-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20864-17084
CBL-Mariner Releases
19711-17084
19722-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19711-17084
19722-17084
CBL-Mariner Releases
2.0
2026-01-07T01:01:35
<p>Information published.</p>
3.0
2026-01-13T01:37:13
<p>Information published.</p>
1.0
2025-08-06T00:00:00
<p>Information published.</p>
4.0
2026-02-21T02:50:21
<p>Information published.</p>
Erlang/OTP SSH Has Strict KEX Violations
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-46712
Expected Behavior Violation
19558-16823
19605-17084
20248-17086
19449-17084
19558-16823
19605-17084
20248-17086
19449-17084
Low
19558-16823
Low
19605-17084
Low
20248-17086
Low
19449-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
19558-16823
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
19605-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
20248-17086
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
19449-17084
CBL-Mariner Releases
19558-16823
20248-17086
No
Security Update
25.3.2.21-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19558-16823
20248-17086
CBL-Mariner Releases
CBL-Mariner Releases
19605-17084
19449-17084
No
Security Update
26.2.5.12-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19605-17084
19449-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-21T02:46:10
<p>Information published.</p>
net-tools Stack-based Buffer Overflow vulnerability
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-46836
Improper Input Validation
19559-16823
19607-17084
20271-17086
19559-16823
19607-17084
20271-17086
Moderate
19559-16823
Moderate
19607-17084
Moderate
20271-17086
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
19559-16823
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
19607-17084
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
20271-17086
CBL-Mariner Releases
19559-16823
19607-17084
20271-17086
No
Security Update
2.10-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19559-16823
19607-17084
20271-17086
CBL-Mariner Releases
1.1
2026-02-21T02:53:42
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
Libsoup: integer underflow in soup_multipart_new_from_message() leading to denial of service in libsoup
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-4948
Integer Underflow (Wrap or Wraparound)
19568-16823
19617-17084
20186-17086
19596-17084
19568-16823
19617-17084
20186-17086
19596-17084
Important
19568-16823
Important
19617-17084
Important
20186-17086
Important
19596-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19568-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19617-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20186-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19596-17084
CBL-Mariner Releases
19568-16823
20186-17086
No
Security Update
3.0.4-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19568-16823
20186-17086
CBL-Mariner Releases
CBL-Mariner Releases
19617-17084
19596-17084
No
Security Update
3.4.4-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19617-17084
19596-17084
CBL-Mariner Releases
1.0
2025-08-11T00:00:00
<p>Information published.</p>
2.0
2025-08-12T00:00:00
<p>Added libsoup to CBL-Mariner 2.0
Added libsoup to Azure Linux 3.0</p>
2.1
2026-02-21T03:00:46
<p>Information published.</p>
GNU Binutils ld elflink.c elf_gc_sweep memory corruption
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-5244
Improper Restriction of Operations within the Bounds of a Memory Buffer
19621-17084
20203-17086
20524-17086
20219-17086
20598-17086
19621-17084
20203-17086
20524-17086
20219-17086
20598-17086
Moderate
19621-17084
Moderate
20203-17086
Moderate
20524-17086
Moderate
20219-17086
Moderate
20598-17086
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
19621-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
20203-17086
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
20524-17086
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
20219-17086
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
20598-17086
CBL-Mariner Releases
19621-17084
No
Security Update
2.41-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19621-17084
CBL-Mariner Releases
CBL-Mariner Releases
20524-17086
No
Security Update
11.2-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20524-17086
CBL-Mariner Releases
CBL-Mariner Releases
20219-17086
No
Security Update
2.37-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20219-17086
CBL-Mariner Releases
CBL-Mariner Releases
20598-17086
No
Security Update
11.2-10
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20598-17086
CBL-Mariner Releases
1.0
2025-07-10T00:00:00
<p>Information published.</p>
1.1
2026-02-21T03:08:20
<p>Information published.</p>
accel/ivpu: Fix locking order in ivpu_job_submit
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37907
19683-17084
20613-17084
20725-17084
20788-17084
20823-17084
20956-17084
21094-17084
21248-17084
21308-17084
21332-17084
20412-17084
20553-17084
20860-17084
21344-17084
19683-17084
20613-17084
20725-17084
20788-17084
20823-17084
20956-17084
21094-17084
21248-17084
21308-17084
21332-17084
20412-17084
20553-17084
20860-17084
21344-17084
19683-17084
Moderate
20613-17084
Moderate
20725-17084
Moderate
20788-17084
Moderate
20823-17084
Moderate
20956-17084
Moderate
21094-17084
Moderate
21248-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
20412-17084
Moderate
20553-17084
Moderate
20860-17084
Moderate
21344-17084
4.7
4.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
19683-17084
4.7
4.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20613-17084
4.7
4.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20725-17084
4.7
4.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20788-17084
4.7
4.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20823-17084
4.7
4.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20956-17084
4.7
4.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21094-17084
4.7
4.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21248-17084
4.7
4.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21308-17084
4.7
4.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21332-17084
4.7
4.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20412-17084
4.7
4.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20553-17084
4.7
4.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20860-17084
4.7
4.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
2.0
2025-12-07T01:40:09
<p>Information published.</p>
4.0
2026-01-20T14:50:01
<p>Information published.</p>
6.0
2026-03-04T14:44:47
<p>Information published.</p>
8.0
2026-04-29T14:55:34
<p>Information published.</p>
1.0
2025-09-03T21:53:02
<p>Information published.</p>
3.0
2026-01-08T14:37:09
<p>Information published.</p>
5.0
2026-02-19T01:51:08
<p>Information published.</p>
7.0
2026-03-31T15:17:45
<p>Information published.</p>
9.0
2026-05-06T14:49:17
<p>Information published.</p>
10.0
2026-05-11T01:47:40
<p>Information published.</p>
11.0
2026-05-17T14:48:41
<p>Information published.</p>
Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-4598
Signal Handler Race Condition
20122-17084
19661-17086
19683-17084
17087-17086
20431-17084
20531-17086
20576-17084
20122-17084
19661-17086
19683-17084
17087-17086
20431-17084
20531-17086
20576-17084
20122-17084
Moderate
19661-17086
Moderate
19683-17084
Moderate
17087-17086
Moderate
20431-17084
Moderate
20531-17086
Moderate
20576-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
20122-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
19661-17086
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
19683-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
17087-17086
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
20431-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
20531-17086
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
20576-17084
CBL-Mariner Releases
19661-17086
20531-17086
No
Security Update
250.3-23
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19661-17086
20531-17086
CBL-Mariner Releases
CBL-Mariner Releases
19683-17084
17087-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19683-17084
17087-17086
CBL-Mariner Releases
CBL-Mariner Releases
20431-17084
20576-17084
No
Security Update
255-24
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20431-17084
20576-17084
CBL-Mariner Releases
1.0
2025-09-03T22:03:26
<p>Information published.</p>
1.1
2026-02-18T01:04:10
<p>Information published.</p>
HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37942
20412-17084
20613-17084
17087-17086
20725-17084
19683-17084
20553-17084
20412-17084
20613-17084
17087-17086
20725-17084
19683-17084
20553-17084
Moderate
20412-17084
Moderate
20613-17084
Moderate
17087-17086
Moderate
20725-17084
19683-17084
Moderate
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
1.0
2025-09-03T21:59:05
<p>Information published.</p>
2.0
2025-11-19T01:02:07
<p>Information published.</p>
3.0
2025-12-07T01:46:28
<p>Information published.</p>
wifi: ath12k: Avoid memory leak while enabling statistics
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37743
19683-17084
20412-17084
20553-17084
19683-17084
20412-17084
20553-17084
19683-17084
Moderate
20412-17084
Moderate
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
1.0
2025-09-03T22:34:36
<p>Information published.</p>
mm/vmscan: don't try to reclaim hwpoison folio
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37834
19683-17084
20412-17084
20613-17084
20725-17084
20956-17084
21094-17084
21332-17084
20553-17084
17087-17086
20788-17084
20823-17084
20860-17084
21248-17084
21308-17084
21344-17084
19683-17084
20412-17084
20613-17084
20725-17084
20956-17084
21094-17084
21332-17084
20553-17084
17087-17086
20788-17084
20823-17084
20860-17084
21248-17084
21308-17084
21344-17084
19683-17084
Moderate
20412-17084
Moderate
20613-17084
Moderate
20725-17084
Moderate
20956-17084
Moderate
21094-17084
Moderate
21332-17084
Moderate
20553-17084
Moderate
17087-17086
Moderate
20788-17084
Moderate
20823-17084
Moderate
20860-17084
Moderate
21248-17084
Moderate
21308-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
19683-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20412-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20613-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20725-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20956-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21094-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21332-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20788-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20823-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20860-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21248-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21308-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2025-09-03T22:45:25
<p>Information published.</p>
4.0
2025-12-07T01:48:15
<p>Information published.</p>
5.0
2026-01-08T14:47:11
<p>Information published.</p>
8.0
2026-03-04T14:41:26
<p>Information published.</p>
9.0
2026-03-31T15:01:45
<p>Information published.</p>
11.0
2026-05-06T14:43:37
<p>Information published.</p>
2.0
2025-11-18T01:37:52
<p>Information published.</p>
3.0
2025-11-25T01:36:36
<p>Information published.</p>
6.0
2026-01-20T14:43:05
<p>Information published.</p>
7.0
2026-02-19T01:45:40
<p>Information published.</p>
10.0
2026-04-30T01:43:51
<p>Information published.</p>
12.0
2026-05-11T01:42:29
<p>Information published.</p>
13.0
2026-05-17T14:43:40
<p>Information published.</p>
ublk: fix handling recovery & reissue in ublk_abort_queue()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37759
NULL Pointer Dereference
19683-17084
20412-17084
20553-17084
19683-17084
20412-17084
20553-17084
19683-17084
Moderate
20412-17084
Moderate
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
1.0
2025-09-03T22:48:52
<p>Information published.</p>
drm/amd/display: Guard Possible Null Pointer Dereference
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37855
NULL Pointer Dereference
19529-17084
19529-17084
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
1.0
2025-09-03T22:53:06
<p>Information published.</p>
drm/amd/display: prevent hang on link training fail
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37870
20725-17084
20823-17084
20860-17084
20956-17084
21094-17084
21248-17084
19683-17084
20412-17084
20553-17084
20613-17084
20788-17084
21308-17084
21332-17084
21344-17084
20725-17084
20823-17084
20860-17084
20956-17084
21094-17084
21248-17084
19683-17084
20412-17084
20553-17084
20613-17084
20788-17084
21308-17084
21332-17084
21344-17084
Moderate
20725-17084
Moderate
20823-17084
Moderate
20860-17084
Moderate
20956-17084
Moderate
21094-17084
Moderate
21248-17084
19683-17084
Moderate
20412-17084
Moderate
20553-17084
Moderate
20613-17084
Moderate
20788-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20956-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21094-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2025-09-03T22:55:33
<p>Information published.</p>
2.0
2025-12-07T01:48:23
<p>Information published.</p>
4.0
2026-01-20T14:43:14
<p>Information published.</p>
6.0
2026-03-04T14:41:33
<p>Information published.</p>
7.0
2026-03-31T15:02:17
<p>Information published.</p>
8.0
2026-04-29T14:49:06
<p>Information published.</p>
3.0
2026-01-08T14:47:20
<p>Information published.</p>
5.0
2026-02-19T01:45:47
<p>Information published.</p>
9.0
2026-05-06T14:43:46
<p>Information published.</p>
10.0
2026-05-11T01:42:38
<p>Information published.</p>
11.0
2026-05-17T14:43:49
<p>Information published.</p>
xsk: Fix race condition in AF_XDP generic RX path
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37920
19683-17084
20412-17084
20613-17084
17087-17086
20725-17084
20823-17084
21093-17086
20553-17084
20788-17084
20860-17084
20925-17086
19683-17084
20412-17084
20613-17084
17087-17086
20725-17084
20823-17084
21093-17086
20553-17084
20788-17084
20860-17084
20925-17086
19683-17084
Moderate
20412-17084
Moderate
20613-17084
Moderate
17087-17086
Moderate
20725-17084
Moderate
20823-17084
Moderate
21093-17086
Moderate
20553-17084
Moderate
20788-17084
Moderate
20860-17084
Moderate
20925-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
19683-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20412-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20613-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20725-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20823-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20553-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20788-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20860-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
1.0
2025-09-03T23:01:31
<p>Information published.</p>
2.0
2025-12-07T01:49:11
<p>Information published.</p>
4.0
2026-01-20T14:43:35
<p>Information published.</p>
5.0
2026-02-19T01:46:04
<p>Information published.</p>
6.0
2026-02-27T14:35:32
<p>Information published.</p>
8.0
2026-03-31T15:11:55
<p>Information published.</p>
3.0
2026-01-08T14:47:37
<p>Information published.</p>
7.0
2026-03-03T14:57:08
<p>Information published.</p>
net: stmmac: Fix accessing freed irq affinity_hint
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-23155
19683-17084
20553-17084
20613-17084
20925-17086
21093-17086
20412-17084
17087-17086
19683-17084
20553-17084
20613-17084
20925-17086
21093-17086
20412-17084
17087-17086
19683-17084
Moderate
20553-17084
Moderate
20613-17084
Moderate
20925-17086
Moderate
21093-17086
Moderate
20412-17084
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-09-03T23:04:00
<p>Information published.</p>
2.0
2025-12-02T14:35:14
<p>Information published.</p>
3.0
2026-03-03T14:52:39
<p>Information published.</p>
4.0
2026-03-31T15:06:29
<p>Information published.</p>
blk-mq: Fix kmemleak in blk_mq_init_allocated_queue
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49901
Missing Release of Memory after Effective Lifetime
17087-17086
21093-17086
20925-17086
17087-17086
21093-17086
20925-17086
Moderate
17087-17086
Moderate
21093-17086
Moderate
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
1.0
2025-09-03T23:11:01
<p>Information published.</p>
3.0
2026-03-31T14:52:54
<p>Information published.</p>
2.0
2026-03-03T14:36:11
<p>Information published.</p>
PyTorch nccl.py torch.cuda.nccl.reduce denial of service
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-4287
Improper Resource Shutdown or Release
19407-17084
19949-17086
19407-17084
19949-17086
Low
19407-17084
Low
19949-17086
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
19407-17084
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
19949-17086
1.0
2025-09-03T23:22:19
<p>Information published.</p>
1.1
2026-02-21T02:42:13
<p>Information published.</p>
iommu: Clear iommu-dma ops on cleanup
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37877
20412-17084
20613-17084
17087-17086
20725-17084
20823-17084
20956-17084
21094-17084
21093-17086
21248-17084
21332-17084
19683-17084
20553-17084
20788-17084
20860-17084
20925-17086
21308-17084
21344-17084
20412-17084
20613-17084
17087-17086
20725-17084
20823-17084
20956-17084
21094-17084
21093-17086
21248-17084
21332-17084
19683-17084
20553-17084
20788-17084
20860-17084
20925-17086
21308-17084
21344-17084
Moderate
20412-17084
Moderate
20613-17084
Moderate
17087-17086
Moderate
20725-17084
Moderate
20823-17084
Moderate
20956-17084
Moderate
21094-17084
Moderate
21093-17086
Moderate
21248-17084
Moderate
21332-17084
19683-17084
Moderate
20553-17084
Moderate
20788-17084
Moderate
20860-17084
Moderate
20925-17086
Moderate
21308-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20613-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
17087-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20725-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20823-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20956-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21094-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21093-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21248-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20788-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20860-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20925-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21308-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2025-09-03T23:22:02
<p>Information published.</p>
2.0
2025-12-07T01:50:02
<p>Information published.</p>
4.0
2026-01-20T14:44:38
<p>Information published.</p>
6.0
2026-03-03T15:00:47
<p>Information published.</p>
8.0
2026-03-31T15:06:14
<p>Information published.</p>
11.0
2026-05-11T01:43:41
<p>Information published.</p>
3.0
2026-01-08T14:48:27
<p>Information published.</p>
5.0
2026-02-19T01:46:50
<p>Information published.</p>
7.0
2026-03-04T14:42:14
<p>Information published.</p>
9.0
2026-04-29T14:50:35
<p>Information published.</p>
10.0
2026-05-06T14:44:50
<p>Information published.</p>
12.0
2026-05-17T14:44:51
<p>Information published.</p>
scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37826
19683-17084
20412-17084
20613-17084
20725-17084
20823-17084
20860-17084
20956-17084
21094-17084
21248-17084
21332-17084
20553-17084
20788-17084
21308-17084
21344-17084
19683-17084
20412-17084
20613-17084
20725-17084
20823-17084
20860-17084
20956-17084
21094-17084
21248-17084
21332-17084
20553-17084
20788-17084
21308-17084
21344-17084
19683-17084
Moderate
20412-17084
Moderate
20613-17084
Moderate
20725-17084
Moderate
20823-17084
Moderate
20860-17084
Moderate
20956-17084
Moderate
21094-17084
Moderate
21248-17084
Moderate
21332-17084
Moderate
20553-17084
Moderate
20788-17084
Moderate
21308-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
19683-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20412-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20613-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20725-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20823-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20860-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20956-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21094-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21248-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21332-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20553-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20788-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21308-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2025-09-03T23:25:07
<p>Information published.</p>
2.0
2025-12-07T01:50:12
<p>Information published.</p>
3.0
2026-01-08T14:48:36
<p>Information published.</p>
4.0
2026-01-20T14:44:49
<p>Information published.</p>
5.0
2026-02-19T01:46:57
<p>Information published.</p>
6.0
2026-03-04T14:42:22
<p>Information published.</p>
8.0
2026-04-29T14:50:47
<p>Information published.</p>
7.0
2026-03-31T15:06:40
<p>Information published.</p>
9.0
2026-05-06T14:44:59
<p>Information published.</p>
10.0
2026-05-11T01:43:50
<p>Information published.</p>
11.0
2026-05-17T14:44:59
<p>Information published.</p>
um: work around sched_yield not yielding in time-travel mode
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37880
20412-17084
20553-17084
20613-17084
19683-17084
17087-17086
20412-17084
20553-17084
20613-17084
19683-17084
17087-17086
Low
20412-17084
Low
20553-17084
Low
20613-17084
19683-17084
Moderate
17087-17086
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
20412-17084
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
20553-17084
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
20613-17084
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-09-03T23:50:47
<p>Information published.</p>
2.0
2025-11-25T01:36:23
<p>Information published.</p>
btrfs: adjust subpage bit start based on sectorsize
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37931
19683-17084
20412-17084
17087-17086
20925-17086
20553-17084
21093-17086
19683-17084
20412-17084
17087-17086
20925-17086
20553-17084
21093-17086
19683-17084
Moderate
20412-17084
Moderate
17087-17086
Moderate
20925-17086
Moderate
20553-17084
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
CBL-Mariner Releases
20553-17084
No
