November 2025 Security Updates
Security Update
secure@microsoft.com
The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc.
2025-Nov
2025-Nov
Final
1.0
366
2026-03-31T15:13:57
November 2025 Security Updates
2025-11-11T00:00:00
2026-03-31T15:13:57
<h2 id="this-release-consists-of-the-following-63-microsoft-cves">This release consists of the following 63 Microsoft CVEs:</h2>
<table>
<thead>
<tr>
<th>Tag</th>
<th>CVE</th>
<th>Base Score</th>
<th>CVSS Vector</th>
<th>Exploitability</th>
<th>FAQs?</th>
<th>Workarounds?</th>
<th>Mitigations?</th>
</tr>
</thead>
<tbody>
<tr>
<td>Nuance PowerScribe</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30398">CVE-2025-30398</a></td>
<td>8.1</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Configuration Manager</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47179">CVE-2025-47179</a></td>
<td>6.7</td>
<td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59240">CVE-2025-59240</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>SQL Server</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59499">CVE-2025-59499</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Monitor Agent</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59504">CVE-2025-59504</a></td>
<td>7.3</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Smart Card</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59505">CVE-2025-59505</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows DirectX</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59506">CVE-2025-59506</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Speech</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59507">CVE-2025-59507</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Speech</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59508">CVE-2025-59508</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Speech</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59509">CVE-2025-59509</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Routing and Remote Access Service (RRAS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59510">CVE-2025-59510</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows WLAN Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59511">CVE-2025-59511</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Customer Experience Improvement Program (CEIP)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59512">CVE-2025-59512</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Bluetooth RFCOM Protocol Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59513">CVE-2025-59513</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Streaming Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59514">CVE-2025-59514</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Broadcast DVR User Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59515">CVE-2025-59515</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Remote Desktop</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60703">CVE-2025-60703</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kerberos</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60704">CVE-2025-60704</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Client-Side Caching (CSC) Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60705">CVE-2025-60705</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Role: Windows Hyper-V</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60706">CVE-2025-60706</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Multimedia Class Scheduler Service (MMCSS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60707">CVE-2025-60707</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Storvsp.sys Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60708">CVE-2025-60708</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Common Log File System Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60709">CVE-2025-60709</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Host Process for Windows Tasks</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60710">CVE-2025-60710</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Routing and Remote Access Service (RRAS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60713">CVE-2025-60713</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows OLE</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60714">CVE-2025-60714</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Routing and Remote Access Service (RRAS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60715">CVE-2025-60715</a></td>
<td>8.0</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows DirectX</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60716">CVE-2025-60716</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Broadcast DVR User Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60717">CVE-2025-60717</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Administrator Protection</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60718">CVE-2025-60718</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Ancillary Function Driver for WinSock</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60719">CVE-2025-60719</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows TDX.sys</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60720">CVE-2025-60720</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Administrator Protection</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60721">CVE-2025-60721</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>OneDrive for Android</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60722">CVE-2025-60722</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows DirectX</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60723">CVE-2025-60723</a></td>
<td>6.3</td>
<td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Graphics Component</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60724">CVE-2025-60724</a></td>
<td>9.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60726">CVE-2025-60726</a></td>
<td>7.1</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60727">CVE-2025-60727</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60728">CVE-2025-60728</a></td>
<td>4.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62199">CVE-2025-62199</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62200">CVE-2025-62200</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62201">CVE-2025-62201</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62202">CVE-2025-62202</a></td>
<td>7.1</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62203">CVE-2025-62203</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62204">CVE-2025-62204</a></td>
<td>8.0</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Word</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62205">CVE-2025-62205</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Dynamics 365 (on-premises)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62206">CVE-2025-62206</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows License Manager</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62208">CVE-2025-62208</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows License Manager</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62209">CVE-2025-62209</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Dynamics 365 Field Service (online)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62210">CVE-2025-62210</a></td>
<td>8.7</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Dynamics 365 Field Service (online)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62211">CVE-2025-62211</a></td>
<td>8.7</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Ancillary Function Driver for WinSock</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62213">CVE-2025-62213</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Visual Studio</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62214">CVE-2025-62214</a></td>
<td>6.7</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kernel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62215">CVE-2025-62215</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td>
<td>Exploitation Detected</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62216">CVE-2025-62216</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Ancillary Function Driver for WinSock</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62217">CVE-2025-62217</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Wireless Provisioning System</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62218">CVE-2025-62218</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Wireless Provisioning System</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62219">CVE-2025-62219</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Subsystem for Linux GUI</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62220">CVE-2025-62220</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Visual Studio Code CoPilot Chat Extension</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62222">CVE-2025-62222</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Visual Studio Code CoPilot Chat Extension</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62449">CVE-2025-62449</a></td>
<td>6.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Routing and Remote Access Service (RRAS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62452">CVE-2025-62452</a></td>
<td>8.0</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>GitHub Copilot and Visual Studio Code</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62453">CVE-2025-62453</a></td>
<td>5.0</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
</tbody>
</table>
<h2 id="we-are-republishing-5-non-microsoft-cves">We are republishing 5 non-Microsoft CVEs:</h2>
<table>
<thead>
<tr>
<th>CNA</th>
<th>Tag</th>
<th>CVE</th>
<th>FAQs?</th>
<th>Workarounds?</th>
<th>Mitigations?</th>
</tr>
</thead>
<tbody>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12725">CVE-2025-12725</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12726">CVE-2025-12726</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12727">CVE-2025-12727</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12728">CVE-2025-12728</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12729">CVE-2025-12729</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
</tbody>
</table>
<h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2>
<table>
<thead>
<tr>
<th>Date</th>
<th>Blog Post</th>
</tr>
</thead>
<tbody>
<tr>
<td>October 31, 2025</td>
<td><a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/introducing-new-features-improved-security-experience">You asked, we delivered: Introducing new features for an improved security experience</a></td>
</tr>
<tr>
<td>October 28, 2025</td>
<td><a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/understanding-cve-2025-55315">Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know</a></td>
</tr>
<tr>
<td>October 22, 2025</td>
<td><a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">Toward greater transparency: Introducing machine-readable Vulnerability Exploitability Xchange (VEX) for Azure Linux and beyond</a></td>
</tr>
<tr>
<td>November 12, 2024</td>
<td><a href="https://aka.ms/MSRC-CSAF-Blog">Toward greater transparency: Publishing machine-readable CSAF files</a></td>
</tr>
<tr>
<td>June 27, 2024</td>
<td><a href="https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves/">Toward greater transparency: Unveiling Cloud Service CVEs</a></td>
</tr>
<tr>
<td>April 9, 2024</td>
<td><a href="https://aka.ms/MSRC-CWE-Blog">Toward greater transparency: Security Update Guide now shares CWEs for CVEs</a></td>
</tr>
<tr>
<td>January 6, 2023</td>
<td><a href="https://msrc.microsoft.com/blog/2023/01/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/">Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API</a></td>
</tr>
<tr>
<td>January 11, 2022</td>
<td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td>
</tr>
<tr>
<td>February 9, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td>
</tr>
<tr>
<td>January 13, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td>
</tr>
<tr>
<td>December 8, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td>
</tr>
<tr>
<td>November 9, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td>
</tr>
</tbody>
</table>
<h2 id="relevant-resources">Relevant Resources</h2>
<ul>
<li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li>
<li>Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li>
<li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li>
<li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li>
<li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li>
<li>Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li>
</ul>
<h2 id="known-issues">Known Issues</h2>
<table>
<thead>
<tr>
<th>KB Article</th>
<th>Product</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://support.microsoft.com/help/5068779">5068779</a></td>
<td>Windows Server 2022, 23H2 Edition (Server Core installation)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5068787">5068787</a></td>
<td>Windows Server 2022</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5068840">5068840</a></td>
<td>Windows Server 2022 Hotpatch</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5068906">5068906</a></td>
<td>Windows Server 2008 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5068966">5068966</a></td>
<td>Windows Server 2025 Hotpatch</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/topic/24e553d1-2338-433e-9cc3-61733148530c">5071726</a></td>
<td>Windows Server 2025</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5002800">5002800</a></td>
<td>SharePoint Server Subscription Edition</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5002803">5002803</a></td>
<td>SharePoint Server 2019</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5002805">5002805</a></td>
<td>SharePoint Server 2016</td>
</tr>
</tbody>
</table>
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Azure App Gateway
Azure Monitor
Azure Bastion Developer
Azure Monitor Control Service
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows Server 2025 (Server Core installation)
Windows 11 Version 25H2 for ARM64-based Systems
Windows 11 Version 25H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows Server 2025
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Microsoft 365 Defender Portal
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Office Online Server
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2024 for 32-bit editions
Microsoft Office LTSC 2024 for 64-bit editions
Microsoft Office LTSC for Mac 2024
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office for Android
OneDrive for Android
Microsoft SharePoint Online
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft SharePoint Server Subscription Edition
Microsoft Dynamics 365 (on-premises) version 9.1
Dynamics 365 Field Service (online)
Dynamics OmniChannel SDK Storage Containers
Windows Subsystem for Linux GUI
azl3 libarchive 3.7.7-3 on Azure Linux 3.0
cbl2 libarchive 3.6.1-7 on CBL Mariner 2.0
azl3 kernel 6.6.112.1-2 on Azure Linux 3.0
cbl2 rust 1.72.0-11 on CBL Mariner 2.0
azl3 rust 1.75.0-21 on Azure Linux 3.0
azl3 rust 1.86.0-9 on Azure Linux 3.0
azl3 kernel 6.6.104.2-4 on Azure Linux 3.0
cbl2 moby-containerd 1.6.26-12 on CBL Mariner 2.0
azl3 containerd2 2.0.0-14 on Azure Linux 3.0
cbl2 moby-containerd-cc 1.7.7-12 on CBL Mariner 2.0
cbl2 libxml2 2.10.4-9 on CBL Mariner 2.0
azl3 libxml2 2.11.5-7 on Azure Linux 3.0
azl3 nghttp2 1.61.0-2 on Azure Linux 3.0
cbl2 nghttp2 1.57.0-2 on CBL Mariner 2.0
azl3 libmicrohttpd 0.9.77-3 on Azure Linux 3.0
azl3 autogen 5.18.16-9 on Azure Linux 3.0
azl3 postgresql 16.10-1 on Azure Linux 3.0
cbl2 postgresql 14.19-1 on CBL Mariner 2.0
cbl2 moby-compose 2.17.3-11 on CBL Mariner 2.0
cbl2 packer 1.9.5-15 on CBL Mariner 2.0
azl3 kubevirt 1.5.0-5 on Azure Linux 3.0
azl3 packer 1.9.5-10 on Azure Linux 3.0
azl3 docker-buildx 0.14.0-7 on Azure Linux 3.0
cbl2 grub2 2.06-15 on CBL Mariner 2.0
azl3 grub2 2.06-25 on Azure Linux 3.0
Microsoft Edge (Chromium-based)
Microsoft Configuration Manager 2403
Microsoft Configuration Manager 2503
Microsoft Configuration Manager 2409
Microsoft SQL Server 2017 for x64-based Systems (GDR)
Microsoft SQL Server 2019 for x64-based Systems (GDR)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack
Microsoft SQL Server 2017 for x64-based Systems (CU 31)
Microsoft SQL Server 2022 for x64-based Systems (GDR)
Microsoft SQL Server 2019 for x64-based Systems (CU 32)
Microsoft SQL Server 2022 for x64-based Systems (CU 21)
Microsoft Visual Studio 2022 version 17.14
Microsoft Visual Studio Code CoPilot Chat Extension
Visual Studio Code
Nuance PowerScribe 360 version 4.0.5
Nuance PowerScribe 360 version 4.0.8
Nuance PowerScribe 360 version 4.0.9
Nuance PowerScribe 360 version 4.0.6
Nuance PowerScribe 360 version 4.0.7
Nuance PowerScribe One version 2019.3
Nuance PowerScribe One version 2019.2