Security Update
6.6.112.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20553-17084
CBL-Mariner Releases
1.0
2025-09-03T23:57:34
<p>Information published.</p>
2.0
2025-12-21T01:01:23
<p>Information published.</p>
4.0
2026-03-03T14:46:39
<p>Information published.</p>
3.0
2025-12-23T01:36:34
<p>Information published.</p>
5.0
2026-03-31T14:57:31
<p>Information published.</p>
ksmbd: fix use-after-free in ksmbd_session_rpc_open
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37926
19683-17084
20412-17084
20553-17084
20613-17084
17087-17086
19683-17084
20412-17084
20553-17084
20613-17084
17087-17086
19683-17084
Moderate
20412-17084
Moderate
20553-17084
Moderate
20613-17084
Important
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
1.0
2025-09-04T00:12:26
<p>Information published.</p>
2.0
2025-11-25T01:36:33
<p>Information published.</p>
PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37745
20553-17084
20613-17084
20725-17084
20925-17086
20956-17084
21094-17084
21093-17086
21248-17084
19683-17084
20412-17084
17087-17086
20788-17084
20823-17084
20860-17084
21308-17084
21332-17084
21344-17084
20553-17084
20613-17084
20725-17084
20925-17086
20956-17084
21094-17084
21093-17086
21248-17084
19683-17084
20412-17084
17087-17086
20788-17084
20823-17084
20860-17084
21308-17084
21332-17084
21344-17084
Moderate
20553-17084
Moderate
20613-17084
Moderate
20725-17084
Moderate
20925-17086
Moderate
20956-17084
Moderate
21094-17084
Moderate
21093-17086
Moderate
21248-17084
19683-17084
Moderate
20412-17084
Moderate
17087-17086
Moderate
20788-17084
Moderate
20823-17084
Moderate
20860-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
20553-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
20613-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
20956-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
21094-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
21248-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
19683-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
20788-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
20823-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
20860-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
21308-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
21332-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2025-09-04T00:34:28
<p>Information published.</p>
2.0
2025-12-07T01:36:52
<p>Information published.</p>
4.0
2026-01-20T14:46:53
<p>Information published.</p>
6.0
2026-03-03T14:52:55
<p>Information published.</p>
7.0
2026-03-05T01:41:34
<p>Information published.</p>
8.0
2026-03-31T15:12:03
<p>Information published.</p>
9.0
2026-04-29T14:52:32
<p>Information published.</p>
3.0
2026-01-08T14:50:17
<p>Information published.</p>
5.0
2026-02-19T01:48:36
<p>Information published.</p>
10.0
2026-05-06T14:47:03
<p>Information published.</p>
11.0
2026-05-11T01:45:28
<p>Information published.</p>
12.0
2026-05-17T14:46:32
<p>Information published.</p>
Libsoup: off-by-one out-of-bounds read in find_boundary() in soup-multipart.c
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-4969
Out-of-bounds Read
20186-17086
20190-17084
20379-17086
20186-17086
20190-17084
20379-17086
20186-17086
Moderate
20190-17084
Moderate
20379-17086
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
20186-17086
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
20190-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
20379-17086
CBL-Mariner Releases
20186-17086
20379-17086
No
Security Update
3.0.4-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20186-17086
20379-17086
CBL-Mariner Releases
CBL-Mariner Releases
20190-17084
No
Security Update
3.4.4-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20190-17084
CBL-Mariner Releases
1.0
2025-09-04T00:56:39
<p>Information published.</p>
1.1
2026-02-21T03:03:50
<p>Information published.</p>
fs/ntfs3: Keep write operations atomic
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37806
20412-17084
17087-17086
19683-17084
20553-17084
20412-17084
17087-17086
19683-17084
20553-17084
Moderate
20412-17084
Moderate
17087-17086
19683-17084
Moderate
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
2.0
2025-11-25T01:40:34
<p>Information published.</p>
1.0
2025-09-04T00:57:46
<p>Information published.</p>
ksmbd: fix use-after-free in session logoff
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37899
20412-17084
17087-17086
19683-17084
20553-17084
20412-17084
17087-17086
19683-17084
20553-17084
Moderate
20412-17084
Important
17087-17086
19683-17084
Moderate
20553-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
1.0
2025-09-04T01:01:26
<p>Information published.</p>
2.0
2025-11-21T01:01:58
<p>Information published.</p>
3.0
2025-11-25T01:38:35
<p>Information published.</p>
ksmbd: fix use-after-free in __smb2_lease_break_noti()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37777
19683-17084
20412-17084
17087-17086
19683-17084
20412-17084
17087-17086
19683-17084
Moderate
20412-17084
Important
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
CBL-Mariner Releases
20412-17084
No
Security Update
6.6.104.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20412-17084
CBL-Mariner Releases
1.0
2025-09-04T01:09:02
<p>Information published.</p>
2.0
2025-11-25T01:36:25
<p>Information published.</p>
btrfs: harden block_group::bg_list against list_del() races
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37856
20412-17084
20553-17084
20613-17084
17087-17086
20725-17084
20788-17084
20823-17084
20925-17086
21093-17086
21248-17084
21332-17084
19683-17084
20860-17084
20956-17084
21094-17084
21308-17084
21344-17084
20412-17084
20553-17084
20613-17084
17087-17086
20725-17084
20788-17084
20823-17084
20925-17086
21093-17086
21248-17084
21332-17084
19683-17084
20860-17084
20956-17084
21094-17084
21308-17084
21344-17084
Moderate
20412-17084
Moderate
20553-17084
Moderate
20613-17084
Moderate
17087-17086
Moderate
20725-17084
Moderate
20788-17084
Moderate
20823-17084
Moderate
20925-17086
Moderate
21093-17086
Moderate
21248-17084
Moderate
21332-17084
19683-17084
Moderate
20860-17084
Moderate
20956-17084
Moderate
21094-17084
Moderate
21308-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20613-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
17087-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20725-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20788-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20823-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20925-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21093-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21248-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20860-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20956-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21094-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21308-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2025-09-04T01:23:30
<p>Information published.</p>
2.0
2025-12-07T01:38:37
<p>Information published.</p>
3.0
2026-01-08T14:35:39
<p>Information published.</p>
4.0
2026-01-20T14:48:39
<p>Information published.</p>
6.0
2026-03-03T15:00:12
<p>Information published.</p>
7.0
2026-03-04T14:43:58
<p>Information published.</p>
8.0
2026-03-31T15:15:42
<p>Information published.</p>
9.0
2026-04-29T14:54:02
<p>Information published.</p>
11.0
2026-05-11T01:46:37
<p>Information published.</p>
5.0
2026-02-19T01:49:59
<p>Information published.</p>
10.0
2026-05-06T14:48:16
<p>Information published.</p>
12.0
2026-05-17T14:47:41
<p>Information published.</p>
parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-53154
Out-of-bounds Read
20097-17086
19666-17084
20386-17086
20095-17086
16928-17084
20442-17084
20097-17086
19666-17084
20386-17086
20095-17086
16928-17084
20442-17084
20097-17086
Low
19666-17084
Low
20386-17086
Low
20095-17086
Low
16928-17084
Low
20442-17084
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
20097-17086
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
19666-17084
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
20386-17086
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
20095-17086
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
16928-17084
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
20442-17084
CBL-Mariner Releases
20097-17086
20386-17086
No
Security Update
3.0.4-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20097-17086
20386-17086
CBL-Mariner Releases
CBL-Mariner Releases
20442-17084
No
Security Update
3.1.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20442-17084
CBL-Mariner Releases
1.0
2025-09-04T01:32:31
<p>Information published.</p>
1.1
2026-02-21T03:12:29
<p>Information published.</p>
iio: light: opt3001: fix deadlock due to concurrent flag access
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37968
19529-17084
17087-17086
19529-17084
17087-17086
Moderate
19529-17084
Moderate
17087-17086
7.0
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
2.0
2025-12-18T01:01:29
<p>Information published.</p>
3.0
2026-01-13T01:38:32
<p>Information published.</p>
3.1
2026-02-18T01:38:24
<p>Information published.</p>
1.0
2025-09-04T01:26:58
<p>Information published.</p>
usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37882
20412-17084
20613-17084
17087-17086
20725-17084
20788-17084
20823-17084
20860-17084
20925-17086
20956-17084
21094-17084
21093-17086
21248-17084
21332-17084
19683-17084
20553-17084
21308-17084
21344-17084
20412-17084
20613-17084
17087-17086
20725-17084
20788-17084
20823-17084
20860-17084
20925-17086
20956-17084
21094-17084
21093-17086
21248-17084
21332-17084
19683-17084
20553-17084
21308-17084
21344-17084
Moderate
20412-17084
Moderate
20613-17084
Important
17087-17086
Moderate
20725-17084
Moderate
20788-17084
Moderate
20823-17084
Moderate
20860-17084
Important
20925-17086
Moderate
20956-17084
Moderate
21094-17084
Important
21093-17086
Moderate
21248-17084
Moderate
21332-17084
19683-17084
Moderate
20553-17084
Moderate
21308-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20956-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21094-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2025-09-04T01:40:47
<p>Information published.</p>
2.0
2025-12-07T01:38:47
<p>Information published.</p>
5.0
2026-02-19T01:50:08
<p>Information published.</p>
6.0
2026-03-03T15:01:33
<p>Information published.</p>
7.0
2026-03-04T14:44:05
<p>Information published.</p>
9.0
2026-04-29T14:54:15
<p>Information published.</p>
11.0
2026-05-11T01:46:46
<p>Information published.</p>
3.0
2026-01-08T14:35:49
<p>Information published.</p>
4.0
2026-01-20T14:48:50
<p>Information published.</p>
8.0
2026-03-31T15:16:04
<p>Information published.</p>
10.0
2026-05-06T14:48:25
<p>Information published.</p>
12.0
2026-05-11T14:44:37
<p>Information published.</p>
13.0
2026-05-17T14:47:48
<p>Information published.</p>
riscv: uprobes: Add missing fence.i after building the XOL buffer
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37822
19683-17084
20613-17084
17087-17086
20725-17084
20788-17084
20823-17084
20860-17084
20925-17086
21093-17086
20412-17084
20553-17084
19683-17084
20613-17084
17087-17086
20725-17084
20788-17084
20823-17084
20860-17084
20925-17086
21093-17086
20412-17084
20553-17084
19683-17084
Moderate
20613-17084
Important
17087-17086
Moderate
20725-17084
Moderate
20788-17084
Moderate
20823-17084
Moderate
20860-17084
Important
20925-17086
Important
21093-17086
Moderate
20412-17084
Moderate
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20925-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
1.0
2025-09-04T01:43:52
<p>Information published.</p>
2.0
2025-12-07T01:38:57
<p>Information published.</p>
3.0
2026-01-08T14:35:59
<p>Information published.</p>
4.0
2026-01-20T14:49:00
<p>Information published.</p>
5.0
2026-02-19T01:50:17
<p>Information published.</p>
6.0
2026-03-03T14:54:54
<p>Information published.</p>
7.0
2026-03-31T15:09:18
<p>Information published.</p>
net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37833
19529-17084
17087-17086
19529-17084
17087-17086
Moderate
19529-17084
Moderate
17087-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-09-04T02:27:01
<p>Information published.</p>
2.0
2025-11-25T01:36:31
<p>Information published.</p>
2.1
2026-02-18T01:48:32
<p>Information published.</p>
hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2025-44905
Heap-based Buffer Overflow
17741-17084
19980-17086
17336-17086
20762-17086
20755-17084
17741-17084
19980-17086
17336-17086
20762-17086
20755-17084
Moderate
17741-17084
19980-17086
Moderate
17336-17086
Moderate
20762-17086
Moderate
20755-17084
7.3
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
17741-17084
7.3
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
19980-17086
7.3
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
17336-17086
7.3
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
20762-17086
7.3
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
20755-17084
CBL-Mariner Releases
17741-17084
17336-17086
20762-17086
20755-17084
No
Security Update
1.14.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17741-17084
17336-17086
20762-17086
20755-17084
CBL-Mariner Releases
1.0
2025-09-04T04:59:10
<p>Information published.</p>
2.0
2025-12-16T01:36:20
<p>Information published.</p>
3.0
2025-12-20T01:36:49
<p>Information published.</p>
4.0
2026-01-02T14:36:41
<p>Information published.</p>
5.0
2026-01-08T14:44:50
<p>Information published.</p>
spi: fsl-qspi: use devm function instead of driver remove
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37842
19529-17084
17087-17086
21093-17086
20925-17086
19529-17084
17087-17086
21093-17086
20925-17086
Moderate
19529-17084
Moderate
17087-17086
Moderate
21093-17086
Moderate
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
2.0
2025-11-19T01:01:42
<p>Information published.</p>
4.0
2026-03-31T14:48:08
<p>Information published.</p>
1.0
2025-09-04T05:46:32
<p>Information published.</p>
2.1
2026-02-19T01:42:53
<p>Information published.</p>
3.0
2026-03-03T14:38:28
<p>Information published.</p>
bpf: Prevent bpf program recursion for raw tracepoint probes
Mariner
Linux
Yes
CVE-2022-49764
20925-17086
17087-17086
21093-17086
20925-17086
17087-17086
21093-17086
Moderate
20925-17086
Moderate
17087-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2025-11-08T01:08:05
<p>Information published.</p>
2.0
2026-03-03T14:53:29
<p>Information published.</p>
3.0
2026-03-31T15:07:27
<p>Information published.</p>
netdevsim: Fix memory leak of nsim_dev->fa_cookie
Mariner
Linux
Yes
CVE-2022-49803
Missing Release of Memory after Effective Lifetime
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
2.0
2026-03-03T14:54:37
<p>Information published.</p>
3.0
2026-03-31T15:08:53
<p>Information published.</p>
1.0
2025-11-09T01:01:29
<p>Information published.</p>
netfs: Fix missing xas_retry() calls in xarray iteration
Mariner
Linux
Yes
CVE-2022-49810
NULL Pointer Dereference
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
2.0
2025-11-25T01:40:01
<p>Information published.</p>
1.0
2025-11-09T01:01:35
<p>Information published.</p>
scsi: mpi3mr: Bad drive in topology results kernel crash
Mariner
Linux
Yes
CVE-2023-53037
Use After Free
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
Moderate
20925-17086
Moderate
21093-17086
Moderate
17087-17086
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20925-17086
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
21093-17086
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-11-14T01:03:24
<p>Information published.</p>
2.0
2026-03-03T14:58:26
<p>Information published.</p>
3.0
2026-03-31T14:38:16
<p>Information published.</p>
net: usb: lan78xx: Limit packet length to skb->len
Mariner
Linux
Yes
CVE-2023-53068
Missing Release of Memory after Effective Lifetime
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
2.0
2026-03-03T14:59:01
<p>Information published.</p>
3.0
2026-03-31T14:39:01
<p>Information published.</p>
1.0
2025-11-14T01:03:35
<p>Information published.</p>
net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY
Mariner
Linux
Yes
CVE-2025-37945
NULL Pointer Dereference
17087-17086
20725-17084
20788-17084
20823-17084
21093-17086
20668-17084
20613-17084
20860-17084
20925-17086
17087-17086
20725-17084
20788-17084
20823-17084
21093-17086
20668-17084
20613-17084
20860-17084
20925-17086
Moderate
17087-17086
Moderate
20725-17084
Moderate
20788-17084
Moderate
20823-17084
Moderate
21093-17086
Moderate
20668-17084
Moderate
20613-17084
Moderate
20860-17084
Moderate
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20725-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20788-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20668-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20613-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
1.0
2025-11-18T01:01:28
<p>Information published.</p>
2.0
2025-11-18T14:35:29
<p>Information published.</p>
3.0
2025-11-19T01:02:13
<p>Information published.</p>
5.0
2026-01-08T14:39:31
<p>Information published.</p>
6.0
2026-01-20T14:50:22
<p>Information published.</p>
8.0
2026-02-27T14:36:31
<p>Information published.</p>
9.0
2026-03-03T14:39:56
<p>Information published.</p>
10.0
2026-03-31T14:50:00
<p>Information published.</p>
4.0
2025-12-07T01:36:32
<p>Information published.</p>
7.0
2026-02-18T14:24:55
<p>Information published.</p>
The x509 application adds trusted use instead of rejected use
Mariner
openssl
Yes
CVE-2025-4575
Improper Certificate Validation
20744-17084
20822-17084
20864-17084
20865-17084
20744-17084
20822-17084
20864-17084
20865-17084
Moderate
20744-17084
Moderate
20822-17084
Moderate
20864-17084
Moderate
20865-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
20744-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
20822-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
20864-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
20865-17084
2.0
2026-02-18T15:04:44
<p>Information published.</p>
1.0
2026-01-21T01:06:08
<p>Information published.</p>
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
hackerone
Yes
CVE-2025-23167
19904-17084
19445-17084
19787-17086
19774-17086
20056-17086
20733-17084
21111-17084
21130-17086
21251-17084
20367-17086
20686-17086
20866-17084
20894-17086
19904-17084
19445-17084
19787-17086
19774-17086
20056-17086
20733-17084
21111-17084
21130-17086
21251-17084
20367-17086
20686-17086
20866-17084
20894-17086
Moderate
19904-17084
Moderate
19445-17084
Moderate
19787-17086
Moderate
19774-17086
20056-17086
Moderate
20733-17084
Moderate
21111-17084
Moderate
21130-17086
Moderate
21251-17084
Moderate
20367-17086
Moderate
20686-17086
Moderate
20866-17084
Moderate
20894-17086
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
19904-17084
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
19445-17084
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
19787-17086
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
19774-17086
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
20056-17086
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
20733-17084
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
21111-17084
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
21130-17086
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
21251-17084
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
20367-17086
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
20686-17086
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
20866-17084
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
20894-17086
CBL-Mariner Releases
19445-17084
19787-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19445-17084
19787-17086
CBL-Mariner Releases
2.0
2025-12-06T14:36:47
<p>Information published.</p>
3.0
2025-12-07T01:45:31
<p>Information published.</p>
4.0
2026-02-21T02:58:36
<p>Information published.</p>
6.0
2026-04-29T14:46:40
<p>Information published.</p>
1.0
2025-09-04T00:32:59
<p>Information published.</p>
5.0
2026-03-31T14:54:23
<p>Information published.</p>
yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2024-22653
NULL Pointer Dereference
19525-17084
20202-17086
19525-17084
20202-17086
Moderate
19525-17084
Moderate
20202-17086
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
19525-17084
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
20202-17086
CBL-Mariner Releases
19525-17084
20202-17086
No
Security Update
1.3.0-17
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19525-17084
20202-17086
CBL-Mariner Releases
1.1
2026-02-18T02:35:35
<p>Information published.</p>
1.0
2025-08-06T00:00:00
<p>Information published.</p>
ping in iputils before 20250602 allows a denial of service
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2025-47268
20284-17084
20282-17086
20284-17084
20282-17086
Moderate
20284-17084
Moderate
20282-17086
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
20284-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
20282-17086
CBL-Mariner Releases
20284-17084
No
Security Update
20240117-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20284-17084
CBL-Mariner Releases
CBL-Mariner Releases
20282-17086
No
Security Update
20211215-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20282-17086
CBL-Mariner Releases
1.0
2025-08-06T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:15:14
<p>Information published.</p>
bpf: track changes_pkt_data property for global functions
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58098
19529-17084
17087-17086
21093-17086
19734-17084
20925-17086
19529-17084
17087-17086
21093-17086
19734-17084
20925-17086
Moderate
19529-17084
Moderate
17087-17086
Moderate
21093-17086
Moderate
19734-17084
Moderate
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:44:57
<p>Information published.</p>
3.0
2026-03-31T15:10:48
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2026-03-03T14:56:02
<p>Information published.</p>
bpf: check changes_pkt_data property for extension programs
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58100
19529-17084
17087-17086
21093-17086
19734-17084
20925-17086
19529-17084
17087-17086
21093-17086
19734-17084
20925-17086
Moderate
19529-17084
Moderate
17087-17086
Moderate
21093-17086
Moderate
19734-17084