Nuance PowerScribe One version 2019.1
Nuance PowerScribe 360 version 4.0.1
Nuance PowerScribe 360 version 4.0.2
Nuance PowerScribe 360 version 4.0.3
Nuance PowerScribe 360 version 4.0.4
Nuance PowerScribe One version 2019.5
Nuance PowerScribe One version 2019.4
Nuance PowerScribe One version 2019.6
Nuance PowerScribe One version 2019.8
Nuance PowerScribe One version 2019.7
Nuance PowerScribe One version 2019.9
Nuance PowerScribe One version 2019.10
PowerScribe One version 2023.1 SP2 Patch 7
azl3 moby-containerd-cc 1.7.7-9 on Azure Linux 3.0
azl3 docker-compose 2.27.0-5 on Azure Linux 3.0
azl3 libcontainers-common 20240213-3 on Azure Linux 3.0
azl3 telegraf 1.31.0-10 on Azure Linux 3.0
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Windows Server 2016
Office Online Server
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016 (Server Core installation)
Microsoft SharePoint Enterprise Server 2016
Microsoft SQL Server 2017 for x64-based Systems (GDR)
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft SharePoint Server 2019
Visual Studio Code
Microsoft Edge (Chromium-based)
OneDrive for Android
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft SQL Server 2019 for x64-based Systems (GDR)
Azure App Gateway
Microsoft Dynamics 365 (on-premises) version 9.1
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Azure Monitor
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft SharePoint Server Subscription Edition
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Microsoft SQL Server 2017 for x64-based Systems (CU 31)
Microsoft SQL Server 2022 for x64-based Systems (GDR)
Microsoft Office for Android
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Microsoft Configuration Manager 2403
Microsoft Office LTSC 2024 for 32-bit editions
Microsoft Office LTSC 2024 for 64-bit editions
Windows Server 2025
Windows Server 2025 (Server Core installation)
Microsoft Office LTSC for Mac 2024
Microsoft Visual Studio 2022 version 17.14
Microsoft Visual Studio Code CoPilot Chat Extension
Microsoft SQL Server 2019 for x64-based Systems (CU 32)
Microsoft Configuration Manager 2503
Azure Bastion Developer
azl3 syslinux 6.04-11 on Azure Linux 3.0
cbl2 kernel 5.15.186.1-1 on CBL Mariner 2.0
cbl2 rsync 3.4.1-1 on CBL Mariner 2.0
cbl2 haproxy 2.4.24-1 on CBL Mariner 2.0
azl3 moby-containerd-cc 1.7.7-9 on Azure Linux 3.0
azl3 rsync 3.4.1-1 on Azure Linux 3.0
azl3 tensorflow 2.16.1-9 on Azure Linux 3.0
azl3 libcontainers-common 20240213-3 on Azure Linux 3.0
cbl2 syslinux 6.04-10 on CBL Mariner 2.0
cbl2 libpng 1.6.39-1 on CBL Mariner 2.0
azl3 mariadb 10.11.11-1 on Azure Linux 3.0
azl3 docker-compose 2.27.0-5 on Azure Linux 3.0
azl3 telegraf 1.31.0-10 on Azure Linux 3.0
azl3 haproxy 2.9.11-3 on Azure Linux 3.0
azl3 qtbase 6.6.3-4 on Azure Linux 3.0
cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0
azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0
cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0
cbl2 nghttp2 1.57.0-2 on CBL Mariner 2.0
azl3 libvirt 10.0.0-5 on Azure Linux 3.0
cbl2 libvirt 7.10.0-10 on CBL Mariner 2.0
azl3 nodejs 20.14.0-9 on Azure Linux 3.0
cbl2 mariadb 10.6.21-1 on CBL Mariner 2.0
cbl2 busybox 1.35.0-14 on CBL Mariner 2.0
cbl2 reaper 3.1.1-19 on CBL Mariner 2.0
cbl2 qt5-qtbase 5.12.11-18 on CBL Mariner 2.0
azl3 nghttp2 1.61.0-2 on Azure Linux 3.0
cbl2 kubernetes 1.28.4-19 on CBL Mariner 2.0
cbl2 glib 2.71.0-7 on CBL Mariner 2.0
cbl2 nodejs18 18.20.3-9 on CBL Mariner 2.0
cbl2 edk2 20230301gitf80f052277c8-43 on CBL Mariner 2.0
cbl2 hvloader 1.0.1-14 on CBL Mariner 2.0
cbl2 nvidia-container-toolkit 1.17.8-3 on CBL Mariner 2.0
cbl2 libarchive 3.6.1-7 on CBL Mariner 2.0
cbl2 kubevirt 0.59.0-30 on CBL Mariner 2.0
azl3 libarchive 3.7.7-3 on Azure Linux 3.0
azl3 nvidia-container-toolkit 1.17.8-2 on Azure Linux 3.0
Windows 11 Version 25H2 for ARM64-based Systems
Windows 11 Version 25H2 for x64-based Systems
Microsoft SharePoint Online
Microsoft SQL Server 2022 for x64-based Systems (CU 21)
cbl2 grub2 2.06-15 on CBL Mariner 2.0
cbl2 fluent-bit 3.0.6-4 on CBL Mariner 2.0
cbl2 cmake 3.21.4-19 on CBL Mariner 2.0
cbl2 packer 1.9.5-15 on CBL Mariner 2.0
cbl2 curl 8.8.0-7 on CBL Mariner 2.0
cbl2 expat 2.6.4-2 on CBL Mariner 2.0
Microsoft Configuration Manager 2409
azl3 kernel 6.6.104.2-4 on Azure Linux 3.0
azl3 glib 2.78.6-4 on Azure Linux 3.0
azl3 grub2 2.06-25 on Azure Linux 3.0
azl3 curl 8.11.1-4 on Azure Linux 3.0
azl3 cmake 3.30.3-10 on Azure Linux 3.0
azl3 ceph 18.2.2-11 on Azure Linux 3.0
azl3 packer 1.9.5-10 on Azure Linux 3.0
azl3 expat 2.6.4-2 on Azure Linux 3.0
azl3 fluent-bit 3.1.9-6 on Azure Linux 3.0
azl3 edk2 20240524git3e722403cd16-10 on Azure Linux 3.0
Dynamics 365 Field Service (online)
Windows Subsystem for Linux GUI
cbl2 qemu 6.2.0-25 on CBL Mariner 2.0
cbl2 libxml2 2.10.4-9 on CBL Mariner 2.0
cbl2 rust 1.72.0-11 on CBL Mariner 2.0
cbl2 mysql 8.0.44-2 on CBL Mariner 2.0
Azure Monitor Control Service
Microsoft 365 Defender Portal
azl3 kernel 6.6.112.1-2 on Azure Linux 3.0
azl3 qemu 8.2.0-23 on Azure Linux 3.0
azl3 mysql 8.0.44-2 on Azure Linux 3.0
azl3 libxml2 2.11.5-7 on Azure Linux 3.0
azl3 kubernetes 1.30.10-14 on Azure Linux 3.0
azl3 busybox 1.36.1-18 on Azure Linux 3.0
azl3 rust 1.75.0-21 on Azure Linux 3.0
azl3 keras 3.3.3-5 on Azure Linux 3.0
Nuance PowerScribe 360 version 4.0.1
Nuance PowerScribe 360 version 4.0.2
Nuance PowerScribe 360 version 4.0.3
Nuance PowerScribe 360 version 4.0.4
Nuance PowerScribe 360 version 4.0.5
Nuance PowerScribe 360 version 4.0.6
Nuance PowerScribe 360 version 4.0.7
Nuance PowerScribe 360 version 4.0.8
Nuance PowerScribe 360 version 4.0.9
Nuance PowerScribe One version 2019.1
Nuance PowerScribe One version 2019.2
Nuance PowerScribe One version 2019.3
Nuance PowerScribe One version 2019.4
Nuance PowerScribe One version 2019.5
Nuance PowerScribe One version 2019.6
Nuance PowerScribe One version 2019.7
Nuance PowerScribe One version 2019.8
Nuance PowerScribe One version 2019.9
Nuance PowerScribe One version 2019.10
PowerScribe One version 2023.1 SP2 Patch 7
azl3 containerd2 2.0.0-14 on Azure Linux 3.0
azl3 rust 1.86.0-9 on Azure Linux 3.0
azl3 kubevirt 1.5.0-5 on Azure Linux 3.0
cbl2 moby-containerd 1.6.26-12 on CBL Mariner 2.0
cbl2 moby-containerd-cc 1.7.7-12 on CBL Mariner 2.0
cbl2 moby-runc 1.1.9-9 on CBL Mariner 2.0
azl3 runc 1.3.3-1 on Azure Linux 3.0
azl3 libmicrohttpd 0.9.77-3 on Azure Linux 3.0
azl3 autogen 5.18.16-9 on Azure Linux 3.0
azl3 postgresql 16.10-1 on Azure Linux 3.0
cbl2 ceph 16.2.10-10 on CBL Mariner 2.0
cbl2 postgresql 14.19-1 on CBL Mariner 2.0
cbl2 moby-compose 2.17.3-11 on CBL Mariner 2.0
azl3 docker-buildx 0.14.0-7 on Azure Linux 3.0
Dynamics OmniChannel SDK Storage Containers
azl3 kubevirt 1.5.3-2 on Azure Linux 3.0
azl3 libpng 1.6.40-1 on Azure Linux 3.0
azl3 cups 2.4.13-1 on Azure Linux 3.0
cbl2 cups 2.3.3op2-10 on CBL Mariner 2.0
cbl2 nodejs18 18.20.3-10 on CBL Mariner 2.0
cbl2 qemu 6.2.0-26 on CBL Mariner 2.0
cbl2 cmake 3.21.4-20 on CBL Mariner 2.0
cbl2 kubevirt 0.59.0-31 on CBL Mariner 2.0
cbl2 ceph 16.2.10-11 on CBL Mariner 2.0
cbl2 haproxy 2.4.24-2 on CBL Mariner 2.0
cbl2 rsync 3.4.1-2 on CBL Mariner 2.0
azl3 kubernetes 1.30.10-16 on Azure Linux 3.0
azl3 kernel 6.6.117.1-1 on Azure Linux 3.0
azl3 qemu 8.2.0-25 on Azure Linux 3.0
azl3 libvirt 10.0.0-6 on Azure Linux 3.0
azl3 rsync 3.4.1-2 on Azure Linux 3.0
azl3 nodejs 20.14.0-10 on Azure Linux 3.0
azl3 haproxy 2.9.11-4 on Azure Linux 3.0
azl3 fluent-bit 3.1.10-2 on Azure Linux 3.0
azl3 cups 2.4.16-1 on Azure Linux 3.0
azl3 busybox 1.36.1-19 on Azure Linux 3.0
azl3 rust 1.75.0-22 on Azure Linux 3.0
azl3 containerd2 2.0.0-16 on Azure Linux 3.0
cbl2 cups 2.3.3op2-11 on CBL Mariner 2.0
cbl2 kubernetes 1.28.4-21 on CBL Mariner 2.0
cbl2 grub2 2.06-16 on CBL Mariner 2.0
cbl2 kubevirt 0.59.0-33 on CBL Mariner 2.0
cbl2 edk2 20230301gitf80f052277c8-44 on CBL Mariner 2.0
cbl2 hvloader 1.0.1-15 on CBL Mariner 2.0
azl3 kernel 6.6.119.3-1 on Azure Linux 3.0
azl3 kubevirt 1.6.3-1 on Azure Linux 3.0
azl3 edk2 20240524git3e722403cd16-11 on Azure Linux 3.0
azl3 kubernetes 1.30.10-18 on Azure Linux 3.0
azl3 grub2 2.06-26 on Azure Linux 3.0
azl3 rust 1.90.0-1 on Azure Linux 3.0
azl3 kernel 6.6.119.3-3 on Azure Linux 3.0
azl3 libxml2 2.11.5-8 on Azure Linux 3.0
azl3 libvirt 10.0.0-7 on Azure Linux 3.0
azl3 kernel 6.6.121.1-1 on Azure Linux 3.0
azl3 rust 1.90.0-3 on Azure Linux 3.0
azl3 nodejs 20.14.0-13 on Azure Linux 3.0
cbl2 cmake 3.21.4-21 on CBL Mariner 2.0
azl3 cmake 3.30.3-11 on Azure Linux 3.0
cbl2 kubevirt 0.59.0-35 on CBL Mariner 2.0
azl3 libarchive 3.7.7-4 on Azure Linux 3.0
cbl2 libarchive 3.6.1-8 on CBL Mariner 2.0
cbl2 busybox 1.35.0-16 on CBL Mariner 2.0
azl3 busybox 1.36.1-21 on Azure Linux 3.0
cbl2 libvirt 7.10.0-11 on CBL Mariner 2.0
cbl2 nodejs18 18.20.3-11 on CBL Mariner 2.0
azl3 expat 2.6.4-4 on Azure Linux 3.0
cbl2 expat 2.6.4-3 on CBL Mariner 2.0
cbl2 expat 2.6.4-4 on CBL Mariner 2.0
cbl2 kubevirt 0.59.0-38 on CBL Mariner 2.0
cbl2 busybox 1.35.0-18 on CBL Mariner 2.0
azl3 kernel 6.6.126.1-1 on Azure Linux 3.0
azl3 rust 1.90.0-4 on Azure Linux 3.0
azl3 busybox 1.36.1-22 on Azure Linux 3.0
azl3 cmake 3.30.3-12 on Azure Linux 3.0
azl3 kernel 6.6.130.1-3 on Azure Linux 3.0
azl3 busybox 1.36.1-23 on Azure Linux 3.0
azl3 nodejs 20.14.0-14 on Azure Linux 3.0
cbl2 nodejs18 18.20.3-12 on CBL Mariner 2.0
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
missing SFTP host verification with wolfSSH
Mariner
curl
Yes
CVE-2025-10966
20563-17084
20620-17084
20627-17084
17667-17084
20610-17086
20605-17086
20692-17086
20870-17086
20974-17084
20562-17084
20655-17084
20529-17086
20542-17086
19668-17086
20872-17084
20563-17084
20620-17084
20627-17084
17667-17084
20610-17086
20605-17086
20692-17086
20870-17086
20974-17084
20562-17084
20655-17084
20529-17086
20542-17086
19668-17086
20872-17084
Moderate
20563-17084
Moderate
20620-17084
Moderate
20627-17084
Moderate
17667-17084
Moderate
20610-17086
Moderate
20605-17086
Moderate
20692-17086
Moderate
20870-17086
Moderate
20974-17084
Moderate
20562-17084
Moderate
20655-17084
Moderate
20529-17086
Moderate
20542-17086
Moderate
19668-17086
Moderate
20872-17084
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
20563-17084
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
20620-17084
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
20627-17084
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
17667-17084
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
20610-17086
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
20605-17086
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
20692-17086
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
20870-17086
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
20974-17084
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
20562-17084
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
20655-17084
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
20529-17086
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
20542-17086
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
19668-17086
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
20872-17084
CBL-Mariner Releases
20870-17086
No
Security Update
3.21.4-22
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20870-17086
CBL-Mariner Releases
CBL-Mariner Releases
20974-17084
20872-17084
No
Security Update
3.30.3-12
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20974-17084
20872-17084
CBL-Mariner Releases
2.0
2025-12-06T14:39:15
<p>Information published.</p>
4.0
2026-03-04T14:42:48
<p>Information published.</p>
1.0
2025-11-08T01:02:17
<p>Information published.</p>
3.0
2026-02-18T03:00:31
<p>Information published.</p>
5.0
2026-03-10T01:37:28
<p>Information published.</p>
KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes
Mariner
GitHub_M
Yes
CVE-2025-64436
Improper Privilege Management
20390-17086
20703-17086
20673-17084
20886-17086
20947-17086
20656-17084
20772-17086
20390-17086
20703-17086
20673-17084
20886-17086
20947-17086
20656-17084
20772-17086
Moderate
20390-17086
Moderate
20703-17086
Moderate
20673-17084
Moderate
20886-17086
Moderate
20947-17086
Moderate
20656-17084
Moderate
20772-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
20390-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
20703-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
20673-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
20886-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
20947-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
20656-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
20772-17086
CBL-Mariner Releases
20673-17084
No
Security Update
1.6.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20673-17084
CBL-Mariner Releases
CBL-Mariner Releases
20656-17084
No
Security Update
1.5.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20656-17084
CBL-Mariner Releases
3.0
2025-12-07T01:47:22
<p>Information published.</p>
5.0
2026-01-08T14:37:35
<p>Information published.</p>
6.0
2026-02-18T03:01:44
<p>Information published.</p>
7.0
2026-03-03T14:57:31
<p>Information published.</p>
1.0
2025-11-09T01:01:42
<p>Information published.</p>
2.0
2025-12-06T14:39:42
<p>Information published.</p>
4.0
2026-01-02T14:39:41
<p>Information published.</p>
KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing
Mariner
GitHub_M
Yes
CVE-2025-64434
Improper Authentication
20390-17086
20703-17086
20656-17084
20772-17086
20390-17086
20703-17086
20656-17084
20772-17086
Moderate
20390-17086
Moderate
20703-17086
Moderate
20656-17084
Moderate
20772-17086
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20390-17086
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20703-17086
4.7
4.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P
20656-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20772-17086
CBL-Mariner Releases
20656-17084
No
Security Update
1.5.3-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20656-17084
CBL-Mariner Releases
3.0
2025-12-07T01:47:45
<p>Information published.</p>
5.0
2026-01-13T01:40:10
<p>Information published.</p>
1.0
2025-11-09T01:01:52
<p>Information published.</p>
2.0
2025-12-06T14:39:32
<p>Information published.</p>
4.0
2026-01-02T14:39:30
<p>Information published.</p>
KubeVirt Arbitrary Container File Read
Mariner
GitHub_M
Yes
CVE-2025-64433
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
20390-17086
20703-17086
20656-17084
20772-17086
20390-17086
20703-17086
20656-17084
20772-17086
Moderate
20390-17086
Moderate
20703-17086
Moderate
20656-17084
Moderate
20772-17086
6.5
6.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P
20390-17086
6.5
6.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P
20703-17086
6.5
6.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P
20656-17084
6.5
6.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P
20772-17086
CBL-Mariner Releases
20703-17086
20772-17086
No
Security Update
0.59.0-33
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20703-17086
20772-17086
CBL-Mariner Releases
CBL-Mariner Releases
20656-17084
No
Security Update
1.5.3-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20656-17084
CBL-Mariner Releases
2.0
2025-12-06T14:39:27
<p>Information published.</p>
3.0
2025-12-07T01:47:57
<p>Information published.</p>
1.0
2025-11-09T01:01:58
<p>Information published.</p>
4.0
2025-12-23T01:37:02
<p>Information published.</p>
5.0
2026-01-02T14:39:25
<p>Information published.</p>
KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
Mariner
GitHub_M
Yes
CVE-2025-64435
Improper Check or Handling of Exceptional Conditions
20656-17084
20390-17086
20673-17084
20703-17086
20772-17086
20792-17084
20656-17084
20390-17086
20673-17084
20703-17086
20772-17086
20792-17084
Moderate
20656-17084
Moderate
20390-17086
Moderate
20673-17084
Moderate
20703-17086
Moderate
20772-17086
Moderate
20792-17084
5.3
5.0
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P
20656-17084
5.3
5.0
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P
20390-17086
5.3
5.0
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P
20673-17084
5.3
5.0
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P
20703-17086
5.3
5.0
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P
20772-17086
5.3
5.0
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P
20792-17084
CBL-Mariner Releases
20673-17084
No
Security Update
1.5.3-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20673-17084
CBL-Mariner Releases
CBL-Mariner Releases
20703-17086
20772-17086
No
Security Update
0.59.0-33
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20703-17086
20772-17086
CBL-Mariner Releases
CBL-Mariner Releases
20792-17084
No
Security Update
1.6.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20792-17084
CBL-Mariner Releases
2.0
2025-12-06T14:39:37
<p>Information published.</p>
3.0
2025-12-07T01:48:08
<p>Information published.</p>
7.0
2026-01-08T14:37:49
<p>Information published.</p>
1.0
2025-11-09T01:02:03
<p>Information published.</p>
4.0
2025-12-15T14:35:26
<p>Information published.</p>
5.0
2025-12-23T01:37:09
<p>Information published.</p>
6.0
2026-01-02T14:39:36
<p>Information published.</p>
KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes
Mariner
GitHub_M
Yes
CVE-2025-64437
Improper Link Resolution Before File Access ('Link Following')
20390-17086
20656-17084
20703-17086
20772-17086
20390-17086
20656-17084
20703-17086
20772-17086
Moderate
20390-17086
Moderate
20656-17084
Moderate
20703-17086
Moderate
20772-17086
5.0
5.0
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
20390-17086
5.0
4.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L/E:P
20656-17084
5.0
5.0
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
20703-17086
5.0
5.0
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
20772-17086
CBL-Mariner Releases
20656-17084
No
Security Update
1.5.3-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20656-17084
CBL-Mariner Releases
CBL-Mariner Releases
20703-17086
20772-17086
No
Security Update
0.59.0-33
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20703-17086
20772-17086
CBL-Mariner Releases
2.0
2025-12-06T14:39:47
<p>Information published.</p>
3.0
2025-12-07T01:48:20
<p>Information published.</p>
4.0
2025-12-23T01:37:16
<p>Information published.</p>
1.0
2025-11-09T01:02:09
<p>Information published.</p>
5.0
2026-01-02T14:39:46
<p>Information published.</p>
runc container escape via "masked path" abuse due to mount race conditions
Mariner
GitHub_M
Yes
CVE-2025-31133
UNIX Symbolic Link (Symlink) Following
20659-17086
20364-17086
20624-17084
20659-17086
20364-17086
20624-17084
Important
20659-17086
Important
20364-17086
Important
20624-17084
CBL-Mariner Releases
20659-17086
No
Security Update
1.2.8-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20659-17086
CBL-Mariner Releases
CBL-Mariner Releases
20364-17086
No
Security Update
1.28.4-20
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20364-17086
CBL-Mariner Releases
CBL-Mariner Releases
20624-17084
No
Security Update
1.30.10-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20624-17084
CBL-Mariner Releases
1.0
2025-11-09T01:02:26
<p>Information published.</p>
2.0
2025-11-21T01:04:07
<p>Information published.</p>
3.0
2025-12-02T01:39:45
<p>Information published.</p>
4.0
2025-12-17T14:35:21
<p>Information published.</p>
runc: LSM labels can be bypassed with malicious config using dummy procfs files
Mariner
GitHub_M
Yes
CVE-2025-52881
UNIX Symbolic Link (Symlink) Following
20659-17086
20364-17086
20624-17084
20713-17084
20769-17086
20794-17084
20660-17084
20659-17086
20364-17086
20624-17084
20713-17084
20769-17086
20794-17084
20660-17084
Important
20659-17086
Moderate
20364-17086
Moderate
20624-17084
Moderate
20713-17084
Moderate
20769-17086
Moderate
20794-17084
Important
20660-17084
7.3
6.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U
20364-17086
7.3
6.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U
20624-17084
7.3
6.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U
20713-17084
7.3
6.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U
20769-17086
7.3
6.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U
20794-17084
CBL-Mariner Releases
20659-17086
No
Security Update
1.2.8-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20659-17086
CBL-Mariner Releases
CBL-Mariner Releases
20713-17084
20794-17084
No
Security Update
1.30.10-18
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20713-17084
20794-17084
CBL-Mariner Releases
2.0
2025-11-21T01:03:59
<p>Information published.</p>
3.0
2025-12-07T01:37:15
<p>Information published.</p>
4.0
2026-01-03T01:39:17
<p>Information published.</p>
6.0
2026-01-13T01:41:05
<p>Information published.</p>
1.0
2025-11-09T01:02:40
<p>Information published.</p>
5.0
2026-01-08T14:39:48
<p>Information published.</p>
An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).
Mariner
mitre
Yes
CVE-2025-60753
Uncontrolled Resource Consumption
20422-17084
20388-17086
20888-17084
20889-17086
20422-17084
20388-17086
20888-17084
20889-17086
Moderate
20422-17084
Moderate
20388-17086
Moderate
20888-17084
Moderate
20889-17086
5.5
5.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P
20422-17084
5.5
5.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P
20388-17086
5.5
5.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P
20888-17084
5.5
5.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P
20889-17086
CBL-Mariner Releases
20888-17084
No
Security Update
3.7.7-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20888-17084
CBL-Mariner Releases
CBL-Mariner Releases
20889-17086
No
Security Update
3.6.1-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20889-17086
CBL-Mariner Releases
2.0
2026-02-18T03:06:43
<p>Information published.</p>
1.0
2025-11-11T01:01:21
<p>Information published.</p>
tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().
Mariner
Linux
Yes
CVE-2025-40149
20725-17084
20788-17084
20823-17084
20613-17084
17087-17086
20725-17084
20788-17084
20823-17084
20613-17084
17087-17086
Moderate
20725-17084
Moderate
20788-17084
Moderate
20823-17084
Moderate
20613-17084
Important
17087-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20725-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20788-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20823-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20613-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
CBL-Mariner Releases
20823-17084
No
Security Update
6.6.121.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20823-17084
CBL-Mariner Releases
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
1.1
2025-12-02T01:38:13
<p>Information published.</p>
2.0
2025-12-07T01:49:42
<p>Information published.</p>
4.0
2026-01-20T14:49:09
<p>Information published.</p>
5.0
2026-02-18T14:09:31
<p>Information published.</p>
7.0
2026-03-03T14:58:02
<p>Information published.</p>
1.0
2025-11-13T01:02:19
<p>Information published.</p>
3.0
2026-01-08T14:38:18
<p>Information published.</p>
6.0
2026-02-28T01:01:42
<p>Information published.</p>
pwm: berlin: Fix wrong register in suspend/resume
Mariner
Linux
Yes
CVE-2025-40188
20613-17084
20613-17084
Moderate
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.116.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
1.0
2025-11-14T01:02:14
<p>Information published.</p>
2.0
2025-11-25T01:41:17
<p>Information published.</p>
Rsync: Out of bounds array access via negative index
Mariner
rapid7
Yes
CVE-2025-10158
Improper Validation of Array Index
17490-17084
20732-17084
17120-17086
20706-17086
17490-17084
20732-17084
17120-17086
20706-17086
Moderate
17490-17084
Moderate
20732-17084
Moderate
17120-17086
Moderate
20706-17086
5.4
5.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U
17490-17084
5.4
5.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U
20732-17084
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
17120-17086
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
20706-17086
CBL-Mariner Releases
17490-17084
20732-17084
17120-17086
20706-17086
No
Security Update
3.4.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17490-17084
20732-17084
17120-17086
20706-17086
CBL-Mariner Releases
1.0
2025-11-19T01:02:24
<p>Information published.</p>
4.0
2025-11-24T14:37:27
<p>Information published.</p>
5.0
2025-11-25T01:37:36
<p>Information published.</p>
6.0
2025-12-06T14:40:37
<p>Information published.</p>
7.0
2025-12-07T01:36:46
<p>Information published.</p>
2.0
2025-11-20T01:37:09
<p>Information published.</p>
3.0
2025-11-23T01:01:13
<p>Information published.</p>
mruby array.c sort_cmp use after free
Mariner
VulDB
Yes
CVE-2025-13120
Use After Free
20605-17086
20627-17084
20655-17084
20605-17086
20627-17084
20655-17084
Moderate
20605-17086
Moderate
20627-17084
Moderate
20655-17084
5.3
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
20605-17086
5.3
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
20627-17084
5.3
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
20655-17084
1.0
2025-11-19T01:02:40
<p>Information published.</p>
2.0
2025-11-25T01:37:47
<p>Information published.</p>
Constant Time Issue with Xtensa-based ESP32 and X22519
Mariner
wolfSSL
Yes
CVE-2025-12888
Observable Discrepancy
20085-17086
19283-17084
20085-17086
19283-17084
Low
20085-17086
Low
19283-17084
2.0
2025-12-03T01:36:46
<p>Information published.</p>
1.0
2025-11-25T01:01:53
<p>Information published.</p>
Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt
Mariner
wolfSSL
Yes
CVE-2025-11931
Integer Underflow (Wrap or Wraparound)
20085-17086
19283-17084
20085-17086
19283-17084
Low
20085-17086
Low
19283-17084
8.2
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
20085-17086
8.2