Moderate
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2026-03-03T14:56:18
<p>Information published.</p>
1.1
2026-02-18T14:27:54
<p>Information published.</p>
3.0
2026-03-31T15:11:12
<p>Information published.</p>
bpf: consider that tail calls invalidate packet pointers
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58237
19529-17084
19734-17084
17087-17086
20925-17086
21093-17086
19529-17084
19734-17084
17087-17086
20925-17086
21093-17086
Moderate
19529-17084
Moderate
19734-17084
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
2.0
2026-03-03T14:56:35
<p>Information published.</p>
3.0
2026-03-31T15:11:32
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-21T03:52:43
<p>Information published.</p>
misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-23140
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:53:01
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-23141
19529-17084
20925-17086
19734-17084
17087-17086
21093-17086
19529-17084
20925-17086
19734-17084
17087-17086
21093-17086
Moderate
19529-17084
Moderate
20925-17086
Moderate
19734-17084
Moderate
17087-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:47:51
<p>Information published.</p>
2.0
2026-03-03T14:52:21
<p>Information published.</p>
3.0
2026-03-31T15:06:05
<p>Information published.</p>
sctp: detect and prevent references to a freed transport in sendmsg
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-23142
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:23:20
<p>Information published.</p>
mfd: ene-kb3930: Fix a potential NULL pointer dereference
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-23146
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-21T03:50:21
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
i3c: Add NULL pointer check in i3c_master_queue_ibi()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-23147
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T14:07:25
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-23148
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-21T03:57:10
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
media: venus: hfi_parser: add check to avoid out of bound access
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-23157
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:46:33
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
media: venus: hfi: add check to handle incorrect queue size
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-23158
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:37:42
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
media: venus: hfi: add a check to handle OOB in sfr region
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-23159
Out-of-bounds Write
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:29:16
<p>Information published.</p>
redis-check-aof may lead to stack overflow and potential RCE
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-27151
Improper Input Validation
19592-17084
19592-17084
Moderate
19592-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
19592-17084
CBL-Mariner Releases
19592-17084
No
Security Update
8.0.3-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19592-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
ext4: ignore xattrs past end
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37738
19529-17084
19734-17084
19529-17084
19734-17084
Important
19529-17084
Important
19734-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-21T03:55:24
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37739
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:44:14
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
jfs: Fix uninit-value access of imap allocated in the diMount() function
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37742
Use of Uninitialized Resource
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:58:14
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
net: ppp: Add bound checking for skb data on ppp_sync_txmung
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37749
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:14:29
<p>Information published.</p>
drm/i915/huc: Fix fence not released on early probe errors
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37754
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:31:29
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
tipc: fix memory leak in tipc_link_xmit
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37757
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T03:03:14
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37758
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T03:00:33
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
drm/amd/pm: Prevent division by zero
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37766
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:22:26
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
drm/amd/pm: Prevent division by zero
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37768
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:32:09
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
drm/amd/pm/smu11: Prevent division by zero
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37769
Divide By Zero
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:32:46
<p>Information published.</p>
drm/amd/pm: Prevent division by zero
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37770
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:35:07
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
drm/amd/pm: Prevent division by zero
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37771
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:36:26
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
ksmbd: fix the warning from __kernel_write_iter
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37775
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:17:17
<p>Information published.</p>
ksmbd: fix use-after-free in smb_break_all_levII_oplock()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37776
19529-17084
19734-17084
17087-17086
19529-17084
19734-17084
17087-17086
Moderate
19529-17084
Moderate
19734-17084
Important
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2025-11-25T01:36:20
<p>Information published.</p>
2.1
2026-02-18T02:11:06
<p>Information published.</p>
isofs: Prevent the use of too small fid
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37780
19529-17084
19734-17084
19529-17084
19734-17084
Important
19529-17084
Important
19734-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:59:10
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
net: dsa: free routing table on probe failure
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37786
19529-17084
19734-17084
17087-17086
20925-17086
21093-17086
19529-17084
19734-17084
17087-17086
20925-17086
21093-17086
Moderate
19529-17084
Moderate
19734-17084
Important
17087-17086
Important
20925-17086
Important
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20925-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21093-17086
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
2.0
2026-03-03T14:49:25
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:24:01
<p>Information published.</p>
3.0
2026-03-31T15:02:50
<p>Information published.</p>
cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37788
19529-17084
19734-17084
19529-17084
19734-17084
Low
19529-17084
Low
19734-17084
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T14:30:54
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
net: mctp: Set SOCK_RCU_FREE
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37790
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T14:24:55
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
Bluetooth: btrtl: Prevent potential NULL dereference
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37792
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:20:02
<p>Information published.</p>
ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37793
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:29:11
<p>Information published.</p>
wifi: at76c50x: fix use after free access in at76_disconnect
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37796
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:11:59
<p>Information published.</p>
net_sched: hfsc: Fix a UAF vulnerability in class handling
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37797
19529-17084
19734-17084
19529-17084
19734-17084
Important
19529-17084
Important
19734-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:06:29
<p>Information published.</p>
codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37798
19529-17084
19734-17084
17087-17086
19529-17084
19734-17084
17087-17086
Moderate
19529-17084
Moderate
19734-17084
Important
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:14:34
<p>Information published.</p>
2.0
2026-02-24T14:35:47
<p>Information published.</p>
driver core: fix potential NULL pointer dereference in dev_uevent()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37800
19529-17084
19734-17084
17087-17086
21093-17086
20925-17086
19529-17084
19734-17084
17087-17086
21093-17086
20925-17086
Moderate
19529-17084
Moderate
19734-17084
Moderate
17087-17086
Moderate
21093-17086
Moderate
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
CBL-Mariner Releases
17087-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
3.0
2026-03-31T15:18:56
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:49:13
<p>Information published.</p>
2.0
2026-03-03T14:37:40
<p>Information published.</p>
udmabuf: fix a buf size overflow issue during udmabuf creation
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37803
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:56:38
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
sound/virtio: Fix cancel_sync warnings on uninitialized work_structs
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37805
Allocation of Resources Without Limits or Throttling
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:43:41
<p>Information published.</p>
usb: cdns3: Fix deadlock when using NCM gadget
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37812
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T01:55:20
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
mcb: fix a double free bug in chameleon_parse_gdd()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37817
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:26:38
<p>Information published.</p>
LoongArch: Return NULL from huge_pte_offset() for invalid PMD
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37818
NULL Pointer Dereference
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:27:18
<p>Information published.</p>
tipc: fix NULL pointer dereference in tipc_mon_reinit_self()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37824
NULL Pointer Dereference
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-21T03:58:05
<p>Information published.</p>
scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37828
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:08:50
<p>Information published.</p>
cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37829
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T14:09:18
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
PCI: Fix reference leak in pci_register_host_bridge()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37836
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:15:51
<p>Information published.</p>
mtd: rawnand: brcmnand: fix PM resume warning
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37840
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:55:43
<p>Information published.</p>
cifs: avoid NULL pointer dereference in dbg call
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37844
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:08:39
<p>Information published.</p>
KVM: arm64: Tear down vGIC on failed vCPU creation
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37849
Use After Free
19529-17084
17087-17086
20925-17086
21093-17086
19734-17084
19529-17084
17087-17086
20925-17086
21093-17086
19734-17084
Moderate
19529-17084
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
Moderate
19734-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2025-11-19T01:01:47
<p>Information published.</p>
2.1
2026-02-21T03:46:34
<p>Information published.</p>
3.0
2026-03-03T14:38:47
<p>Information published.</p>
4.0
2026-03-31T14:48:32
<p>Information published.</p>
drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37852
19529-17084
17087-17086
20925-17086
21093-17086
19734-17084
19529-17084
17087-17086
20925-17086
21093-17086
19734-17084
Moderate
19529-17084
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2025-11-19T01:01:52
<p>Information published.</p>
2.1
2026-02-18T14:07:58
<p>Information published.</p>
4.0
2026-03-31T14:48:56
<p>Information published.</p>
3.0
2026-03-03T14:39:04
<p>Information published.</p>
drm/amdkfd: Fix mode1 reset crash issue
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37854
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:35:47
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
scsi: st: Fix array overflow in st_setup()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37857
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:43:07
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
fs/jfs: Prevent integer overflow in AG size calculation
https://nvd.nist.gov/vuln/detail/CVE-2025-37858
https://nvd.nist.gov/vuln/detail/CVE-2025-37858
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37858
12356
12357
19734-17084
12356
12357
19734-17084
12356
12357
Important
19734-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
kernel
12356
kernel-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
python3-perf-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
bpftool-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.6.92.2-1
https://nvd.nist.gov/vuln/detail/CVE-2025-37858
12356
kernel
kernel
12357
kernel-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
python3-perf-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
bpftool-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.6.92.2-1
https://nvd.nist.gov/vuln/detail/CVE-2025-37858
12357
kernel
CBL-Mariner Releases
19734-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19734-17084
CBL-Mariner Releases
1.1
2026-02-21T03:41:03
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
page_pool: avoid infinite loop to schedule delayed worker
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37859
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:16:48
<p>Information published.</p>
net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37865
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T14:15:26
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
RDMA/core: Silence oversized kvmalloc() warning
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37867
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:38:52
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
net: ngbe: fix memory leak in ngbe_probe() error path
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37874
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:00:13
<p>Information published.</p>
perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37878
19529-17084
20925-17086
21093-17086
19734-17084
17087-17086
19529-17084
20925-17086
21093-17086
19734-17084
17087-17086
Moderate
19529-17084
Moderate
20925-17086
Moderate
21093-17086
Moderate
19734-17084
Moderate
17087-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20925-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21093-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
19734-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
17087-17086
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2026-03-03T15:01:04
<p>Information published.</p>
3.0
2026-03-31T14:40:41
<p>Information published.</p>
1.1
2026-02-18T01:57:50
<p>Information published.</p>
9p/net: fix improper handling of bogus negative read/write replies
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37879
Out-of-bounds Read
19529-17084
19734-17084
17087-17086
20925-17086
21093-17086
19529-17084
19734-17084
17087-17086
20925-17086
21093-17086
Moderate
19529-17084
Moderate
19734-17084
Important
17087-17086
Important
20925-17086
Important
21093-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17087-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20925-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
21093-17086
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T14:33:04
<p>Information published.</p>
3.0
2026-03-31T14:41:07
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2026-03-03T15:01:19
<p>Information published.</p>
usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37881
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:41:23
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
s390/sclp: Add check for get_zeroed_page()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37883
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:13:21
<p>Information published.</p>
pds_core: make wait_context part of q_info
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37886
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:51:58
<p>Information published.</p>
pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37887
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T14:11:03
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37890
Use After Free
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T14:32:35
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
ALSA: ump: Fix buffer overflow at UMP SysEx message conversion
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37891
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:55:14
<p>Information published.</p>
wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37897
19529-17084
19734-17084
19529-17084
19734-17084
Important
19529-17084
Important
19734-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T14:31:17
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37901
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T14:29:39
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
drm/amd/display: Fix slab-use-after-free in hdcp
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37903
19529-17084
19734-17084
17087-17086
20925-17086
21093-17086
19529-17084
19734-17084
17087-17086
20925-17086
21093-17086
Moderate
19529-17084
Moderate
19734-17084
Important
17087-17086
Important
20925-17086
Important
21093-17086
5.8
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
19734-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20925-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21093-17086
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2025-11-19T01:02:02
<p>Information published.</p>
3.0
2026-03-03T14:39:37
<p>Information published.</p>
4.0
2026-03-31T14:49:40
<p>Information published.</p>
2.1
2026-02-18T14:30:34
<p>Information published.</p>
bnxt_en: Fix out-of-bound memcpy() during ethtool -w
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37911
Out-of-bounds Read
19529-17084
19734-17084
19529-17084
19734-17084
Important
19529-17084
Important
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:02:27
<p>Information published.</p>
net_sched: qfq: Fix double list add in class with netem as child qdisc
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37913
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
6.3
6.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-21T03:44:19
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
net_sched: ets: Fix double list add in class with netem as child qdisc
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37914
19529-17084
19734-17084
19529-17084
19734-17084
Important
19529-17084
Important
19734-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:01:21
<p>Information published.</p>
pds_core: remove write-after-free of client_id
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37916
Use After Free
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19529-17084
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:25:59
<p>Information published.</p>
Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37918
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-21T03:59:03
<p>Information published.</p>
vxlan: vnifilter: Fix unlocked deletion of default FDB entry
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37921
19529-17084
19734-17084
19529-17084
19734-17084
Important
19529-17084
Important
19734-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T03:02:47
<p>Information published.</p>
book3s64/radix : Align section vmemmap start address to PAGE_SIZE
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37922
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T14:03:52
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37927
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:22:05
<p>Information published.</p>
drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37930
19529-17084
19734-17084
19529-17084
19734-17084
Low
19529-17084
Low
19734-17084
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:18:20
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
sch_htb: make htb_qlen_notify() idempotent
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37932
19529-17084
19734-17084
17087-17086
19529-17084
19734-17084
17087-17086
Low
19529-17084
Low
19734-17084
Moderate
17087-17086
2.5
2.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
2.0
2025-12-21T01:01:28
<p>Information published.</p>
3.1
2026-02-18T02:40:45
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
3.0
2025-12-23T01:36:40
<p>Information published.</p>
4.0
2026-02-24T14:38:05
<p>Information published.</p>
octeon_ep: Fix host hang issue during device reboot
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37933
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.6
5.6
CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:54:46
<p>Information published.</p>
tracing: Verify event formats that have "%*p.."