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
19283-17084
1.0
2025-11-25T01:02:10
<p>Information published.</p>
2.0
2025-12-03T01:36:58
<p>Information published.</p>
Improper Validation of Signature Algorithm Used in TLS 1.3 CertificateVerify
Mariner
wolfSSL
Yes
CVE-2025-11934
Improper Input Validation
19283-17084
20085-17086
19283-17084
20085-17086
Low
19283-17084
Low
20085-17086
2.7
2.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
19283-17084
2.7
2.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
20085-17086
2.0
2025-12-11T01:39:21
<p>Information published.</p>
3.0
2025-12-16T01:35:10
<p>Information published.</p>
1.0
2025-11-25T01:02:18
<p>Information published.</p>
Timing Side-Channel in PSK Binder Verification
Mariner
wolfSSL
Yes
CVE-2025-11932
Observable Discrepancy
20085-17086
19283-17084
20085-17086
19283-17084
Low
20085-17086
Low
19283-17084
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
20085-17086
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
19283-17084
1.0
2025-11-25T01:02:42
<p>Information published.</p>
2.0
2025-12-03T01:37:14
<p>Information published.</p>
LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`
Mariner
GitHub_M
Yes
CVE-2025-65018
Out-of-bounds Write
20674-17084
19626-17084
17667-17084
18435-17086
20185-17086
19668-17086
20674-17084
19626-17084
17667-17084
18435-17086
20185-17086
19668-17086
Important
20674-17084
Important
19626-17084
Important
17667-17084
Important
18435-17086
Important
20185-17086
Important
19668-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
20674-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
19626-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
17667-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
18435-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
20185-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
19668-17086
CBL-Mariner Releases
20674-17084
18435-17086
No
Security Update
1.6.51-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20674-17084
18435-17086
CBL-Mariner Releases
1.0
2025-11-27T01:03:43
<p>Information published.</p>
2.0
2025-12-02T01:40:36
<p>Information published.</p>
LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication
Mariner
GitHub_M
Yes
CVE-2025-64720
Out-of-bounds Read
20674-17084
19626-17084
17667-17084
20185-17086
19668-17086
18435-17086
20674-17084
19626-17084
17667-17084
20185-17086
19668-17086
18435-17086
Important
20674-17084
Important
19626-17084
Important
17667-17084
Important
20185-17086
Important
19668-17086
Important
18435-17086
7.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
20674-17084
7.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
19626-17084
7.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
17667-17084
7.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
20185-17086
7.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
19668-17086
7.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
18435-17086
CBL-Mariner Releases
20674-17084
18435-17086
No
Security Update
1.6.51-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20674-17084
18435-17086
CBL-Mariner Releases
1.0
2025-11-27T01:04:01
<p>Information published.</p>
2.0
2025-12-02T01:40:57
<p>Information published.</p>
CVE-2025-12970
Mariner
certcc
Yes
CVE-2025-12970
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
20735-17084
20526-17086
20573-17084
20735-17084
20526-17086
20573-17084
Important
20735-17084
Important
20526-17086
Important
20573-17084
8.8
8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
20735-17084
8.8
8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
20526-17086
8.8
8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
20573-17084
CBL-Mariner Releases
20735-17084
20573-17084
No
Security Update
3.1.10-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20735-17084
20573-17084
CBL-Mariner Releases
CBL-Mariner Releases
20526-17086
No
Security Update
3.0.6-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20526-17086
CBL-Mariner Releases
1.0
2025-11-29T01:02:11
<p>Information published.</p>
4.0
2025-12-07T01:39:15
<p>Information published.</p>
2.0
2025-12-02T01:41:46
<p>Information published.</p>
3.0
2025-12-05T01:36:55
<p>Information published.</p>
CVE-2025-12977
Mariner
certcc
Yes
CVE-2025-12977
Improper Validation of Specified Type of Input
20573-17084
20735-17084
20526-17086
20573-17084
20735-17084
20526-17086
Important
20573-17084
Important
20735-17084
Important
20526-17086
8.3
7.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U
20573-17084
8.3
7.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U
20735-17084
8.3
7.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U
20526-17086
CBL-Mariner Releases
20735-17084
No
Security Update
3.1.10-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20735-17084
CBL-Mariner Releases
CBL-Mariner Releases
20526-17086
No
Security Update
3.0.6-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20526-17086
CBL-Mariner Releases
3.0
2025-12-07T01:38:52
<p>Information published.</p>
1.0
2025-11-29T01:02:27
<p>Information published.</p>
2.0
2025-12-04T14:35:42
<p>Information published.</p>
4.0
2025-12-17T14:35:28
<p>Information published.</p>
WebAssembly Micro Runtime vulnerable to a segmentation fault in v128.store instruction
Mariner
GitHub_M
Yes
CVE-2025-64704
Improper Check for Unusual or Exceptional Conditions
20573-17084
20526-17086
20573-17084
20526-17086
Moderate
20573-17084
Moderate
20526-17086
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
20573-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
20526-17086
1.0
2025-11-29T01:02:35
<p>Information published.</p>
2.0
2025-12-01T14:38:13
<p>Information published.</p>
WebAssembly Micro Runtime frame_offset_bottom array bounds overflow in fast Interpreter mode when handling GET_GLOBAL(I32) followed by if opcode
Mariner
GitHub_M
Yes
CVE-2025-64713
Improper Restriction of Operations within the Bounds of a Memory Buffer
20526-17086
20573-17084
20526-17086
20573-17084
Moderate
20526-17086
Moderate
20573-17084
5.1
5.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
20526-17086
5.1
5.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
20573-17084
1.0
2025-11-29T01:02:43
<p>Information published.</p>
2.0
2025-12-01T14:38:21
<p>Information published.</p>
Glib: integer overflow in in g_escape_uri_string()
Mariner
redhat
Yes
CVE-2025-13601
Integer Overflow or Wraparound
20365-17086
20554-17084
20365-17086
20554-17084
Important
20365-17086
Important
20554-17084
7.7
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:U
20365-17086
7.7
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:U
20554-17084
CBL-Mariner Releases
20365-17086
No
Security Update
2.71.0-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20365-17086
CBL-Mariner Releases
CBL-Mariner Releases
20554-17084
No
Security Update
2.78.6-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20554-17084
CBL-Mariner Releases
1.0
2025-11-29T01:02:52
<p>Information published.</p>
2.0
2025-12-02T01:35:13
<p>Information published.</p>
node-forge ASN.1 OID Integer Truncation
Mariner
GitHub_M
Yes
CVE-2025-66030
Integer Overflow or Wraparound
20124-17086
20124-17086
Moderate
20124-17086
CBL-Mariner Releases
20124-17086
No
Security Update
3.1.1-21
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20124-17086
CBL-Mariner Releases
2.0
2025-12-01T14:38:28
<p>Information published.</p>
1.0
2025-11-29T01:03:05
<p>Information published.</p>
3.0
2025-12-04T14:35:55
<p>Information published.</p>
OpenPrinting CUPS slow client can halt cupsd, leading to a possible DoS attack
Mariner
GitHub_M
Yes
CVE-2025-58436
Uncontrolled Resource Consumption
20676-17084
20737-17084
20768-17086
20678-17086
20676-17084
20737-17084
20768-17086
20678-17086
Moderate
20676-17084
Moderate
20737-17084
Moderate
20768-17086
Moderate
20678-17086
5.1
5.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
20676-17084
5.1
5.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
20737-17084
5.1
5.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
20768-17086
5.1
5.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
20678-17086
CBL-Mariner Releases
20768-17086
20678-17086
No
Security Update
2.3.3op2-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20768-17086
20678-17086
CBL-Mariner Releases
1.0
2025-11-30T01:01:24
<p>Information published.</p>
2.0
2025-12-01T14:38:35
<p>Information published.</p>
4.0
2025-12-07T01:39:41
<p>Information published.</p>
5.0
2025-12-24T14:35:34
<p>Information published.</p>
6.0
2025-12-31T14:36:30
<p>Information published.</p>
3.0
2025-12-03T01:01:31