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37938
19529-17084
19734-17084
17087-17086
20925-17086
21093-17086
19529-17084
19734-17084
17087-17086
20925-17086
21093-17086
Important
19529-17084
Important
19734-17084
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
7.8
7.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
2.0
2025-12-21T01:01:33
<p>Information published.</p>
3.1
2026-02-18T02:50:58
<p>Information published.</p>
4.0
2026-03-03T14:46:56
<p>Information published.</p>
5.0
2026-03-31T14:57:54
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
3.0
2025-12-23T01:36:45
<p>Information published.</p>
ftrace: Add cond_resched() to ftrace_graph_set_hash()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37940
Improper Locking
19529-17084
19734-17084
19529-17084
19734-17084
Important
19529-17084
Important
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T03:02:21
<p>Information published.</p>
wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process
https://nvd.nist.gov/vuln/detail/CVE-2025-37944
https://nvd.nist.gov/vuln/detail/CVE-2025-37944
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37944
Out-of-bounds Write
12356
12357
19734-17084
12356
12357
19734-17084
12356
12357
Important
19734-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12356
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12357
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
kernel
12356
kernel-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
python3-perf-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
bpftool-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.6.92.2-1
https://nvd.nist.gov/vuln/detail/CVE-2025-37944
12356
kernel
kernel
12357
kernel-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
python3-perf-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
bpftool-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.6.92.2-1
https://nvd.nist.gov/vuln/detail/CVE-2025-37944
12357
kernel
CBL-Mariner Releases
19734-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T03:04:11
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37948
19529-17084
19734-17084
19529-17084
19734-17084
Important
19529-17084
Important
19734-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:18:40
<p>Information published.</p>
drm/v3d: Add job to pending list if the reset was skipped
https://nvd.nist.gov/vuln/detail/CVE-2025-37951
https://nvd.nist.gov/vuln/detail/CVE-2025-37951
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37951
12356
12357
19734-17084
17087-17086
12356
12357
19734-17084
17087-17086
12356
12357
Moderate
19734-17084
Moderate
17087-17086
7.0
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
kernel
12356
kernel-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
python3-perf-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
bpftool-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.6.92.2-1
https://nvd.nist.gov/vuln/detail/CVE-2025-37951
12356
kernel
kernel
12357
kernel-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
python3-perf-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
bpftool-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.6.92.2-1
https://nvd.nist.gov/vuln/detail/CVE-2025-37951
12357
kernel
CBL-Mariner Releases
19734-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19734-17084
CBL-Mariner Releases
2.0
2025-12-19T01:01:20
<p>Information published.</p>
3.0
2026-01-13T01:40:02
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
3.1
2026-02-18T01:54:15
<p>Information published.</p>
ksmbd: Fix UAF in __close_file_table_ids
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37952
19529-17084
19734-17084
17087-17086
19529-17084
19734-17084
17087-17086
Moderate
19529-17084
Moderate
19734-17084
Important
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
2.0
2025-11-19T01:02:18
<p>Information published.</p>
3.0
2025-11-25T01:37:25
<p>Information published.</p>
3.1
2026-02-18T14:04:27
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37957
19529-17084
17087-17086
20925-17086
21093-17086
19734-17084
19529-17084
17087-17086
20925-17086
21093-17086
19734-17084
Moderate
19529-17084
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2026-03-03T15:03:20
<p>Information published.</p>
3.0
2026-03-31T14:43:34
<p>Information published.</p>
1.1
2026-02-18T02:34:28
<p>Information published.</p>
mm/huge_memory: fix dereferencing invalid pmd migration entry
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37958
17085-17084
19880-17084
17085-17084
19880-17084
Moderate
17085-17084
Moderate
19880-17084
7.0
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
19880-17084
CBL-Mariner Releases
17085-17084
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17085-17084
19880-17084
CBL-Mariner Releases
1.1
2026-02-18T01:44:59
<p>Information published.</p>
1.0
2025-08-06T00:00:00
<p>Information published.</p>
usb: typec: ucsi: displayport: Fix deadlock
https://nvd.nist.gov/vuln/detail/CVE-2025-37967
https://nvd.nist.gov/vuln/detail/CVE-2025-37967
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37967
12356
12357
19734-17084
12356
12357
19734-17084
12356
12357
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
kernel
12356
kernel-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
python3-perf-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
bpftool-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.6.92.2-1
https://nvd.nist.gov/vuln/detail/CVE-2025-37967
12356
kernel
kernel
12357
kernel-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
python3-perf-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
bpftool-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.6.92.2-1
https://nvd.nist.gov/vuln/detail/CVE-2025-37967
12357
kernel
CBL-Mariner Releases
19734-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:24:15
<p>Information published.</p>
iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37969
19529-17084
19734-17084
19529-17084
19734-17084
Important
19529-17084
Important
19734-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T14:05:59
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37970
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:26:27
<p>Information published.</p>
Input: mtk-pmic-keys - fix possible null pointer dereference
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37972
NULL Pointer Dereference
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:50:37
<p>Information published.</p>
ASoC: qcom: Fix sc7280 lpass potential buffer overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37979
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:38:19
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
block: fix resource leak in blk_register_queue() error path
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37980
Missing Release of Memory after Effective Lifetime
19529-17084
19734-17084
20925-17086
21093-17086
17087-17086
19529-17084
19734-17084
20925-17086
21093-17086
17087-17086
Moderate
19529-17084
Moderate
19734-17084
Moderate
20925-17086
Moderate
21093-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
4.0
2026-03-31T14:43:58
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2025-11-18T01:38:07
<p>Information published.</p>
2.1
2026-02-18T14:25:32
<p>Information published.</p>
3.0
2026-03-03T15:03:35
<p>Information published.</p>
wifi: wl1251: fix memory leak in wl1251_tx_work
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37982
19529-17084
19734-17084
19529-17084
19734-17084
Important
19529-17084
Important
19734-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:04:26
<p>Information published.</p>
pds_core: Prevent possible adminq overflow/stuck condition
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37987
19880-17084
19880-17084
Important
19880-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19880-17084
CBL-Mariner Releases
19880-17084
No
Security Update
6.6.96.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19880-17084
CBL-Mariner Releases
1.1
2026-02-19T01:51:31
<p>Information published.</p>
1.0
2025-08-06T00:00:00
<p>Information published.</p>
fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37988
19529-17084
19734-17084
19529-17084
19734-17084
Important
19529-17084
Important
19734-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T02:45:59
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
net: phy: leds: fix memory leak
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37989
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T14:05:32
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37990
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T14:22:31
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
usb: typec: ucsi: displayport: Fix NULL pointer access
https://nvd.nist.gov/vuln/detail/CVE-2025-37994
https://nvd.nist.gov/vuln/detail/CVE-2025-37994
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37994
12356
12357
19734-17084
12356
12357
19734-17084
12356
12357
Important
19734-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
kernel
12356
kernel-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
python3-perf-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
bpftool-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-6.6.92.2-1.azl3.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.6.92.2-1
https://nvd.nist.gov/vuln/detail/CVE-2025-37994
12356
kernel
kernel
12357
kernel-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
python3-perf-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
bpftool-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-6.6.92.2-1.azl3.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.6.92.2-1
https://nvd.nist.gov/vuln/detail/CVE-2025-37994
12357
kernel
CBL-Mariner Releases
19734-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T14:28:50
<p>Information published.</p>
module: ensure that kobject_put() is safe for module type kobjects
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37995
Access of Uninitialized Pointer
19529-17084
19734-17084
19529-17084
19734-17084
Important
19529-17084
Important
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:25:01
<p>Information published.</p>
openvswitch: Fix unsafe attribute parsing in output_userspace()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37998
19529-17084
19734-17084
19529-17084
19734-17084
Moderate
19529-17084
Moderate
19734-17084
4.5
4.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
19734-17084
CBL-Mariner Releases
19529-17084
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
19734-17084
CBL-Mariner Releases
1.1
2026-02-18T03:00:07
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
Perl threads have a working directory race condition where file operations may target unintended paths
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
CPANSec
Yes
CVE-2025-40909
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
19554-16823
20310-17086
20313-17084
19554-16823
20310-17086
20313-17084
Moderate
19554-16823
Moderate
20310-17086
Moderate
20313-17084
5.9
5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19554-16823
5.9
5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
20310-17086
5.9
5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
20313-17084
CBL-Mariner Releases
19554-16823
20310-17086
No
Security Update
5.34.1-491
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19554-16823
20310-17086
CBL-Mariner Releases
CBL-Mariner Releases
20313-17084
No
Security Update
5.38.2-509
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20313-17084
CBL-Mariner Releases
1.0
2025-07-29T00:00:00
<p>Information published.</p>
1.1
2026-02-21T03:26:37
<p>Information published.</p>
Libsoup: null pointer dereference in libsoup may lead to denial of service
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-4476
NULL Pointer Dereference
19551-16823
19596-17084
20186-17086
19551-16823
19596-17084
20186-17086
Moderate
19551-16823
Moderate
19596-17084
Moderate
20186-17086
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
19551-16823
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
19596-17084
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
20186-17086
CBL-Mariner Releases
19551-16823
20186-17086
No
Security Update
3.0.4-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19551-16823
20186-17086
CBL-Mariner Releases
CBL-Mariner Releases
19596-17084
No
Security Update
3.4.4-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19596-17084
CBL-Mariner Releases
1.1
2026-02-21T02:55:48
<p>Information published.</p>
1.0
2025-07-11T00:00:00
<p>Information published.</p>
Use-after-free in "unicode_escape" decoder with error handler
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
PSF
Yes
CVE-2025-4516
Use After Free
19533-16823
19601-17084
19681-17086
17667-17084
19533-16823
19601-17084
19681-17086
17667-17084
Moderate
19533-16823
Moderate
19601-17084
Moderate
19681-17086
Moderate
17667-17084
CBL-Mariner Releases
19533-16823
19681-17086
No
Security Update
3.9.19-14
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19533-16823
19681-17086
CBL-Mariner Releases
CBL-Mariner Releases
19601-17084
No
Security Update
3.12.9-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19601-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.1
2026-02-21T02:51:37
<p>Information published.</p>
2.0
2025-07-18T00:00:00
<p>Added python3 to CBL-Mariner 2.0
Added python3 to Azure Linux 3.0</p>
Crossbeam-channel: crossbeam-channel vulnerable to double free on drop
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-4574
Double Free
19603-17084
20254-17084
20421-17084
20824-17084
21129-17084
21252-17084
20257-17084
20258-17086
20259-17084
20971-17084
19603-17084
20254-17084
20421-17084
20824-17084
21129-17084
21252-17084
20257-17084
20258-17086
20259-17084
20971-17084
Moderate
19603-17084
20254-17084
Moderate
20421-17084
Moderate
20824-17084
Moderate
21129-17084
Moderate
21252-17084
Moderate
20257-17084
Moderate
20258-17086
Moderate
20259-17084
Moderate
20971-17084
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
19603-17084
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
20254-17084
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
20421-17084
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
20824-17084
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
21129-17084
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
21252-17084
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
20257-17084
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
20258-17086
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
20259-17084
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
20971-17084
CBL-Mariner Releases
19603-17084
No
Security Update
1.75.0-16
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19603-17084
CBL-Mariner Releases
CBL-Mariner Releases
20257-17084
No
Security Update
1.86.0-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20257-17084
CBL-Mariner Releases
CBL-Mariner Releases
20258-17086
No
Security Update
1.0.2-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20258-17086
CBL-Mariner Releases
CBL-Mariner Releases
20259-17084
No
Security Update
3.18.0.kata0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20259-17084
CBL-Mariner Releases
1.0
2025-07-10T00:00:00
<p>Information published.</p>
3.0
2026-01-20T14:40:10
<p>Information published.</p>
3.1
2026-02-21T02:48:25
<p>Information published.</p>
4.0
2026-03-04T14:39:52
<p>Information published.</p>
5.0
2026-03-31T14:53:45
<p>Information published.</p>
6.0
2026-04-29T14:46:22
<p>Information published.</p>
2.0
2025-08-06T00:00:00
<p>Added kata-containers to Azure Linux 3.0
Added rust to Azure Linux 3.0
Added azl-compliance to CBL-Mariner 2.0</p>
OPA server Data API HTTP path injection of Rego
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-46569
Incorrect Authorization
19604-17084
19604-17084
Important
19604-17084
CBL-Mariner Releases
19604-17084
No
Security Update
0.63.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19604-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
undici Denial of Service attack via bad certificate data
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-47279
Missing Release of Memory after Effective Lifetime
19608-17084
19873-17086
19904-17084
19608-17084
19873-17086
19904-17084
Low
19608-17084
Low
19873-17086
Low
19904-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
19608-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
19873-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
19904-17084
CBL-Mariner Releases
19608-17084
19904-17084
No
Security Update
20.14.0-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19608-17084
19904-17084
CBL-Mariner Releases
CBL-Mariner Releases
19873-17086
No
Security Update
18.20.3-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19873-17086
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-21T02:54:47
<p>Information published.</p>
containerd CRI plugin: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-47291
Incorrect Privilege Assignment
19609-17084
19609-17084
Moderate
19609-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19609-17084
CBL-Mariner Releases
19609-17084
No
Security Update
2.0.0-12
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19609-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-48060
Stack-based Buffer Overflow
19565-16823
19612-17084
20251-17086
19565-16823
19612-17084
20251-17086
Important
19565-16823
Important
19612-17084
Important
20251-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19565-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19612-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20251-17086
CBL-Mariner Releases
19565-16823
20251-17086
No
Security Update
1.6-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19565-16823
20251-17086
CBL-Mariner Releases
CBL-Mariner Releases
19612-17084
No
Security Update
1.7.1-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19612-17084
CBL-Mariner Releases
1.0
2025-07-29T00:00:00
<p>Information published.</p>
1.1
2026-02-21T03:06:29
<p>Information published.</p>
Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-48938
Trust Boundary Violation
19613-17084
19613-17084
Low
19613-17084
CBL-Mariner Releases
19613-17084
No
Security Update
2.62.0-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19613-17084
CBL-Mariner Releases
1.0
2025-08-06T00:00:00
<p>Information published.</p>
QUIC certificate check skip with wolfSSL
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
curl
Yes
CVE-2025-4947
Improper Certificate Validation
19616-17084
19799-17086
19852-17086
19686-17084
19671-17084
17153-17086
19252-17084
17539-17084
19616-17084
19799-17086
19852-17086
19686-17084
19671-17084
17153-17086
19252-17084
17539-17084
Moderate
19616-17084
Moderate
19799-17086
19852-17086
Moderate
19686-17084
Moderate
19671-17084
Moderate
17153-17086
Moderate
19252-17084
Moderate
17539-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
19616-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
19799-17086
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
19852-17086
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
19686-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
19671-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
17153-17086
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
19252-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
17539-17084
CBL-Mariner Releases
19616-17084
No
Security Update
3.30.3-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19616-17084
CBL-Mariner Releases
CBL-Mariner Releases
19799-17086
19852-17086
19686-17084
19671-17084
19252-17084
17539-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19799-17086
19852-17086
19686-17084
19671-17084
19252-17084
17539-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2025-08-06T00:00:00
<p>Added mysql to CBL-Mariner 2.0
Added cmake to Azure Linux 3.0</p>
3.0
2026-02-21T03:18:33
<p>Information published.</p>
No QUIC certificate pinning with wolfSSL
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
curl
Yes
CVE-2025-5025
Improper Certificate Validation
17464-17084
19852-17086
19252-17084
17667-17084
19799-17086
19721-17086
19686-17084
17539-17084
19671-17084
17153-17086
17183-17086
17464-17084
19852-17086
19252-17084
17667-17084
19799-17086
19721-17086
19686-17084
17539-17084
19671-17084
17153-17086
17183-17086
Moderate
17464-17084
19852-17086
Moderate
19252-17084
Moderate
17667-17084
Moderate
19799-17086
19721-17086
Moderate
19686-17084
Moderate
17539-17084
Moderate
19671-17084
Moderate
17153-17086
Moderate
17183-17086
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
17464-17084
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
19852-17086
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
19252-17084
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
17667-17084
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
19799-17086
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
19721-17086
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
19686-17084
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
17539-17084
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
19671-17084
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
17153-17086
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
17183-17086
CBL-Mariner Releases
17464-17084
No
Security Update
3.30.3-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17464-17084
CBL-Mariner Releases
1.0
2025-08-06T00:00:00
<p>Information published.</p>
2.0
2026-02-21T03:24:14
<p>Information published.</p>
Icu: stack buffer overflow in the srbroot::addtag function
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-5222
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
19571-16823
20165-17084
17667-17084
20367-17086
20162-17086
19904-17084
19668-17086
19571-16823
20165-17084
17667-17084
20367-17086
20162-17086
19904-17084
19668-17086
Important
19571-16823
Important
20165-17084
Important
17667-17084
Important
20367-17086
Important
20162-17086
Important
19904-17084
Important
19668-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
19571-16823
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
20165-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
17667-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
20367-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
20162-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
19904-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
19668-17086
CBL-Mariner Releases
19571-16823
20162-17086
No
Security Update
68.2.0.9-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19571-16823
20162-17086
CBL-Mariner Releases
CBL-Mariner Releases
20165-17084
No
Security Update
72.1.0.3-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20165-17084
CBL-Mariner Releases
CBL-Mariner Releases
20367-17086
No
Security Update
18.20.3-10
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20367-17086
CBL-Mariner Releases
CBL-Mariner Releases
19904-17084
No
Security Update
20.14.0-10
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19904-17084
CBL-Mariner Releases
1.1
2026-02-21T04:27:22
<p>Information published.</p>
1.0
2025-08-14T00:00:00
<p>Information published.</p>
GNU Binutils objdump debug.c debug_type_samep memory corruption
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-5245
Improper Restriction of Operations within the Bounds of a Memory Buffer
19621-17084
20219-17086
19621-17084
20219-17086
Moderate
19621-17084
Moderate
20219-17086
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
19621-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
20219-17086
CBL-Mariner Releases
19621-17084
No
Security Update
2.41-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19621-17084
CBL-Mariner Releases
CBL-Mariner Releases
20219-17086
No
Security Update
2.37-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20219-17086
CBL-Mariner Releases
1.0
2025-07-10T00:00:00
<p>Information published.</p>
1.1
2026-02-21T03:09:10
<p>Information published.</p>
scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37861
Use After Free
19683-17084
20412-17084
20613-17084
20725-17084
20788-17084
20823-17084
20860-17084
20925-17086
21094-17084
21093-17086
21248-17084
21332-17084
20553-17084
17087-17086
20956-17084
21308-17084
21344-17084
19683-17084
20412-17084
20613-17084
20725-17084
20788-17084
20823-17084
20860-17084
20925-17086
21094-17084
21093-17086
21248-17084
21332-17084
20553-17084
17087-17086
20956-17084
21308-17084
21344-17084
19683-17084
Moderate
20412-17084
Moderate
20613-17084
Moderate
20725-17084
Moderate
20788-17084
Moderate
20823-17084
Moderate
20860-17084
Moderate
20925-17086
Moderate
21094-17084
Moderate
21093-17086
Moderate
21248-17084
Moderate
21332-17084
Moderate
20553-17084
Moderate
17087-17086
Moderate
20956-17084
Moderate
21308-17084
Moderate
21344-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
19683-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20412-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20613-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20725-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20788-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20823-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20860-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20925-17086
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
21094-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
21093-17086
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
21248-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
21332-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20553-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
17087-17086
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20956-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
21308-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2025-12-07T01:45:47
<p>Information published.</p>
3.0
2026-01-08T14:45:01
<p>Information published.</p>
5.0
2026-02-19T01:43:05
<p>Information published.</p>
6.0
2026-03-03T15:00:30
<p>Information published.</p>
7.0
2026-03-04T14:40:03
<p>Information published.</p>
8.0
2026-03-31T14:55:11
<p>Information published.</p>
9.0
2026-04-29T14:46:58
<p>Information published.</p>
11.0
2026-05-11T01:40:50
<p>Information published.</p>
1.0
2025-09-03T21:49:17
<p>Information published.</p>
4.0
2026-01-20T14:40:25
<p>Information published.</p>
10.0
2026-05-06T14:41:53
<p>Information published.</p>
12.0
2026-05-17T14:41:59
<p>Information published.</p>
ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING"
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37802
Improper Locking
19529-17084
18490-17086
19682-17086
19529-17084
18490-17086
19682-17086
Moderate
19529-17084
Moderate
18490-17086
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
1.0
2025-09-03T22:03:53
<p>Information published.</p>
2.0
2026-02-19T01:51:47
<p>Information published.</p>
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
glibc
Yes
CVE-2025-4802
Untrusted Search Path
19876-17086
19587-17084
20426-17084
20868-17086
17348-17086
20935-17086
19876-17086
19587-17084
20426-17084
20868-17086
17348-17086
20935-17086
19876-17086
19587-17084
Important
20426-17084
Important
20868-17086
Important
17348-17086
Important
20935-17086
8.4
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19876-17086
8.4
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19587-17084
8.4
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20426-17084
8.4
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20868-17086
8.4
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17348-17086
8.4
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20935-17086
CBL-Mariner Releases
19876-17086
20868-17086
17348-17086
20935-17086
No
Security Update
2.35-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19876-17086
20868-17086
17348-17086
20935-17086
CBL-Mariner Releases
CBL-Mariner Releases
20426-17084
No
Security Update
2.38-12
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20426-17084
CBL-Mariner Releases
1.0
2025-09-04T00:02:07
<p>Information published.</p>
2.0
2026-02-21T02:52:45
<p>Information published.</p>
3.0
2026-03-03T14:36:55
<p>Information published.</p>
crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37984
19529-17084
19529-17084
Moderate
19529-17084
6.5
6.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U
19529-17084
1.0
2025-09-04T01:05:17
<p>Information published.</p>
1.1
2026-02-18T01:34:20
<p>Information published.</p>
bpf: Fix kmemleak warning for percpu hashmap
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37807
20613-17084
17087-17086
20725-17084
20823-17084
20860-17084
20925-17086
20956-17084
21094-17084
21093-17086
19683-17084
20412-17084
20553-17084
20788-17084
21248-17084
21308-17084
21332-17084
21344-17084
20613-17084
17087-17086
20725-17084
20823-17084
20860-17084
20925-17086
20956-17084
21094-17084
21093-17086
19683-17084
20412-17084
20553-17084
20788-17084
21248-17084
21308-17084
21332-17084
21344-17084
Important
20613-17084
Moderate
17087-17086
Important
20725-17084
Important
20823-17084
Important
20860-17084
Moderate
20925-17086
Important
20956-17084
Important
21094-17084
Moderate
21093-17086
19683-17084
Important
20412-17084
Important
20553-17084
Important
20788-17084
Important
21248-17084
Important
21308-17084
Important
21332-17084
Important
21344-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20725-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20823-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20956-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21094-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19683-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20412-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20553-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
20788-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21248-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21308-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21332-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21344-17084
1.0
2025-09-04T01:13:30
<p>Information published.</p>
2.0
2025-12-07T01:38:16
<p>Information published.</p>
4.0
2026-01-20T14:48:18
<p>Information published.</p>
5.0
2026-02-19T01:49:40
<p>Information published.</p>
6.0
2026-03-03T14:56:52
<p>Information published.</p>
7.0
2026-03-04T14:43:51
<p>Information published.</p>
8.0
2026-03-31T15:15:15
<p>Information published.</p>
9.0
2026-04-29T14:53:48
<p>Information published.</p>
3.0
2026-01-08T14:35:20
<p>Information published.</p>
10.0
2026-05-06T14:48:07
<p>Information published.</p>
11.0
2026-05-11T01:46:28
<p>Information published.</p>
12.0
2026-05-17T14:47:32
<p>Information published.</p>
scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37977
19529-17084
19529-17084
Moderate
19529-17084
7.0
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
19529-17084
1.0
2025-09-04T01:30:15
<p>Information published.</p>
1.1
2026-02-18T01:38:59
<p>Information published.</p>
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37976
19529-17084
19529-17084
Moderate
19529-17084
7.0
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
19529-17084
1.0
2025-09-04T02:20:05
<p>Information published.</p>
1.1
2026-02-18T01:46:56
<p>Information published.</p>
wifi: ath12k: fix memory leak in ath12k_pci_remove()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37744
19683-17084
19683-17084
Moderate
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
CBL-Mariner Releases
19683-17084
No
Security Update
6.6.96.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19683-17084
CBL-Mariner Releases
1.1
2026-02-18T01:47:38
<p>Information published.</p>
1.0
2025-09-04T02:23:35
<p>Information published.</p>
Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-4373
Buffer Underwrite ('Buffer Underflow')
19898-17086
20365-17086
20466-17086
20272-17084
19898-17086
20365-17086
20466-17086
20272-17084
19898-17086
Moderate
20365-17086
Moderate
20466-17086
Moderate
20272-17084
6.5
6.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U
19898-17086
6.5
6.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U
20365-17086
6.5
6.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U
20466-17086
6.5
6.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U
20272-17084
CBL-Mariner Releases
19898-17086
No
Security Update
2.71.0-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19898-17086
CBL-Mariner Releases
CBL-Mariner Releases
20365-17086
20466-17086
No
Security Update
2.71.0-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20365-17086
20466-17086
CBL-Mariner Releases
CBL-Mariner Releases
20272-17084
No
Security Update
2.78.6-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20272-17084
CBL-Mariner Releases
1.0
2025-09-04T02:58:55
<p>Information published.</p>
1.1
2026-02-19T01:41:32
<p>Information published.</p>
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37782
19734-17084
19734-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19734-17084
CBL-Mariner Releases
2.0
2026-02-18T14:10:11
<p>Information published.</p>
1.0
2025-10-01T23:11:35
<p>Information published.</p>
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-37804
19734-17084
19734-17084
Moderate
19734-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19734-17084
CBL-Mariner Releases
19734-17084
No
Security Update
6.6.92.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19734-17084
CBL-Mariner Releases
1.0
2025-10-01T23:11:36
<p>Information published.</p>
2.0
2026-02-18T01:52:48
<p>Information published.</p>
Insecure file handling vulnerability
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
vmware
Yes
CVE-2025-22247
Improper Link Resolution Before File Access ('Link Following')
20462-17086
20463-17084
20462-17086
20463-17084
Moderate
20462-17086
Moderate
20463-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
20462-17086
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
20463-17084
CBL-Mariner Releases
20462-17086
No
Security Update
11.3.0-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20462-17086
CBL-Mariner Releases
CBL-Mariner Releases
20463-17084
No
Security Update
12.3.5-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20463-17084
CBL-Mariner Releases
1.0
2025-09-27T01:03:15
<p>Information published.</p>
net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.