<p>Information published.</p>
7.0
2026-02-21T04:08:24
<p>Information published.</p>
OpenPrinting CUPS vulnerable to stack based out-of-bound write
Mariner
GitHub_M
Yes
CVE-2025-61915
Improper Validation of Array Index
20676-17084
20678-17086
20768-17086
20676-17084
20678-17086
20768-17086
Moderate
20676-17084
Moderate
20678-17086
Moderate
20768-17086
6.0
6.0
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
20676-17084
6.0
6.0
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
20678-17086
6.0
6.0
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
20768-17086
CBL-Mariner Releases
20676-17084
No
Security Update
2.4.16-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20676-17084
CBL-Mariner Releases
CBL-Mariner Releases
20678-17086
20768-17086
No
Security Update
2.3.3op2-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20678-17086
20768-17086
CBL-Mariner Releases
1.0
2025-11-30T01:01:30
<p>Information published.</p>
4.0
2025-12-07T01:39:54
<p>Information published.</p>
2.0
2025-12-01T14:38:40
<p>Information published.</p>
3.0
2025-12-03T01:01:36
<p>Information published.</p>
5.0
2025-12-24T14:35:41
<p>Information published.</p>
6.0
2026-01-02T14:40:04
<p>Information published.</p>
can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-40107
20553-17084
20553-17084
Moderate
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
CBL-Mariner Releases
20553-17084
No
Security Update
6.6.112.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20553-17084
CBL-Mariner Releases
1.0
2025-11-04T01:01:14
<p>Information published.</p>
containerd CRI server: Host memory exhaustion through Attach goroutine leak
Mariner
GitHub_M
Yes
CVE-2025-64329
Missing Release of Memory after Effective Lifetime
20654-17084
20745-17084
17461-17084
20657-17086
20658-17086
20654-17084
20745-17084
17461-17084
20657-17086
20658-17086
Moderate
20654-17084
Moderate
20745-17084
Moderate
17461-17084
Moderate
20657-17086
Moderate
20658-17086
CBL-Mariner Releases
20654-17084
No
Security Update
2.0.0-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20654-17084
CBL-Mariner Releases
CBL-Mariner Releases
20745-17084
No
Security Update
2.0.0-16
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20745-17084
CBL-Mariner Releases
CBL-Mariner Releases
17461-17084
No
Security Update
1.7.7-10
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17461-17084
CBL-Mariner Releases
CBL-Mariner Releases
20657-17086
No
Security Update
1.6.26-13
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20657-17086
CBL-Mariner Releases
CBL-Mariner Releases
20658-17086
No
Security Update
1.7.7-13
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20658-17086
CBL-Mariner Releases
1.0
2025-11-08T01:01:28
<p>Information published.</p>
2.0
2025-12-07T01:47:05
<p>Information published.</p>
containerd affected by a local privilege escalation via wide permissions on CRI directory
Mariner
GitHub_M
Yes
CVE-2024-25621
Incorrect Execution-Assigned Permissions
20657-17086
17461-17084
20654-17084
20658-17086
20657-17086
17461-17084
20654-17084
20658-17086
Important
20657-17086
Important
17461-17084
Important
20654-17084
Important
20658-17086
7.3
7.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
20657-17086
7.3
7.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
17461-17084
7.3
7.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
20654-17084
7.3
7.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
20658-17086
CBL-Mariner Releases
20657-17086
No
Security Update
1.6.26-13
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20657-17086
CBL-Mariner Releases
CBL-Mariner Releases
17461-17084
No
Security Update
1.7.7-10
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17461-17084
CBL-Mariner Releases
CBL-Mariner Releases
20654-17084
No
Security Update
2.0.0-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20654-17084
CBL-Mariner Releases
CBL-Mariner Releases
20658-17086
No
Security Update
1.7.7-13
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20658-17086
CBL-Mariner Releases
1.0
2025-11-08T01:08:33
<p>Information published.</p>
2.0
2025-11-19T01:52:07
<p>Information published.</p>
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer
Mariner
GitHub_M
Yes
CVE-2025-64432
Improper Authentication
20390-17086
20703-17086
20656-17084
20772-17086
20390-17086
20703-17086
20656-17084
20772-17086
Moderate
20390-17086
Moderate
20703-17086
Moderate
20656-17084
Moderate
20772-17086
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20390-17086
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20703-17086
4.7
4.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P
20656-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20772-17086
CBL-Mariner Releases
20703-17086
20772-17086
No
Security Update
0.59.0-33
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20703-17086
20772-17086
CBL-Mariner Releases
CBL-Mariner Releases
20656-17084
No
Security Update
1.5.3-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20656-17084
CBL-Mariner Releases
2.0
2025-12-06T14:39:21
<p>Information published.</p>
3.0
2025-12-07T01:47:34
<p>Information published.</p>
1.0
2025-11-09T01:01:47
<p>Information published.</p>
4.0
2025-12-23T01:36:55
<p>Information published.</p>
5.0
2026-01-02T14:39:19
<p>Information published.</p>
container escape due to /dev/console mount and related races
Mariner
GitHub_M
Yes
CVE-2025-52565
UNIX Symbolic Link (Symlink) Following
20364-17086
20383-17086
20624-17084
20673-17084
20433-17084
20659-17086
20364-17086
20383-17086
20624-17084
20673-17084
20433-17084
20659-17086
Important
20364-17086
Important
20383-17086
Important
20624-17084
Important
20673-17084
Important
20433-17084
Important
20659-17086
CBL-Mariner Releases
20624-17084
No
Security Update
1.30.10-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20624-17084
CBL-Mariner Releases
CBL-Mariner Releases
20659-17086
No
Security Update
1.2.8-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20659-17086
CBL-Mariner Releases
2.0
2025-11-21T01:03:52
<p>Information published.</p>
1.0
2025-11-09T01:02:31
<p>Information published.</p>
3.0
2025-12-02T01:39:36
<p>Information published.</p>
crypto: rng - Ensure set_ent is always present
Mariner
Linux
Yes
CVE-2025-40109
20553-17084
20553-17084
Moderate
20553-17084
4.2
4.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
20553-17084
CBL-Mariner Releases
20553-17084
No
Security Update
6.6.112.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20553-17084
CBL-Mariner Releases
1.0
2025-11-10T01:03:03
<p>Information published.</p>
Libxml2: namespace use-after-free in xmlsettreedoc() function of libxml2
Mariner
redhat
Yes
CVE-2025-12863
Use After Free
20604-17086
20825-17084
20622-17084
20604-17086
20825-17084
20622-17084
Important
20604-17086
Important
20825-17084
Important
20622-17084
7.5
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
20604-17086
7.5
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
20825-17084
7.5
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
20622-17084
1.0
2025-11-11T01:01:30
<p>Information published.</p>
2.0
2026-01-20T14:48:39
<p>Information published.</p>
mruby array.c ary_fill_exec out-of-bounds write
Mariner
VulDB
Yes
CVE-2025-12875
Out-of-bounds Write
20318-17084
20605-17086
20627-17084
20655-17084
19774-17086
20318-17084
20605-17086
20627-17084
20655-17084
19774-17086
Moderate
20318-17084
Moderate
20605-17086
Moderate
20627-17084
Moderate
20655-17084
Moderate
19774-17086
5.3
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
20318-17084
5.3
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
20605-17086
5.3
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
20627-17084
5.3
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
20655-17084
5.3
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
19774-17086
1.0
2025-11-11T01:01:46
<p>Information published.</p>
2.0
2025-11-25T01:40:24
<p>Information published.</p>
drm/vmwgfx: Fix a null-ptr access in the cursor snooper
Mariner
Linux
Yes
CVE-2025-40110
20613-17084
20613-17084
Moderate
20613-17084
4.1
4.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
1.0
2025-11-13T01:01:13
<p>Information published.</p>
2.0
2025-12-07T01:49:00
<p>Information published.</p>
drm/vmwgfx: Fix Use-after-free in validation
Mariner
Linux
Yes
CVE-2025-40111
20613-17084
20613-17084
Moderate
20613-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
2.0
2025-12-07T01:49:08
<p>Information published.</p>
1.0
2025-11-13T01:01:19
<p>Information published.</p>
BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20).