Mariner
Linux
Yes
CVE-2025-23143
NULL Pointer Dereference
17087-17086
20553-17084
17087-17086
20553-17084
Moderate
17087-17086
Moderate
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
CBL-Mariner Releases
20553-17084
No
Security Update
6.6.112.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20553-17084
CBL-Mariner Releases
1.0
2025-11-07T01:01:21
<p>Information published.</p>
2.0
2026-02-24T14:35:40
<p>Information published.</p>
perf: Fix hang while freeing sigtrap event
Mariner
Linux
Yes
CVE-2025-37747
20613-17084
20725-17084
20788-17084
20823-17084
20860-17084
20925-17086
20956-17084
21093-17086
21094-17084
21248-17084
21332-17084
17087-17086
20553-17084
21308-17084
21344-17084
20613-17084
20725-17084
20788-17084
20823-17084
20860-17084
20925-17086
20956-17084
21093-17086
21094-17084
21248-17084
21332-17084
17087-17086
20553-17084
21308-17084
21344-17084
Moderate
20613-17084
Moderate
20725-17084
Moderate
20788-17084
Moderate
20823-17084
Moderate
20860-17084
Moderate
20925-17086
Moderate
20956-17084
Moderate
21093-17086
Moderate
21094-17084
Moderate
21248-17084
Moderate
21332-17084
Moderate
17087-17086
Moderate
20553-17084
Moderate
21308-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20956-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21094-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2025-12-07T01:46:46
<p>Information published.</p>
5.0
2026-02-18T02:55:56
<p>Information published.</p>
6.0
2026-03-03T14:53:13
<p>Information published.</p>
9.0
2026-04-29T14:48:57
<p>Information published.</p>
11.0
2026-05-11T01:41:57
<p>Information published.</p>
1.0
2025-11-07T01:01:36
<p>Information published.</p>
3.0
2026-01-08T14:37:14
<p>Information published.</p>
4.0
2026-01-20T14:48:19
<p>Information published.</p>
7.0
2026-03-04T14:42:32
<p>Information published.</p>
8.0
2026-03-31T15:07:03
<p>Information published.</p>
10.0
2026-05-06T14:43:11
<p>Information published.</p>
12.0
2026-05-17T14:43:03
<p>Information published.</p>
iavf: fix hang on reboot with ice
Mariner
Linux
Yes
CVE-2023-53064
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-11-08T01:02:25
<p>Information published.</p>
netlink: Bounds-check struct nlmsgerr creation
Mariner
Linux
Yes
CVE-2022-49766
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
2.0
2026-03-03T14:53:45
<p>Information published.</p>
3.0
2026-03-31T15:07:49
<p>Information published.</p>
1.0
2025-11-08T01:08:11
<p>Information published.</p>
smb: client: fix UAF in decryption with multichannel
Mariner
Linux
Yes
CVE-2025-37750
Use After Free
20725-17084
20823-17084
20860-17084
20956-17084
21094-17084
17087-17086
20613-17084
20788-17084
21248-17084
21308-17084
21332-17084
21344-17084
20725-17084
20823-17084
20860-17084
20956-17084
21094-17084
17087-17086
20613-17084
20788-17084
21248-17084
21308-17084
21332-17084
21344-17084
Important
20725-17084
Important
20823-17084
Important
20860-17084
Important
20956-17084
Important
21094-17084
Important
17087-17086
Important
20613-17084
Important
20788-17084
Important
21248-17084
Important
21308-17084
Important
21332-17084
Important
21344-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20725-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20823-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20860-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20956-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21094-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20613-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20788-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21248-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21308-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21332-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21344-17084
1.0
2025-11-08T01:08:19
<p>Information published.</p>
2.0
2025-12-07T01:46:55
<p>Information published.</p>
3.0
2026-01-08T14:37:24
<p>Information published.</p>
6.0
2026-03-04T14:42:39
<p>Information published.</p>
7.0
2026-03-31T15:08:31
<p>Information published.</p>
4.0
2026-01-20T14:48:29
<p>Information published.</p>
5.0
2026-02-18T02:56:52
<p>Information published.</p>
8.0
2026-04-29T14:49:12
<p>Information published.</p>
9.0
2026-05-06T14:43:21
<p>Information published.</p>
10.0
2026-05-11T01:42:06
<p>Information published.</p>
11.0
2026-05-17T14:43:13
<p>Information published.</p>
drm/scheduler: fix fence ref counting
Mariner
Linux
Yes
CVE-2022-49829
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2025-11-12T01:01:21
<p>Information published.</p>
2.0
2026-03-03T14:55:11
<p>Information published.</p>
3.0
2026-03-31T15:09:42
<p>Information published.</p>
btrfs: zoned: clone zoned device info when cloning a device
Mariner
Linux
Yes
CVE-2022-49833
NULL Pointer Dereference
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2025-11-12T01:01:26
<p>Information published.</p>
2.0
2026-03-03T14:55:28
<p>Information published.</p>
3.0
2026-03-31T15:10:06
<p>Information published.</p>
octeontx2-pf: Fix SQE threshold checking
Mariner
Linux
Yes
CVE-2022-49858
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-11-12T01:01:32
<p>Information published.</p>
2.0
2025-11-25T01:40:29
<p>Information published.</p>
net/mlx5e: Fix cleanup null-ptr deref on encap lock
Mariner
Linux
Yes
CVE-2023-53105
NULL Pointer Dereference
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2025-11-12T01:01:38
<p>Information published.</p>
2.0
2026-03-03T14:55:46
<p>Information published.</p>
3.0
2026-03-31T15:10:31
<p>Information published.</p>
dm-bufio: don't schedule in atomic context
Mariner
Linux
Yes
CVE-2025-37928
17087-17086
17087-17086
Important
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
1.0
2025-11-12T01:02:14
<p>Information published.</p>
KVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace
Mariner
Linux
Yes
CVE-2022-49932
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
2.0
2026-03-03T14:58:10
<p>Information published.</p>
1.0
2025-11-14T01:03:18
<p>Information published.</p>
3.0
2026-03-31T14:37:52
<p>Information published.</p>
drm/amd/display: Do not set DRR on pipe Commit
Mariner
Linux
Yes
CVE-2023-53042
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2025-11-14T01:03:29
<p>Information published.</p>
2.0
2026-03-03T14:58:44
<p>Information published.</p>
3.0
2026-03-31T14:38:37
<p>Information published.</p>
mptcp: use the workqueue to destroy unaccepted sockets
Mariner
Linux
Yes
CVE-2023-53072
Use After Free
17087-17086
17087-17086
Important
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
1.0
2025-11-14T01:03:40
<p>Information published.</p>
drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini
Mariner
Linux
Yes
CVE-2023-53074
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
17087-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20925-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21093-17086
1.0
2025-11-14T01:03:45
<p>Information published.</p>
2.0
2026-03-03T14:59:18
<p>Information published.</p>
3.0
2026-03-31T14:39:24
<p>Information published.</p>
tracing: Do not let histogram values have some modifiers
Mariner
Linux
Yes
CVE-2023-53093
NULL Pointer Dereference
20925-17086
17087-17086
21093-17086
20925-17086
17087-17086
21093-17086
Moderate
20925-17086
Moderate
17087-17086
Moderate
21093-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20925-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
17087-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21093-17086
3.0
2026-03-31T14:39:51
<p>Information published.</p>
1.0
2025-11-14T01:03:51
<p>Information published.</p>
2.0
2026-03-03T14:59:36
<p>Information published.</p>
xen-netfront: handle NULL returned by xdp_convert_buff_to_frame()
Mariner
Linux
Yes
CVE-2025-37820
NULL Pointer Dereference
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
17087-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20925-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21093-17086
1.0
2025-11-14T01:03:58
<p>Information published.</p>
2.0
2026-03-03T14:59:54
<p>Information published.</p>
3.0
2026-03-31T14:40:17
<p>Information published.</p>
hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.
Mariner
mitre
Yes
CVE-2025-44904
Heap-based Buffer Overflow
20762-17086
21121-17084
21122-17086
20755-17084
20762-17086
21121-17084
21122-17086
20755-17084
Important
20762-17086
Important
21121-17084
Important
21122-17086
Important
20755-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
20762-17086
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
21121-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
21122-17086
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
20755-17084
2.0
2025-12-20T01:03:15
<p>Information published.</p>
3.0
2026-03-31T14:47:23
<p>Information published.</p>
1.0
2025-12-16T01:01:34
<p>Information published.</p>
bpf: Scrub packet on bpf_redirect_peer
Mariner
Linux
Yes
CVE-2025-37959
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2025-12-18T01:01:19
<p>Information published.</p>
2.0
2026-03-03T14:42:42
<p>Information published.</p>
3.0
2026-03-31T14:51:03
<p>Information published.</p>
Chromium: CVE-2025-4050 Out of bounds memory access in DevTools
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>136.0.3240.50</td>
<td>5/1/2025</td>
<td>136.0.7103.49</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-4050
11655
11655
11655
Release Notes
11655
No
Security Update
136.0.3240.50
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.1
2025-05-09T07:00:00
<p>Corrected CVE title. This is an informational change only.</p>
1.0
2025-05-01T22:15:58
<p>Information published.</p>
Chromium: CVE-2025-4096 Heap buffer overflow in HTML
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>136.0.3240.50</td>
<td>5/1/2025</td>
<td>136.0.7103.49</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-4096
11655
11655
11655
Release Notes
11655
No
Security Update
136.0.3240.50
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.1
2025-05-09T07:00:00
<p>Corrected CVE title. This is an informational change only.</p>
1.0
2025-05-01T22:15:53
<p>Information published.</p>
Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
<p>Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>
<p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2025-47181
Improper Link Resolution Before File Access ('Link Following')
12101
Elevation of Privilege
12101
Important
12101
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12101
Release Notes
12101
No
Security Update
1.3.195.61
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
12101
Release Notes
<a href="https://twitter.com/sim0nsecurity">Simon (@sim0nsecurity)</a>
1.0
2025-05-22T07:00:00
<p>Information published.</p>
.NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
<p>External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>An authorized attacker with standard user privileges could place a malicious file and then wait for the privileged victim to run the calling command.</p>
.NET, Visual Studio, and Build Tools for Visual Studio
Microsoft
Yes
CVE-2025-26646
External Control of File Name or Path
12414
12415
12416
12432
12433
12434
12459
12506
12271
12322
16763
Spoofing
12414
Spoofing
12415
Spoofing
12416
Spoofing
12432
Spoofing
12433
Spoofing
12434
Spoofing
12459
Spoofing
12506
Spoofing
12271
Spoofing
12322
Spoofing
16763
Important
12414
Important
12415
Important
12416
Important
12432
Important
12433
Important
12434
Important
12459
Important
12506
Important
12271
Important
12322
Important
16763
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12414
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12415
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12416
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12432
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12433
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12434
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12459
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12506
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12271
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12322
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16763
5059200
https://dotnet.microsoft.com/en-us/download/dotnet/8.0
12414
12415
12416
Maybe
Security Update
8.0.16
https://support.microsoft.com/help/5059200
12414
12415
12416
5059200
5059201
https://dotnet.microsoft.com/en-us/download/dotnet/9.0
12432
12433
12434
Maybe
Security Update
9.0.5
https://support.microsoft.com/help/5059201
12432
12433
12434
5059201
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12
12459
Maybe
Security Update
17.12.8
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12459
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.13
12506
Maybe
Security Update
17.13.7
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12506
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8
12271
Maybe
Security Update
17.8.21
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12271
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10
12322
Maybe
Security Update
17.10.15
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12322
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022
16763
Maybe
Security Update
Fixed Version 17.13.7
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
16763
Release Notes
1.0
2025-05-13T07:00:00
<p>Information published.</p>
2.0
2025-05-22T07:00:00
<p>To comprehensively address CVE-2025-26646, Microsoft has released security updates on May 22, 2025 for Visual Studio 2022 version 17.10. In addition, updates .NET 8.0.313 and .NET 8.0.410 have been released for .NET SDKs 8.0.3xx and 8.0.4xx, respectively. For more information about the .NET updates see <a href="https://support.microsoft.com/en-us/topic/-net-8-0-update-may-22-2025-kb5059200-8ace2b08-2644-454e-a43f-157c60835e49">KB5059200</a>. Microsoft recommends customers to install these updates to be fully protected from the vulnerability.</p>
Microsoft Defender Elevation of Privilege Vulnerability
<p>External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.</p>
<p><strong>How can I verify that the update is installed?</strong></p>
<p>Customers wanting to ensure the client has been updated can run the MDE Client Analyzer on the device. When running the analyzer on a Windows device that does not have the security update, the analyzer will present a warning (ID 121035) indicating missing patch and directing to relevant online article. Additionally, if the update is installed, but the Anti-Spoofing capability is not in a stable state, the analyzer will present warning (ID 121036) indicating an issue and providing additional online guidance or callout to reach out to Microsoft support if issue persists.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Microsoft Defender for Endpoint
Microsoft
Yes
CVE-2025-26684
External Control of File Name or Path
12015
Elevation of Privilege
12015
Important
12015
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12015
Release Notes
https://learn.microsoft.com/en-us/defender-endpoint/linux-whatsnew#releases-for-defender-for-endpoint-on-linux
12015
No
Security Update
101.25032.0010
https://learn.microsoft.com/en-us/defender-endpoint/linux-whatsnew#releases-for-defender-for-endpoint-on-linux
12015
Release Notes
Rich Mirch with <a href="https://www.stratascale.com/">Stratascale</a>
astraleureka (eureka@astr.al)
1.0
2025-05-13T07:00:00
<p>Information published.</p>
1.1
2025-07-08T07:00:00
<p>Updated links to security updates. This is an informational change only.</p>
1.2
2025-07-14T07:00:00
<p>Updated the build numbers. This is an informational update only.</p>
Microsoft Edge (Chromium-based) Spoofing Vulnerability
<p>User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>136.0.3240.50</td>
<td>5/1/2025</td>
<td>136.0.7103.49</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2025-29825
User Interface (UI) Misrepresentation of Critical Information
11655
Spoofing
11655
Low
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
136.0.3240.50
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
zeeagil
1.0
2025-05-01T07:00:00
<p>Information published.</p>
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
<p>Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>This attack requires an admin user on the client to connect to a malicious server and then take specific actions which could result in information disclosure.</p>
Windows Routing and Remote Access Service (RRAS)
Microsoft
Yes
CVE-2025-29959
Use of Uninitialized Resource
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Anonymous with Codesafe Team of Legendsec at QI-ANXIN Group
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>In a web-based attack scenario, an attacker could host a website or server that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p>
Windows Routing and Remote Access Service (RRAS)
Microsoft
Yes
CVE-2025-29960
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Anonymous with Codesafe Team of Legendsec at QI-ANXIN Group
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Media Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through convincing a user to open a malicious document at which point the attacker could execute arbitrary code in the context of the user.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires a user to open a specially crafted file from the attacker to initiate remote code execution.</p>
Windows Media
Microsoft
Yes
CVE-2025-29964
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
Anonymous
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Remote Desktop Client Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacker's server with the vulnerable Remote Desktop Client.</p>
Windows Remote Desktop
Microsoft
Yes
CVE-2025-29966
Heap-based Buffer Overflow
12457
11568
11569
11571
11572
11849
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
10051
10049
10378
10379
10483
10543
Remote Code Execution
12457
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11849
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
12457
Critical
11568
Critical
11569
Critical
11571
Critical
11572
Critical
11849
Critical
11923
Critical
11924
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
12437
Critical
12242
Critical
12243
Critical
12244
Critical
12389
Critical
12390
Critical
12436
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12457
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11849
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
Release Notes
https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows
12457
Maybe
Security Update
2.0.420
https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows
12457
Release Notes
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
Release Notes
https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-1260810
11849
Maybe
Security Update
1.2.6228.0
https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-1260810
11849
Release Notes
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Nicholas Vadasz
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Remote Desktop Client Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacker's server with the vulnerable Remote Desktop Client.</p>
Remote Desktop Gateway Service
Microsoft
Yes
CVE-2025-29967
Heap-based Buffer Overflow
12457
11568
11569
11571
11572
11849
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
10051
10049
10378
10379
10483
10543
Remote Code Execution
12457
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11849
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
12457
Critical
11568
Critical
11569
Critical
11571
Critical
11572
Critical
11849
Critical
11923
Critical
11924
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
12437
Critical
12242
Critical
12243
Critical
12244
Critical
12389
Critical
12390
Critical
12436
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12457
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11849
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
Release Notes
https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows
12457
Maybe
Security Update
2.0.420
https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows
12457
Release Notes
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
Release Notes
https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-1260810
11849
Maybe
Security Update
1.2.6228.0
https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-1260810
11849
Release Notes
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Nicholas Vadasz
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Active Directory Certificate Services (AD CS) Denial of Service Vulnerability
<p>Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network.</p>
Active Directory Certificate Services (AD CS)
Microsoft
Yes
CVE-2025-29968
Improper Input Validation
11571
11572
11923
11924
12244
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
12244
Denial of Service
10816
Denial of Service
10855
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11571
Important
11572
Important
11923
Important
11924
Important
12244
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Anonymous
1.0
2025-05-13T07:00:00
<p>Information published.</p>
MS-EVEN RPC Remote Code Execution Vulnerability
<p>Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to have obtained low privileged code execution on target host first.</p>
Windows Fundamentals
Microsoft
Yes
CVE-2025-29969
Time-of-check Time-of-use (TOCTOU) Race Condition
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Yarin Aharoni with <a href="https://www.safebreach.com/">SafeBreach</a>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Microsoft Brokering File System Elevation of Privilege Vulnerability
<p>Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Microsoft Brokering File System
Microsoft
Yes
CVE-2025-29970
Use After Free
12437
12244
12389
12390
12436
Elevation of Privilege
12437
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
12437
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
Maxime Villard, of M.O.R.S.E.
hazard
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Web Threat Defense (WTD.sys) Denial of Service Vulnerability
<p>Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network.</p>
Web Threat Defense (WTD.sys)
Microsoft
Yes
CVE-2025-29971
Out-of-bounds Read
12085
12086
12242
12243
12389
12390
Denial of Service
12085
Denial of Service
12086
Denial of Service
12242
Denial of Service
12243
Denial of Service
12389
Denial of Service
12390
Important
12085
Important
12086
Important
12242
Important
12243
Important
12389
Important
12390
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12389
12390
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12389
12390
5058411
5058411
https://support.microsoft.com/help/5058411
12389
12390
5061258
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061258
12389
12390
No
Security HotPatch Update
10.0.26100.3983
https://support.microsoft.com/help/5061258
12389
12390
5061258
Vladimir Lagunov with <a href="https://jetbrains.com/">JetBrains</a>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
2.0
2025-05-16T07:00:00
<p>To comprehensively address CVE-2025-29971, Microsoft has released HotPatch KB5061258 for Windows 11 Version 24H2 for x64-based Systems and Windows 11 Version 24H2 for ARM64-based Systems. Customers running these versions of Windows and who install the HotPatch updates should install KB5061258 to be protected from this vulnerability.</p>
Microsoft Azure File Sync Elevation of Privilege Vulnerability
<p>Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What actions do customers need to take to protect themselves from this vulnerability?</strong></p>
<p>The vulnerability has been mitigated by a recent update to Azure File Sync's backend infrastructure and no Azure File Sync agent upgrade needed to the latest version.. Customers who are required to inspect and correct their Access Control List's have been notified through <a href="https://learn.microsoft.com/en-us/azure/service-health/overview">Azure Service Health Alerts</a> under TrackingID: 4K2C-9_Z . See <a href="https://learn.microsoft.com/en-us/azure/service-health/service-notifications">View service health notifications by using the Azure portal</a> for information on how to view Azure Service Health Alerts in the Azure Portal.</p>
<p>Customers who have not received this Azure Service Health Alert do not need to take any action to be protected against this vulnerability.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>To successfully exploit this vulnerability, an attacker would need to gain elevated privileges enabling them to perform file operations in directories they would not normally be able to access or perform.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker can gain permissions to access directories in Azure File Sync servers and perform file operations they do not normally have permissions to access or perform.</p>
Azure File Sync
Microsoft
Yes
CVE-2025-29973
Improper Access Control
16746
16747
Elevation of Privilege
16746
Elevation of Privilege
16747
Important
16746
Important
16747
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16746
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16747
Release Notes
16746
Maybe
N/A
26100
https://support.microsoft.com/en-us/topic/azure-file-sync-agent-v19-release-september-2024-e44fc142-8a24-4dea-9bf9-6e884b4b342e
16746
Release Notes
Release Notes
16747
Maybe
N/A
5041884
https://support.microsoft.com/en-us/topic/azure-file-sync-agent-v20-release-february-2025-b92c9c6f-8232-42d3-a3e0-e6df1fce0f5e
16747
Release Notes
Anonymous
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Microsoft PC Manager Elevation of Privilege Vulnerability
<p>Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Microsoft PC Manager
Microsoft
Yes
CVE-2025-29975
Improper Link Resolution Before File Access ('Link Following')
12441
Elevation of Privilege
12441
Important
12441
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12441
Release Notes
https://apps.microsoft.com/detail/9pm860492szd?hl=en-us&gl=US
12441
Maybe
Security Update
3.16.1.0
https://apps.microsoft.com/detail/9pm860492szd?hl=en-us&gl=US
12441
Release Notes
<a href="https://twitter.com/sim0nsecurity">Simon (@sim0nsecurity)</a>
Anonymous working with Trend Zero Day Initiative
1.0
2025-05-13T07:00:00
<p>Information published.</p>
1.2
2025-05-20T07:00:00
<p>Updated acknowledgment. This is an informational change only.</p>
1.1
2025-05-14T07:00:00
<p>Updated acknowledgment. This is an informational change only.</p>
Microsoft SharePoint Server Elevation of Privilege Vulnerability
<p>Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited the vulnerability could elevate privileges and gain the ability to read the load file.</p>
<p><strong>I am running SharePoint Enterprise Server 2016 or SharePoint Server 2019 and there are multiple updates available for each of these affected versions. Do I need to install all the updates listed in the Security Updates table for these versions?</strong></p>
<p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2025-29976
Improper Privilege Management
10950
11585
11961
Elevation of Privilege
10950
Elevation of Privilege
11585
Elevation of Privilege
11961
Important
10950
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002722
5002692
10950
Maybe
Security Update
16.0.5500.1001
https://support.microsoft.com/help/5002722
10950
5002722
5002712
5002682
10950
Maybe
Security Update
16.0.5500.1001
https://support.microsoft.com/help/5002712
10950
5002712
5002708
5002691
11585
Maybe
Security Update
16.0.10417.20010
https://support.microsoft.com/help/5002708
11585
5002708
5002706
5002680
11585
Maybe
Security Update
16.0.10417.20010
https://support.microsoft.com/help/5002706
11585
5002706
5002709
5002705
11961
Maybe
Security Update
16.0.18526.20286
https://support.microsoft.com/help/5002709
11961
5002709
Yansen with <a href="https://www.pulsesecure.com/">PulseSecure Pte Ltd.</a>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p>
<p>Yes. As of May 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-29977
Use After Free
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002707
5002699
10836
Maybe
Security Update
16.0.10417.20010
https://support.microsoft.com/help/5002707
10836
5002707
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.97.25042725
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002717
5002704
10739
10740
Maybe
Security Update
16.0.5500.1000
https://support.microsoft.com/help/5002717
10739
10740
5002717
0x140ce
1.0
2025-05-13T07:00:00
<p>Information published.</p>
2.0
2025-05-14T07:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p>
Microsoft PowerPoint Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office PowerPoint
Microsoft
Yes
CVE-2025-29978
Use After Free
11762
11763
12420
12421
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
12420
Remote Code Execution
12421
Important
11762
Important
11763
Important
12420
Important
12421
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
Click to Run
11762
11763
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates
11762
11763
12420
12421
Click to Run
Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p>
<p>Yes. As of May 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-29979
Heap-based Buffer Overflow
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10753
10754
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10753
Remote Code Execution
10754
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10753
Important
10754
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10753
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10754
5002707
5002699
10836
Maybe
Security Update
16.0.10417.20010
https://support.microsoft.com/help/5002707
10836
5002707
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.97.25042725
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002717
5002704
10753
10754
Maybe
Security Update
16.0.5500.1000
https://support.microsoft.com/help/5002717
10753
10754
5002717
f4 & Zhiniang Peng with HUST
1.0
2025-05-13T07:00:00
<p>Information published.</p>
2.0
2025-05-14T07:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p>
<p>Yes. As of May 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-30375
Access of Resource Using Incompatible Type ('Type Confusion')
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002707
5002699
10836
Maybe
Security Update
16.0.10417.20010
https://support.microsoft.com/help/5002707
10836
5002707
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.97.25042725
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002717
5002704
10739
10740
Maybe
Security Update
16.0.5500.1000
https://support.microsoft.com/help/5002717
10739
10740
5002717
0x140ce
1.0
2025-05-13T07:00:00
<p>Information published.</p>
2.0
2025-05-14T07:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-30376
Heap-based Buffer Overflow
Out-of-bounds Read
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002707
5002699
10836
Maybe
Security Update
16.0.10417.20010
https://support.microsoft.com/help/5002707
10836
5002707
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.97.25042725
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002717
5002704
10739
10740
Maybe
Security Update
16.0.5500.1000
https://support.microsoft.com/help/5002717
10739
10740
5002717
wh1tc with Kunlun Lab
devoke with HUST
Zhiniang Peng with HUST
cdbb6164ddfda2b210fd348442322115
1.0
2025-05-13T07:00:00
<p>Information published.</p>
1.1
2025-05-30T07:00:00
<p>Updated acknowledgment. This is an informational change only.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p>
<p>Yes. As of May 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p>
Microsoft Office
Microsoft
Yes
CVE-2025-30377
Use After Free
11573
11574
11762
11763
11951
11952
11953
12155
12420
12421
12440
10753
10754
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12155
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10753
Remote Code Execution
10754
Critical
11573
Critical
11574
Critical
11762
Critical
11763
Critical
11951
Critical
11952
Critical
11953
Critical
12155
Critical
12420
Critical
12421
Critical
12440
Critical
10753
Critical
10754
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12155
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10753
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10754
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.97.25042725
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
Release Notes
https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow
12155
Maybe
Security Update
16.0.18827.20000
https://support.google.com/googleplay/answer/113412?hl=en
12155
Release Notes
5002711
5002700
10753
10754
Maybe
Security Update
16.0.5500.1002
https://support.microsoft.com/help/5002711
10753
10754
5002711
0x140ce
1.0
2025-05-13T07:00:00
<p>Information published.</p>
2.0
2025-05-14T07:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p>
Microsoft SharePoint Server Remote Code Execution Vulnerability
<p>Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2025-30378
Deserialization of Untrusted Data
10950
11585
11961
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11961
Important
10950
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002722
5002692
10950
Maybe
Security Update
16.0.5500.1001
https://support.microsoft.com/help/5002722
10950
5002722
5002708
5002691
11585
Maybe
Security Update
16.0.10417.20010
https://support.microsoft.com/help/5002708
11585
5002708
5002709
5002705
11961
Maybe
Security Update
16.0.18526.20286
https://support.microsoft.com/help/5002709
11961
5002709
<a href="https://github.com/zcgonvh">zcgonvh</a>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p>
<p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p>
<p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p>
<p>Yes. As of May 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-30379
Release of Invalid Pointer or Reference
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002707
5002699
10836
Maybe
Security Update
16.0.10417.20010
https://support.microsoft.com/help/5002707
10836
5002707
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.97.25042725
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002717
5002704
10739
10740
Maybe
Security Update
16.0.5500.1000
https://support.microsoft.com/help/5002717
10739
10740
5002717
5002716
5002703
10739
10740
Maybe
Security Update
16.0.5500.1000
https://support.microsoft.com/help/5002716
10739
10740
5002716
0x140ce
1.0
2025-05-13T07:00:00
<p>Information published.</p>
2.0
2025-05-14T07:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p>
<p>Yes. As of May 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-30381
Out-of-bounds Read
Untrusted Pointer Dereference
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002707
5002699
10836
Maybe
Security Update
16.0.10417.20010
https://support.microsoft.com/help/5002707
10836
5002707
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.97.25042725
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002717
5002704
10739
10740
Maybe
Security Update
16.0.5500.1000
https://support.microsoft.com/help/5002717
10739
10740
5002717
Zhiniang Peng with HUST
devoke with HUST
wh1tc with Kunlun Lab
1.0
2025-05-13T07:00:00
<p>Information published.</p>
2.1
2025-05-28T07:00:00
<p>Updated acknowledgment. This is an informational change only.</p>
2.0
2025-05-14T07:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p>
Microsoft SharePoint Server Remote Code Execution Vulnerability
<p>Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2025-30382
Deserialization of Untrusted Data
10950
11585
11961
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11961
Important
10950
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002722
5002692
10950
Maybe
Security Update
16.0.5500.1001
https://support.microsoft.com/help/5002722
10950
5002722
5002708
5002691
11585
Maybe
Security Update
16.0.10417.20010
https://support.microsoft.com/help/5002708
11585
5002708
5002709
5002705
11961
Maybe
Security Update
16.0.18526.20286
https://support.microsoft.com/help/5002709
11961
5002709
<a href="https://github.com/zcgonvh">zcgonvh</a>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p>
<p>Yes. As of May 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-30383
Access of Resource Using Incompatible Type ('Type Confusion')
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002707
5002699
10836
Maybe
Security Update
16.0.10417.20010
https://support.microsoft.com/help/5002707
10836
5002707
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.97.25042725
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002717
5002704
10739
10740
Maybe
Security Update
16.0.5500.1000
https://support.microsoft.com/help/5002717
10739
10740
5002717
0x140ce
1.0
2025-05-13T07:00:00
<p>Information published.</p>
2.0
2025-05-14T07:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p>
Microsoft SharePoint Server Remote Code Execution Vulnerability
<p>Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2025-30384
Deserialization of Untrusted Data
10950
11585
11961
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11961
Important
10950
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002722
5002692
10950
Maybe
Security Update
16.0.5500.1001
https://support.microsoft.com/help/5002722
10950
5002722
5002708
5002691
11585
Maybe
Security Update
16.0.10417.20010
https://support.microsoft.com/help/5002708
11585
5002708
5002709
5002705
11961
Maybe
Security Update
16.0.18526.20286
https://support.microsoft.com/help/5002709
11961
5002709
<a href="https://github.com/zcgonvh">zcgonvh's cat Vanilla</a>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>
<p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>Exploitation of this vulnerability requires that an attacker send a malicious link to the victim via email, or that they convince the user to click the link, typically by way of an enticement in an email or Instant Messenger message. In the worst-case email attack scenario, an attacker could send a specially crafted email to the user without a requirement that the victim open, read, or click on the link. This could result in the attacker executing remote code on the victim's machine. When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk (UI:N).</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
<p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p>
<p>Yes. As of May 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p>
Microsoft Office
Microsoft
Yes
CVE-2025-30386
Use After Free
11573
11574
11762
11763
11951
11952
11953
12155
12420
12421
12440
10753
10754
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12155
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10753
Remote Code Execution
10754
Critical
11573
Critical
11574
Critical
11762
Critical
11763
Critical
11951
Critical
11952
Critical
11953
Critical
12155
Critical
12420
Critical
12421
Critical
12440
Critical
10753
Critical
10754
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12155
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10753
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10754
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.97.25042725
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
Release Notes
https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow
12155
Maybe
Security Update
16.0.18827.20000
https://support.google.com/googleplay/answer/113412?hl=en
12155
Release Notes
5002711
5002700
10753
10754
Maybe
Security Update
16.0.5500.1002
https://support.microsoft.com/help/5002711
10753
10754
5002711
Li Shuang and willJ with Vulnerability Research Institute
1.0
2025-05-13T07:00:00
<p>Information published.</p>
2.0
2025-05-14T07:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p>
Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability
<p>Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.</p>
<p><strong>What actions does a valid user have to take to be protected against this vulnerability?</strong></p>
<p>Update the image to the latest tag. User data and setting will not be affected by upgrading to the latest tag.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability by bypassing authentication/authorization to access files located one directory above the intended file upload path.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially download the content of parent folder of the mounted path.</p>
Azure
Microsoft
Yes
CVE-2025-30387
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
16741
Elevation of Privilege
16741
Important
16741
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16741
Release Notes
https://mcr.microsoft.com/en-us/artifact/mar/azure-cognitive-services/form-recognizer/studio/tags
16741
Maybe
Security Update
1.0.03019.1-official-7241c17a
https://learn.microsoft.com/en-us/azure/ai-services/document-intelligence/whats-new?view=doc-intel-4.0.0
16741
Release Notes
<a href="https://twitter.com/yanir_">Yanir Tsarimi</a>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
<p>Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Secure Kernel Mode
Microsoft
Yes
CVE-2025-27468
Improper Privilege Management
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
11924
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Naceri with MSRC Vulnerabilities & Mitigations
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p>
<p>Yes. As of May 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-30393
Use After Free
11762
11763
11951
11952
11953
12420
12421
12440
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
Click to Run
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.97.25042725
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
Li Shuang and willJ with Vulnerability Research Institute
1.0
2025-05-13T07:00:00
<p>Information published.</p>
2.0
2025-05-14T07:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p>
Microsoft Dataverse Elevation of Privilege Vulnerability
<p>Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>What actions do I need to take to be protected from this vulnerability</strong></p>
<p>Customers who do not wish to wait for the PDU can update Dataverse by doing the following:</p>
<ol>
<li>Open <strong>Resource Scheduling Optimization</strong> and select <strong>Upgrade to new version</strong>.</li>
<li>Select version 1406 from the <strong>Select target version</strong> list.</li>
</ol>
Microsoft Dataverse
Microsoft
Yes
CVE-2025-29826
Improper Handling of Insufficient Permissions or Privileges
12338
Elevation of Privilege
12338
Important
12338
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.3
6.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12338
Release Notes
https://learn.microsoft.com/en-us/dynamics365/released-versions/Microsoft-Dataverse
12338
Maybe
Security Update
3.4.0.1406
https://learn.microsoft.com/en-us/dynamics365/field-service/field-service-version-history-resource-scheduling-optimization#3401406
12338
Release Notes
Prasanna Kudli
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
<p>Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Remote Desktop Gateway Service
Microsoft
Yes
CVE-2025-30394
Sensitive Data Storage in Improperly Locked Memory
11571
11572
11923
11924
12437
12244
12436
10816
10855
10378
10379
10483
10543
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
12437
Denial of Service
12244
Denial of Service
12436
Denial of Service
10816
Denial of Service
10855
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11571
Important
11572
Important
11923
Important
11924
Important
12437
Important
12244
Important
12436
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12436
5058497
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10816
10855
5058383
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Anonymous
bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a>
ʌ!ɔ⊥ojv with Kunlun Lab
SmallerDragon
Anonymous working with Trend Zero Day Initiative
1.0
2025-05-13T07:00:00
<p>Information published.</p>
1.1
2025-06-03T07:00:00
<p>Updated acknowledgment. This is an informational change only.</p>
Microsoft DWM Core Library Elevation of Privilege Vulnerability
<p>Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows DWM
Microsoft
Yes
CVE-2025-30400
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11568
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11569
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11571
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11572
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11923
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11924
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11929
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11930
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11931
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12085
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12086
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12097
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12098
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12099
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12437
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12242
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12243
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12244
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12389
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12390
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12436
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
Microsoft Threat Intelligence Center
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Common Log File System Driver Elevation of Privilege Vulnerability
<p>Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Common Log File System Driver
Microsoft
Yes
CVE-2025-32701
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11568
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11569
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11571
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11572
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11923
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11924
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11929
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11930
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11931
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12085
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12086
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12097
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12098
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12099
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12437
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12242
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12243
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12244
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12389
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12390
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12436
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10729
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10735
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10852
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10853
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10816
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10855
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9312
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10287
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9318
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9344
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10051
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10049
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10378
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10379
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10483
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Microsoft Threat Intelligence Center
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Visual Studio Information Disclosure Vulnerability
<p>Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p>
Visual Studio
Microsoft
Yes
CVE-2025-32703
Insufficient Granularity of Access Control
Exposure of Sensitive Information to an Unauthorized Actor
11600
11935
12459
12506
12271
12322
Information Disclosure
11600
Information Disclosure
11935
Information Disclosure
12459
Information Disclosure
12506
Information Disclosure
12271
Information Disclosure
12322
Important
11600
Important
11935
Important
12459
Important
12506
Important
12271
Important
12322
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11600
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11935
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12459
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12506
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12271
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12322
Release Notes
http://aka.ms/vs/15/release/latest
11600
Maybe
Security Update
15.9.73
https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes
11600
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11
11935
Maybe
Security Update
16.11.47
https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11
11935
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12
12459
Maybe
Security Update
17.12.8
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12459
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.13
12506
Maybe
Security Update
17.13.7
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12506
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8
12271
Maybe
Security Update
17.8.21
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12271
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10
12322
Maybe
Security Update
17.10.14
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12322
Release Notes
Anonymous
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Common Log File System Driver Elevation of Privilege Vulnerability
<p>Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Common Log File System Driver
Microsoft
Yes
CVE-2025-32706
Improper Input Validation
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11568
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11569
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11571
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11572
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11923
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11924
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11929
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11930
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11931
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12085
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12086
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12097
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12098
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12099
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12437
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12242
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12243
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12244
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12389
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12390
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12436
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10729
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10735
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10852
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10853
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10816
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10855
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9312
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10287
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9318
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9344
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10051
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10049
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10378
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10379
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10483
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
CrowdStrike Advanced Research Team
Benoit Sevens of Google Threat Intelligence Group
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Visual Studio Code Security Feature Bypass Vulnerability
<p>Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and some loss of integrity (I:L), but no loss of availability (A:N). What does that mean for this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could view sensitive information, a token in this scenario (Confidentiality), and make some changes to disclosed information (Integrity), but they would not be able to affect Availability.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could bypass the Trusted Domain Service.</p>
Visual Studio Code
Microsoft
Yes
CVE-2025-21264
Files or Directories Accessible to External Parties
11622
16782
Security Feature Bypass
11622
Security Feature Bypass
16782
Important
11622
Important
16782
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
11622
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
16782
Release Notes
https://code.visualstudio.com/download
11622
Maybe
Security Update
1.100.1
https://code.visualstudio.com/updates/v1_100
11622
Release Notes
Release Notes
https://code.visualstudio.com/Download
16782
Maybe
Security Update
0.27.2
https://github.com/microsoft/vscode/
16782
Release Notes
Anonymous
1.0
2025-05-13T07:00:00
<p>Information published.</p>
2.0
2025-06-17T07:00:00
<p>In the Security Updates Table, added Microsoft Visual Studio CoPilot Chat Extension as it is also affected by this vulnerability. Microsoft recommends that customers install the update to be fully protected from the vulnerability.</p>
Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability
<p>Improper access control in Azure allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure
Microsoft
No
CVE-2025-33072
Improper Access Control
16744
Information Disclosure
16744
Critical
16744
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
16744
<a href="https://www.linkedin.com/in/a-zaiter/">Abdulrahman Zaiter</a>
1.0
2025-05-08T07:00:00
<p>Information published.</p>
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
<p>Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>
<p><strong>I am running Windows Server 2008 or Windows Server 2008 R2. How do I protect my system from this vulnerability?</strong></p>
<p>The protections for this vulnerability are not included in the following May 2025 monthly rollup or security-only updates released on May 13, 2025:</p>
<ul>
<li>Windows Server 2008 R2: KB5058454 (Security-only update)</li>
<li>Windows Server 2008 R2: KB5058430 (Monthly Rollup)</li>
<li>Windows Server 2008: KB5058429 (Security-only update)</li>
<li>Windows Server 2008: KB5058449 (Monthly Rollup)</li>
</ul>
<p>Instead, customers running these versions of Windows Server need to install the following Out-of-Band (OOB) updates, released also on May 13, 2025, as applicable:</p>
<ul>
<li>Windows Server 2008 R2: KB5061195 (Security-only update)</li>
<li>Windows Server 2008 R2: KB5061196 (Monthly Rollup)</li>
<li>Windows Server 2008: KB5061197 (Security-only update)</li>
<li>Windows Server 2008: KB5061198 (Monthly Rollup)</li>
</ul>
<p><strong>Note</strong> These OOB updates are cumulative, so if you haven't already installed the May 2025 monthly rollup or security-only updates, you can install the applicable OOB update directly. If you have already installed the May 2025 monthly rollup or security-only updates, you need to also install the OOB updates to be protected from this vulnerability.</p>
Windows Ancillary Function Driver for WinSock
Microsoft
Yes
CVE-2025-32709
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5061198
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061198
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23317
https://support.microsoft.com/help/5061198
9312
10287
9318
9344
5061198
5061197
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061197
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23317
https://support.microsoft.com/help/5061197
9312
10287
9318
9344
5061197
5061196
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061196
10051
10049
Yes
Monthly Rollup
6.1.7601.27730
https://support.microsoft.com/help/5061196
10051
10049
5061196
5061195
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061195
10051
10049
Yes
Security Update
6.1.7601.27730
10051
10049
5061195
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Anonymous
1.0
2025-05-13T07:00:00
<p>Information published.</p>
2.0
2025-05-15T07:00:00
<p>In the Security Updates table, added all supported editions of Windows Server 2008 and Windows Server 2008 R2 as they are affected by this vulnerability. Customers running these versions of Windows Server please note that to be protected from this vulnerability you need to install the out-of-band updates as follows:</p>
<ul>
<li>Windows Server 2008 R2: KB5061195 (Security-only update)</li>
<li>Windows Server 2008 R2: KB5061196 (Monthly Rollup)</li>
<li>Windows Server 2008: KB5061197 (Security-only update)</li>
<li>Windows Server 2008: KB5061198 (Monthly Rollup)</li>
</ul>
<p>Please see the Security Updates table and FAQs section for more information.</p>
Chromium: CVE-2025-5066 Inappropriate implementation in Messages
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>137.0.3296.52</td>
<td>5/29/2025</td>
<td>137.0.7151.55/.56</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-5066
11655
11655
11655
Release Notes
11655
No
Security Update
137.0.3296.52
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-05-29T19:06:23
<p>Information published.</p>
Chromium: CVE-2025-5067 Inappropriate implementation in Tab Strip
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>137.0.3296.52</td>
<td>5/29/2025</td>
<td>137.0.7151.55/.56</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-5067
11655
11655
11655
Release Notes
11655
No
Security Update
137.0.3296.52
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-05-29T18:55:16
<p>Information published.</p>
Chromium: CVE-2025-5283 Use after free in libvpx
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>137.0.3296.52</td>
<td>5/29/2025</td>
<td>137.0.7151.55/.56</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-5283
11655
11655
11655
Release Notes
11655
No
Security Update
137.0.3296.52
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-05-29T18:55:14
<p>Information published.</p>
Chromium: CVE-2025-5281 Inappropriate implementation in BFCache
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>137.0.3296.52</td>
<td>5/29/2025</td>
<td>137.0.7151.55/.56</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-5281
11655
11655
11655
Release Notes
11655
No
Security Update
137.0.3296.52
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-05-29T18:55:12
<p>Information published.</p>
Chromium: CVE-2025-5065 Inappropriate implementation in FileSystemAccess API
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>137.0.3296.52</td>
<td>5/29/2025</td>
<td>137.0.7151.55/.56</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-5065
11655
11655
11655
Release Notes
11655
No
Security Update
137.0.3296.52
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-05-29T18:55:09
<p>Information published.</p>
Chromium: CVE-2025-5064 Inappropriate implementation in Background Fetch API
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>137.0.3296.52</td>
<td>5/29/2025</td>
<td>137.0.7151.55/.56</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-5064
11655
11655
11655
Release Notes
11655
No
Security Update
137.0.3296.52
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-05-29T18:55:07
<p>Information published.</p>
Chromium: CVE-2025-5280 Out of bounds write in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>137.0.3296.52</td>
<td>5/29/2025</td>
<td>137.0.7151.55/.56</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-5280
11655
11655
11655
Release Notes
11655
No
Security Update
137.0.3296.52
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-05-29T18:55:05
<p>Information published.</p>
Chromium: CVE-2025-5063 Use after free in Compositing
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>137.0.3296.52</td>
<td>5/29/2025</td>
<td>137.0.7151.55/.56</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-5063
11655
11655
11655
Release Notes
11655
No
Security Update
137.0.3296.52
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-05-29T18:55:01
<p>Information published.</p>
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
<p>Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.</p>
Remote Desktop Gateway Service
Microsoft
Yes
CVE-2025-26677
Uncontrolled Resource Consumption
11571
11572
11923
11924
12437
12244
12436
10816
10855
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
12437
Denial of Service
12244
Denial of Service
12436
Denial of Service
10816
Denial of Service
10855
Important
11571
Important
11572
Important
11923
Important
11924
Important
12437
Important
12244
Important
12436
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12436
5058497
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10816
10855
5058383
ʌ!ɔ⊥ojv with Kunlun Lab
<a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability
<p>Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Hardware Lab Kit
Microsoft
Yes
CVE-2025-27488
Use of Hard-coded Credentials
16752
16753
16756
16759
16751
16754
16760
16757
16758
16761
16755
Elevation of Privilege
16752
Elevation of Privilege
16753
Elevation of Privilege
16756
Elevation of Privilege
16759
Elevation of Privilege
16751
Elevation of Privilege
16754
Elevation of Privilege
16760
Elevation of Privilege
16757
Elevation of Privilege
16758
Elevation of Privilege
16761
Elevation of Privilege
16755
Important
16752
Important
16753
Important
16756
Important
16759
Important
16751
Important
16754
Important
16760
Important
16757
Important
16758
Important
16761
Important
16755
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16752
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16753
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16756
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16759
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16751
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16754
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16760
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16757
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16758
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16761
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16755
Release Notes
https://go.microsoft.com/fwlink/?linkid=2320012
16752
16753
Maybe
Security Update
10.1.26100.3478
https://learn.microsoft.com/en-us/windows-hardware/test/hlk/what-s-new-in-the-hardware-lab-kit#whats-new-in-previous-releases
16752
16753
Release Notes
Release Notes
https://go.microsoft.com/fwlink/?linkid=2319329
16756
16755
Maybe
Security Update
10.1.17763.7010
https://learn.microsoft.com/en-us/windows-hardware/test/hlk/what-s-new-in-the-hardware-lab-kit#whats-new-in-previous-releases
16756
16755
Release Notes
Release Notes
https://go.microsoft.com/fwlink/?linkid=2320002
16759
16760
16757
16758
16761
Maybe
Security Update
10.1.19041.5609
https://learn.microsoft.com/en-us/windows-hardware/test/hlk/what-s-new-in-the-hardware-lab-kit#whats-new-in-previous-releases
16759
16760
16757
16758
16761
Release Notes
Release Notes
https://go.microsoft.com/fwlink/?linkid=2320114
16751
Maybe
Security Update
10.1.22621.5040
https://learn.microsoft.com/en-us/windows-hardware/test/hlk/what-s-new-in-the-hardware-lab-kit#whats-new-in-previous-releases
16751
Release Notes
Release Notes
https://go.microsoft.com/fwlink/?linkid=2320003
16754
Maybe
Security Update
10.1.20348.3330
https://learn.microsoft.com/en-us/windows-hardware/test/hlk/what-s-new-in-the-hardware-lab-kit#whats-new-in-previous-releases
16754
Release Notes
Microsoft
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Microsoft Defender for Identity Spoofing Vulnerability
<p>Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network.</p>
<p><strong>What actions do I need to take to be protected from this vulnerability?</strong></p>
<p>No admin action is required. Customers that have NTLM completely disabled in their environment and would like to keep the feature working, should open a support case requesting to reenable the feature. For more information, please see this article: <a href="https://learn.microsoft.com/en-us/defender-for-identity/deploy/remote-calls-sam">https://learn.microsoft.com/en-us/defender-for-identity/deploy/remote-calls-sam</a></p>
<p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p>
<p>An unauthenticated attacker with LAN access could exploit this vulnerability.</p>
Microsoft Defender for Identity
Microsoft
Yes
CVE-2025-26685
Improper Authentication
12512
Spoofing
12512
Important
12512
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Unlikely
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12512
<a href="https://linkedin.com/in/joshua-murrell-io">Joshua Murrell</a> with <a href="https://www.netspi.com/">NetSPI</a>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability
<p>Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>Exploiting this vulnerability could allow the disclosure of certain kernel memory content.</p>
Windows Trusted Runtime Interface Driver
Microsoft
Yes
CVE-2025-29829
Use of Uninitialized Resource
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
11924
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
<a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
<p>Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>In a web-based attack scenario, an attacker could host a website or server that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p>
Windows Routing and Remote Access Service (RRAS)
Microsoft
Yes
CVE-2025-29830
Use of Uninitialized Resource
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
11924
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Anonymous with Codesafe Team of Legendsec at QI-ANXIN Group
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Remote Desktop Services Remote Code Execution Vulnerability
<p>Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could successfully exploit this vulnerability by attempting to connect to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of the vulnerability requires an admin user to stop or restart the service.</p>
Remote Desktop Gateway Service
Microsoft
Yes
CVE-2025-29831
Use After Free
11571
11572
11923
11924
12437
12244
12436
10816
10855
10051
10049
10378
10379
10483
10543
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
12437
Remote Code Execution
12244
Remote Code Execution
12436
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11571
Important
11572
Important
11923
Important
11924
Important
12437
Important
12244
Important
12436
Important
10816
Important
10855
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12436
5058497
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10816
10855
5058383
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
ʌ!ɔ⊥ojv with Kunlun Lab
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>This attack requires an admin user on the client to connect to a malicious server and then take specific actions which could result in information disclosure.</p>
Windows Routing and Remote Access Service (RRAS)
Microsoft
Yes
CVE-2025-29832
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Anonymous with Codesafe Team of Legendsec at QI-ANXIN Group
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
<p>Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>An authorized attacker with privileges could send controlled inputs to exploit this vulnerability.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows Virtual Machine Bus
Microsoft
Yes
CVE-2025-29833
Time-of-check Time-of-use (TOCTOU) Race Condition
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
12437
Critical
12242
Critical
12243
Critical
12244
Critical
12389
Critical
12390
Critical
12436
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
11924
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Chief Banana
1.1
2025-05-14T07:00:00
<p>Added an FAQ and updated the CVSS score. This is an informational change only.</p>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Remote Access Connection Manager Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>This attack requires an admin user on the client to connect to a malicious server and then take specific actions which could result in information disclosure.</p>
Windows Routing and Remote Access Service (RRAS)
Microsoft
Yes
CVE-2025-29835
Out-of-bounds Read
NULL Pointer Dereference
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Anonymous with Codesafe Team of Legendsec at QI-ANXIN Group
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p>
<p>An unauthorized attacker must wait for a user to initiate a connection.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p>
Windows Routing and Remote Access Service (RRAS)
Microsoft
Yes
CVE-2025-29836
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Microsoft Offensive Research & Security Engineering
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Installer Information Disclosure Vulnerability
<p>Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p>
Windows Installer
Microsoft
Yes
CVE-2025-29837
Improper Link Resolution Before File Access ('Link Following')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Simon Zuckerbraun of Trend Zero Day Initiative
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows ExecutionContext Driver Elevation of Privilege Vulnerability
<p>Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires a mappable null page.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Drivers
Microsoft
Yes
CVE-2025-29838
NULL Pointer Dereference
12437
12389
12390
12436
Elevation of Privilege
12437
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
12437
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
<a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37)</a> with <a href="https://www.enki.co.kr/">Ajou University, and working at ENKI WhiteHat</a>
<a href="https://linkedin.com/in/kdj-abysslab">Dongjun Kim (smlijun)</a> with <a href="https://www.enki.co.kr/">Ajou University, and working at ENKI WhiteHat</a>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Multiple UNC Provider Driver Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p>
<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
Windows File Server
Microsoft
Yes
CVE-2025-29839
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11568
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11569
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11571
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11572
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11923
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11924
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11929
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11930
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11931
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12085
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12086
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12097
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12098
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12099
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12437
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12242
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12243
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12244
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12389
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12390
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12436
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10729
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10735
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10852
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10853
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10816
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10855
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
9312
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10287
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
9318
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
9344
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10051
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10049
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10378
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10379
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10483
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
<a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Media Remote Code Execution Vulnerability
<p>Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires a user to open a specially crafted file from the attacker to initiate remote code execution.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through convincing a user to open a malicious document at which point the attacker could execute arbitrary code in the context of the user.</p>
Windows Media
Microsoft
Yes
CVE-2025-29840
Stack-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12242
12243
12244
10729
10735
10852
10853
10816
10855
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12242
Important
12243
Important
12244
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
Dan Mattson with Microsoft
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Universal Print Management Service Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Universal Print Management Service
Microsoft
Yes
CVE-2025-29841
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Use After Free
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
<a href="https://x.com/ro_ll_ing">Byunghyun Kang</a> with <a href="https://home.sejong.ac.kr/~cedpt/">Sejong University</a>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
UrlMon Security Feature Bypass Vulnerability
<p>Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted Word file.</p>
<p>In an email attack scenario, an attacker could exploit the vulnerability by sending a link to the specially crafted Word file. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to open the file, typically by way of an enticement in an email or instant message.</p>
UrlMon
Microsoft
Yes
CVE-2025-29842
Acceptance of Extraneous Untrusted Data With Trusted Data
12098
11924
12244
12389
12390
11571
12436
11931
12243
12099
10853
10852
10729
11923
10735
12085
10816
12097
11929
10855
11572
11568
12437
12242
12086
11930
11569
Security Feature Bypass
12098
Security Feature Bypass
11924
Security Feature Bypass
12244
Security Feature Bypass
12389
Security Feature Bypass
12390
Security Feature Bypass
11571
Security Feature Bypass
12436
Security Feature Bypass
11931
Security Feature Bypass
12243
Security Feature Bypass
12099
Security Feature Bypass
10853
Security Feature Bypass
10852
Security Feature Bypass
10729
Security Feature Bypass
11923
Security Feature Bypass
10735
Security Feature Bypass
12085
Security Feature Bypass
10816
Security Feature Bypass
12097
Security Feature Bypass
11929
Security Feature Bypass
10855
Security Feature Bypass
11572
Security Feature Bypass
11568
Security Feature Bypass
12437
Security Feature Bypass
12242
Security Feature Bypass
12086
Security Feature Bypass
11930
Security Feature Bypass
11569
Important
12098
Important
11924
Important
12244
Important
12389
Important
12390
Important
11571
Important
12436
Important
11931
Important
12243
Important
12099
Important
10853
Important
10852
Important
10729
Important
11923
Important
10735
Important
12085
Important
10816
Important
12097
Important
11929
Important
10855
Important
11572
Important
11568
Important
12437
Important
12242
Important
12086
Important
11930
Important
11569
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12098
12099
12097
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12098
12099
12097
5058379
5058379
https://support.microsoft.com/help/5058379
12098
11931
12099
12097
11929
11930
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11924
11923
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11924
11923
5058385
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12389
12390
12436
12437
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12389
12390
12436
12437
5058411
5058411
https://support.microsoft.com/help/5058411
12389
12390
12436
12437
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12389
12390
12436
12437
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12389
12390
12436
12437
5058497
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11571
11572
11568
11569
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11571
11572
11568
11569
5058392
5058392
https://support.microsoft.com/help/5058392
11571
11572
11568
11569
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11931
11929
11930
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11931
11929
11930
5058379
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12243
12242
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12243
12242
5058405
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10853
10852
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10853
10852
10816
10855
5058383
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
Felix Boulet
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
<p>Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.</p>
<p><strong>Are there additional actions I need to take to harden my system against unauthenticated RPC calls?</strong></p>
<p>Possibly. Refer to <a href="https://support.microsoft.com/en-us/topic/kb5066014-netlogon-rpc-hardening-cve-2025-49716-38a0bc06-507c-47d4-be0f-ca1acab02c68">KB5066014—Netlogon RPC Hardening (CVE-2025-49716) - Microsoft Support</a> for additional follow-up actions you might need to take.</p>
Windows LDAP - Lightweight Directory Access Protocol
Microsoft
Yes
CVE-2025-29954
Uncontrolled Resource Consumption
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12242
12243
12244
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12242
Important
12243
Important
12244
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Dan Reynolds
<a href="https://bsky.app/profile/hexnomad.bsky.social">Erik Egsgard</a> with <a href="https://fieldeffect.com/">Field Effect</a>
1.1
2025-08-07T07:00:00
<p>Added an acknowledgement. This is an informational change only.</p>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
1.2
2025-09-09T07:00:00
<p>Added an FAQ to provide a link to <a href="https://support.microsoft.com/en-us/topic/kb5066014-netlogon-rpc-hardening-cve-2025-49716-38a0bc06-507c-47d4-be0f-ca1acab02c68">KB5066014—Netlogon RPC Hardening (CVE-2025-49716) - Microsoft Support</a>. The article provides further guidance for hardening systems against unauthenticated RPC calls. This is an informational change only.</p>
Windows Hyper-V Denial of Service Vulnerability
<p>Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally.</p>
Role: Windows Hyper-V
Microsoft
Yes
CVE-2025-29955
Improper Input Validation
12437
12244
12390
12436
Denial of Service
12437
Denial of Service
12244
Denial of Service
12390
Denial of Service
12436
Important
12437
Important
12244
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12390
12436
5058497
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
MORSE with <a href="https://microsoft.com/">Microsoft</a>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows SMB Information Disclosure Vulnerability
<p>Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>The attack requires to trick a user to open an SMB share folder that is hosted on the attacker-controlled system. Windows Explorer has to automatically register for directory change notification after opening the share folder.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>To successfully exploit the vulnerability, an attacker would need to direct a user to connect to the malicious SMB server to retrieve some data as part of an OS API call.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>For this vulnerability, it is out of attacker's control to trigger the OOB read buffer to be sent back to the attacker-controlled system.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), no loss of integrity (I:N), and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p>
<p>There is a high likelihood that the Out-Of-Bounds (OOB) read data results in a crash in Windows Explorer. Every time the SMB client sends the OOB read data to the remote SMB server and a crash does not occur, it would contain several bytes of random user mode heap memory.</p>
Windows SMB
Microsoft
Yes
CVE-2025-29956
Buffer Over-read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
11568
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
11569
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
11571
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
11572
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
11923
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
11924
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
11929
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
11930
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
11931
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
12085
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
12086
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
12097
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
12098
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
12099
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
12437
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
12242
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
12243
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
12244
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
12389
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
12390
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
12436
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
10729
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
10735
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
10852
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
10853
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
10816
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
10855
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
9312
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
10287
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
9318
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
9344
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
10051
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
10049
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
10378
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
10379
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
10483
5.4
4.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Genghis Karimov with Microsoft High Availability Storage Group
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Deployment Services Denial of Service Vulnerability
<p>Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.</p>
Windows Deployment Services
Microsoft
Yes
CVE-2025-29957
Uncontrolled Resource Consumption
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
12437
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
R4nger & Zhiniang Peng
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
<p>Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>In a web-based attack scenario, an attacker could host a website or server that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p>
Windows Routing and Remote Access Service (RRAS)
Microsoft
Yes
CVE-2025-29958
Use of Uninitialized Resource
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Anonymous with Codesafe Team of Legendsec at QI-ANXIN Group
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>In a web-based attack scenario, an attacker could host a website or server that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
Windows Routing and Remote Access Service (RRAS)
Microsoft
Yes
CVE-2025-29961
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Anonymous with Codesafe Team of Legendsec at QI-ANXIN Group
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Media Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through convincing a user to open a malicious document at which point the attacker could execute arbitrary code in the context of the user.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires a user to open a specially crafted file from the attacker to initiate remote code execution.</p>
Windows Media
Microsoft
Yes
CVE-2025-29962
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Anonymous
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Media Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires a user to open a specially crafted file from the attacker to initiate remote code execution.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through convincing a user to open a malicious document at which point the attacker could execute arbitrary code in the context of the user.</p>
Windows Media
Microsoft
Yes
CVE-2025-29963
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
Anonymous
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Kernel Information Disclosure Vulnerability
<p>Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>Exploiting this vulnerability could allow the disclosure of certain kernel memory content.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p>
<p>Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.</p>
Windows Kernel
Microsoft
Yes
CVE-2025-29974
Integer Underflow (Wrap or Wraparound)
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
5.7
5.0
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Anonymous
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Common Log File System Driver Elevation of Privilege Vulnerability
<p>Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user.</p>
Windows Common Log File System Driver
Microsoft
Yes
CVE-2025-30385
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
<a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities & Mitigations
<a href="https://linkedin.com/in/dr-sr">Dan Reynolds</a> with MSRC Vulnerabilities & Mitigations
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Windows Graphics Component Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p>
<p>Yes. As of May 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p>
Windows Win32K - GRFX
Microsoft
Yes
CVE-2025-30388
Heap-based Buffer Overflow
11951
12155
12156
12440
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11951
Remote Code Execution
12155
Remote Code Execution
12156
Remote Code Execution
12440
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11951
Important
12155
Important
12156
Important
12440
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12155
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12156
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.97.25042725
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
Release Notes
https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow
12155
Maybe
Security Update
16.0.18827.20000
https://support.google.com/googleplay/answer/113412?hl=en
12155
Release Notes
Release Notes
https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f
12156
Maybe
Security Update
16.0.14326.22502
https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f
12156
Release Notes
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
<a href="https://x.com/gaborseljan">Gábor Selján</a> with <a href="https://checkpoint.com/">Check Point</a>
2.0
2025-05-14T07:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Scripting Engine Memory Corruption Vulnerability
<p>Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to first prepare the target so that it uses Edge in Internet Explorer Mode.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires an authenticated client to click a link so that an unauthenticated attacker can initiate remote code execution.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p>
<p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?</strong></p>
<p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p>
<p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p>
Microsoft Scripting Engine
Microsoft
Yes
CVE-2025-30397
Access of Resource Using Incompatible Type ('Type Confusion')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11568
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11569
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11571
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11572
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11923
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11924
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11929
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11930
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11931
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12085
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12086
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12097
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12098
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12099
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12437
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12242
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12243
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12244
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12389
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12390
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12436
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10729
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10735
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10852
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10853
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10816
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10855
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9312
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10287
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9318
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9344
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10051
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10049
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10378
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10379
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10483
7.5
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058380
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058380
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Yes
IE Cumulative
1.003
https://support.microsoft.com/en-us/help/5058380
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
5058380
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
Microsoft Threat Intelligence Center
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Visual Studio Remote Code Execution Vulnerability
<p>Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
Visual Studio
Microsoft
Yes
CVE-2025-32702
Improper Neutralization of Special Elements used in a Command ('Command Injection')
11935
12459
12506
12271
12322
Remote Code Execution
11935
Remote Code Execution
12459
Remote Code Execution
12506
Remote Code Execution
12271
Remote Code Execution
12322
Important
11935
Important
12459
Important
12506
Important
12271
Important
12322
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11935
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12459
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12506
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12271
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12322
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11
11935
Maybe
Security Update
16.11.47
https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11
11935
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12
12459
Maybe
Security Update
17.12.8
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12459
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.13
12506
Maybe
Security Update
17.13.7
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12506
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8
12271
Maybe
Security Update
17.8.21
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12271
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10
12322
Maybe
Security Update
17.10.14
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12322
Release Notes
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-32704
Buffer Over-read
11573
11574
11762
11763
11952
11953
12420
12421
10739
10740
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
10739
Remote Code Execution
10740
Important
11573
Important
11574
Important
11762
Important
11763
Important
11952
Important
11953
Important
12420
Important
12421
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
5002695
5002179
10739
10740
Maybe
Security Update
16.0.5500.1001
https://support.microsoft.com/kb/5002695
10739
10740
5002695
f4
<a href="https://twitter.com/jq0904">Quan Jin</a> with <a href="https://www.dbappsecurity.com.cn/product/cloud250.html">DBAPPSecurity WeBin Lab</a>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Microsoft Outlook Remote Code Execution Vulnerability
<p>Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Outlook software.</p>
<ul>
<li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li>
</ul>
Microsoft Office Outlook
Microsoft
Yes
CVE-2025-32705
Out-of-bounds Read
11762
11763
11952
11953
12420
12421
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Important
11762
Important
11763
Important
11952
Important
11953
Important
12420
Important
12421
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
Click to Run
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates
11762
11763
11952
11953
12420
12421
Click to Run
Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
NTFS Elevation of Privilege Vulnerability
<p>Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p>
<p>An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows NTFS
Microsoft
Yes
CVE-2025-32707
Out-of-bounds Read
11568
11569
11571
11572
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
<a href="https://infosec.exchange/@wdormann">Will Dormann</a> with <a href="https://vu.ls/">Vul Labs</a>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Azure Storage Resource Provider Spoofing Vulnerability
<p>Server-side request forgery (ssrf) in Azure Storage Resource Provider allows an authorized attacker to perform spoofing over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Storage Resource Provider
Microsoft
No
CVE-2025-29972
Server-Side Request Forgery (SSRF)
16750
Spoofing
16750
Critical
16750
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
9.9
8.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
16750
<a href="https://x.com/g1nd1l4">G1ND1L4</a> with Microsoft
Stav Nir with Microsoft
1.0
2025-05-08T07:00:00
<p>Information published.</p>
Azure Automation Elevation of Privilege Vulnerability
<p>Improper authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Automation
Microsoft
No
CVE-2025-29827
Improper Authorization
11656
Elevation of Privilege
11656
Critical
11656
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
9.9
8.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:P/RL:O/RC:C
11656
Shay Shavit
1.0
2025-05-08T07:00:00
<p>Information published.</p>
Azure DevOps Elevation of Privilege Vulnerability
<p>Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure DevOps
Microsoft
No
CVE-2025-29813
Authentication Bypass by Assumed-Immutable Data
11998
Elevation of Privilege
11998
Critical
11998
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
10.0
9.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11998
Cameron Vincent with Microsoft
1.0
2025-05-08T07:00:00
<p>Information published.</p>
Microsoft Power Apps Information Disclosure Vulnerability
<p>Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Microsoft Power Apps
Microsoft
No
CVE-2025-47733
Server-Side Request Forgery (SSRF)
12497
Information Disclosure
12497
Critical
12497
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
9.1
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12497
<a href="https://twitter.com/stargravy">Evan Grant</a>
1.0
2025-05-08T07:00:00
<p>Information published.</p>
Microsoft Dataverse Remote Code Execution Vulnerability
<p>Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Microsoft Dataverse
Microsoft
No
CVE-2025-47732
Deserialization of Untrusted Data
12338
Remote Code Execution
12338
Critical
12338
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
8.7
7.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C
12338
<a href="https://nl.linkedin.com/in/erik-donker-50a887bb">Erik Donker</a> with Microsoft
1.0
2025-05-08T07:00:00
<p>Information published.</p>
Chromium: CVE-2025-4372 Use after free in WebAudio
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>136.0.3240.64</td>
<td>5/8/2025</td>
<td>136.0.7103.93</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-4372
11655
11655
11655
Release Notes
11655
No
Security Update
v136.0.3240.64
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-05-08T23:20:05
<p>Information published.</p>
Microsoft Defender for Endpoint Elevation of Privilege Vulnerability
<p>Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.</p>
<p><strong>How can I verify that the update is installed?</strong></p>
<p>Customers wanting to ensure the client has been updated can run the MDE Client Analyzer on the device. When running the analyzer on a Windows device that does not have the security update, the analyzer will present a warning (ID 121035) indicating missing patch and directing to relevant online article. Additionally, if the update is installed, but the Anti-Spoofing capability is not in a stable state, the analyzer will present warning (ID 121036) indicating an issue and providing additional online guidance or callout to reach out to Microsoft support if issue persists.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Microsoft Defender for Endpoint
Microsoft
Yes
CVE-2025-47161
Improper Access Control
12015
Elevation of Privilege
12015
Important
12015
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12015
Release Notes
https://learn.microsoft.com/en-us/defender-endpoint/linux-whatsnew#releases-for-defender-for-endpoint-on-linux
12015
No
Security Update
101.25022.0002
https://learn.microsoft.com/en-us/defender-endpoint/linux-whatsnew#releases-for-defender-for-endpoint-on-linux
12015
Release Notes
Rich Mirch with <a href="https://www.stratascale.com/">Stratascale Cyber Research Unit</a>
1.0
2025-05-15T07:00:00
<p>Information published.</p>
1.1
2025-07-08T07:00:00
<p>Updated links to security updates. This is an informational change only.</p>
Chromium: CVE-2025-4609 Incorrect handle provided in unspecified circumstances in Mojo
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>136.0.3240.76</td>
<td>5/15/2025</td>
<td>136.0.7103.113</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-4609
11655
11655
11655
Release Notes
11655
No
Security Update
136.0.3240.76
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-05-15T17:20:53
<p>Information published.</p>
Chromium: CVE-2025-4664 Insufficient policy enforcement in Loader
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information. Google is aware of reports that an exploit for CVE-2025-4664 exists in the wild.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>136.0.3240.76</td>
<td>5/15/2025</td>
<td>136.0.7103.113</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-4664
11655
11655
11655
Release Notes
11655
No
Security Update
136.0.3240.76
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-05-15T17:20:49
<p>Information published.</p>
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). What does this mean for this vulnerability?</strong></p>
<p>The attacker would have to be an authenticated user logged on to the vulnerable system to be able to exploit this vulnerability.</p>
Windows Kernel
Microsoft
Yes
CVE-2025-24063
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5058392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392
5055519
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7314
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058392
5058392
https://support.microsoft.com/help/5058392
11568
11569
11571
11572
5058385
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385
5055526
11923
11924
Yes
Security Update
10.0.20348.3692
https://support.microsoft.com/help/5058385
11923
11924
5058385
5058500
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3630
https://support.microsoft.com/help/5058500
11923
5058500
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
11929
11930
11931
Yes
Security Update
10.0.19044.5854
https://support.microsoft.com/help/5058379
11929
11930
11931
5058379
5058379
https://support.microsoft.com/help/5058379
11929
11930
11931
12097
12098
12099
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12085
12086
Yes
Security Update
10.0.22621.5335
https://support.microsoft.com/help/5058405
12085
12086
5058405
5058379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379
5055518
12097
12098
12099
Yes
Security Update
10.0.19045.5854
https://support.microsoft.com/help/5058379
12097
12098
12099
5058379
5058411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
5055523
12437
12389
12390
12436
Yes
Security Update
10.0.26100.4061
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058411
5058411
https://support.microsoft.com/help/5058411
12437
12389
12390
12436
5058497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3981
https://support.microsoft.com/help/5058497
12437
12389
12390
12436
5058497
5058405
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
5055528
12242
12243
Yes
Security Update
10.0.22631.5335
https://support.microsoft.com/help/5058405
12242
12243
5058405
5058384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384
5055527
12244
Yes
Security Update
10.0.25398.1611
https://support.microsoft.com/help/5058384
12244
5058384
5058387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387
5055547
10729
10735
Yes
Security Update
10.0.10240.21014
https://support.microsoft.com/help/5058387
10729
10735
5058387
5058383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383
5055521
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8066
https://support.microsoft.com/help/5058383
10852
10853
10816
10855
5058383
5058449
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449
5055609
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23279
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058449
5058449
https://support.microsoft.com/help/5058449
9312
10287
9318
9344
5058429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23279
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058429
5058429
https://support.microsoft.com/help/5058429
9312
10287
9318
9344
5058430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430
5055561
10051
10049
Yes
Monthly Rollup
6.1.7601.27729
https://support.microsoft.com/help/5058430
10051
10049
5058430
5058454
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454
10051
10049
Yes
Security Only
6.1.7601.27729
https://support.microsoft.com/help/5058454
10051
10049
5058454
5058451
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451
5055581
10378
10379
Yes
Monthly Rollup
6.2.9200.25475
https://support.microsoft.com/help/5058451
10378
10379
5058451
5058403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403
5055557
10483
10543
Yes
Monthly Rollup
6.3.9600.22577
https://support.microsoft.com/help/5058403
10483
10543
5058403
<a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a>
1.0
2025-05-13T07:00:00
<p>Information published.</p>
Chromium: CVE-2025-4051 Insufficient data validation in DevTools
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>136.0.3240.50</td>
<td>5/1/2025</td>
<td>136.0.7103.49</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-4051
11655
11655
11655
Release Notes
11655
No
Security Update
136.0.3240.50
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.1
2025-05-09T07:00:00
<p>Corrected CVE title. This is an informational change only.</p>
1.0
2025-05-01T22:16:00
<p>Information published.</p>
Chromium: CVE-2025-4052 Inappropriate implementation in DevTools
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>136.0.3240.50</td>
<td>5/1/2025</td>
<td>136.0.7103.49</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-4052
11655
11655
11655
Release Notes
11655
No
Security Update
136.0.3240.50
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.1
2025-05-09T07:00:00
<p>Corrected CVE title. This is an informational change only.</p>
1.0
2025-05-01T22:16:02
<p>Information published.</p>