Mariner
mitre
Yes
CVE-2025-60876
Improper Access Control
20743-17084
20892-17084
20948-17086
20970-17084
21096-17084
20103-17086
20626-17084
20891-17086
20743-17084
20892-17084
20948-17086
20970-17084
21096-17084
20103-17086
20626-17084
20891-17086
Important
20743-17084
Important
20892-17084
Important
20948-17086
Important
20970-17084
Important
21096-17084
Important
20103-17086
Important
20626-17084
Important
20891-17086
9.4
8.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:P
20743-17084
9.4
8.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:P
20892-17084
9.4
8.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:P
20948-17086
9.4
8.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:P
20970-17084
9.4
8.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:P
21096-17084
9.4
8.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:P
20103-17086
9.4
8.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:P
20626-17084
9.4
8.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:P
20891-17086
2.0
2025-12-07T01:50:56
<p>Information published.</p>
3.0
2026-02-18T14:07:50
<p>Information published.</p>
4.0
2026-03-03T14:57:52
<p>Information published.</p>
5.0
2026-03-04T14:43:35
<p>Information published.</p>
1.0
2025-11-13T01:01:52
<p>Information published.</p>
6.0
2026-03-31T14:36:56
<p>Information published.</p>
crypto: hisilicon/qm - request reserved interrupt for virtual function
Mariner
Linux
Yes
CVE-2025-40136
20613-17084
20613-17084
Moderate
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
1.0
2025-11-13T01:01:57
<p>Information published.</p>
2.0
2025-11-25T01:40:44
<p>Information published.</p>
ext4: detect invalid INLINE_DATA + EXTENTS flag combination
Mariner
Linux
Yes
CVE-2025-40167
20613-17084
20613-17084
Moderate
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
1.0
2025-11-13T01:02:02
<p>Information published.</p>
2.0
2025-12-07T01:49:17
<p>Information published.</p>
1.1
2025-12-02T01:38:08
<p>Information published.</p>
ipv6: use RCU in ip6_xmit()
Mariner
Linux
Yes
CVE-2025-40135
20725-17084
20823-17084
20860-17084
20956-17084
20613-17084
20788-17084
20725-17084
20823-17084
20860-17084
20956-17084
20613-17084
20788-17084
Important
20725-17084
Important
20823-17084
Important
20860-17084
Important
20956-17084
Important
20613-17084
Important
20788-17084
8.4
7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
20725-17084
8.4
7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
20823-17084
8.4
7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
20860-17084
8.4
7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
20956-17084
8.4
7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
20613-17084
8.4
7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
20788-17084
CBL-Mariner Releases
20956-17084
No
Security Update
6.6.130.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20956-17084
CBL-Mariner Releases
1.0
2025-11-13T01:02:08
<p>Information published.</p>
2.0
2025-12-07T01:49:25
<p>Information published.</p>
3.0
2026-01-08T14:37:59
<p>Information published.</p>
4.0
2026-01-20T14:48:49
<p>Information published.</p>
5.0
2026-02-18T14:08:39
<p>Information published.</p>
6.0
2026-03-04T14:42:55
<p>Information published.</p>
7.0
2026-03-27T14:36:03
<p>Information published.</p>
smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().
Mariner
Linux
Yes
CVE-2025-40139
20725-17084
20823-17084
20956-17084
20613-17084
20788-17084
20860-17084
21094-17084
20725-17084
20823-17084
20956-17084
20613-17084
20788-17084
20860-17084
21094-17084
Important
20725-17084
Important
20823-17084
Important
20956-17084
Important
20613-17084
Important
20788-17084
Important
20860-17084
Important
21094-17084
8.4
7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
20725-17084
8.4
7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
20823-17084
8.4
7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
20956-17084
8.4
7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
20613-17084
8.4
7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
20788-17084
8.4
7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
20860-17084
8.4
7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
21094-17084
2.0
2025-12-07T01:49:34
<p>Information published.</p>
3.0
2026-01-08T14:38:09
<p>Information published.</p>
7.0
2026-03-31T15:12:28
<p>Information published.</p>
1.0
2025-11-13T01:02:14
<p>Information published.</p>
4.0
2026-01-20T14:48:59
<p>Information published.</p>
5.0
2026-02-18T14:09:01
<p>Information published.</p>
6.0
2026-03-04T14:43:02
<p>Information published.</p>
blk-mq: fix potential deadlock while nr_requests grown
Mariner
Linux
Yes
CVE-2025-40146
20725-17084
20788-17084
20823-17084
20860-17084
20956-17084
21094-17084
20613-17084
20725-17084
20788-17084
20823-17084
20860-17084
20956-17084
21094-17084
20613-17084
Moderate
20725-17084
Moderate
20788-17084
Moderate
20823-17084
Moderate
20860-17084
Moderate
20956-17084
Moderate
21094-17084
Moderate
20613-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20725-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20788-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20823-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20860-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20956-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21094-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20613-17084
1.0
2025-11-13T01:02:24
<p>Information published.</p>
2.0
2025-12-07T01:49:51
<p>Information published.</p>
4.0
2026-01-20T14:49:17
<p>Information published.</p>
5.0
2026-02-18T14:09:53
<p>Information published.</p>
6.0
2026-03-04T14:43:08
<p>Information published.</p>
7.0
2026-03-31T15:12:50
<p>Information published.</p>
3.0
2026-01-08T14:38:30
<p>Information published.</p>
accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages()
Mariner
Linux
Yes
CVE-2025-40172
20613-17084
20613-17084
Critical
20613-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20613-17084
1.0
2025-11-13T01:02:30
<p>Information published.</p>
usbnet: Fix using smp_processor_id() in preemptible code warnings
Mariner
Linux
Yes
CVE-2025-40164
20613-17084
20725-17084
20823-17084
20860-17084
20788-17084
17087-17086
20613-17084
20725-17084
20823-17084
20860-17084
20788-17084
17087-17086
Moderate
20613-17084
Moderate
20725-17084
Moderate
20823-17084
Moderate
20860-17084
Moderate
20788-17084
Moderate
17087-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20613-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20725-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20823-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20860-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
CBL-Mariner Releases
20860-17084
No
Security Update
6.6.126.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20860-17084
CBL-Mariner Releases
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
1.0
2025-11-13T01:02:36
<p>Information published.</p>
2.0
2025-12-07T01:49:59
<p>Information published.</p>
3.0
2026-01-08T14:38:40
<p>Information published.</p>
5.0
2026-02-18T14:10:26
<p>Information published.</p>
6.0
2026-02-27T14:36:26
<p>Information published.</p>
7.0
2026-02-28T01:01:47
<p>Information published.</p>
9.0
2026-03-02T14:36:46
<p>Information published.</p>
10.0
2026-03-03T14:58:22
<p>Information published.</p>
4.0
2026-01-20T14:49:26
<p>Information published.</p>
8.0
2026-02-28T01:37:07
<p>Information published.</p>
smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().
Mariner
Linux
Yes
CVE-2025-40168
20613-17084
20725-17084
20788-17084
20823-17084
20860-17084
20956-17084
21094-17084
20613-17084
20725-17084
20788-17084
20823-17084
20860-17084
20956-17084
21094-17084
Moderate
20613-17084
Moderate
20725-17084
Moderate
20788-17084
Moderate
20823-17084
Moderate
20860-17084
Moderate
20956-17084
Moderate
21094-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20956-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21094-17084
1.1
2025-12-02T01:38:18
<p>Information published.</p>
2.0
2025-12-07T01:50:11
<p>Information published.</p>
4.0
2026-01-20T14:49:34
<p>Information published.</p>
5.0
2026-02-18T14:10:50
<p>Information published.</p>
7.0
2026-03-31T15:13:13
<p>Information published.</p>
1.0
2025-11-13T01:02:41
<p>Information published.</p>
3.0
2026-01-08T14:38:50
<p>Information published.</p>
6.0
2026-03-04T14:43:15
<p>Information published.</p>
media: nxp: imx8-isi: m2m: Fix streaming cleanup on release
Mariner
Linux
Yes
CVE-2025-40165
20613-17084
20613-17084
Critical
20613-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20613-17084
1.0
2025-11-13T01:02:47
<p>Information published.</p>
net/ip6_tunnel: Prevent perpetual tunnel growth
Mariner
Linux
Yes
CVE-2025-40173
20613-17084
20613-17084
Moderate
20613-17084
6.2
5.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
2.0
2025-12-07T01:50:19
<p>Information published.</p>
1.0
2025-11-13T01:02:52
<p>Information published.</p>
net: use dst_dev_rcu() in sk_setup_caps()
Mariner
Linux
Yes
CVE-2025-40170
20823-17084
20956-17084
20613-17084
20725-17084
20788-17084
20860-17084
21094-17084
20823-17084
20956-17084
20613-17084
20725-17084
20788-17084
20860-17084
21094-17084
Important
20823-17084
Important
20956-17084
Important
20613-17084
Important
20725-17084
Important
20788-17084
Important
20860-17084
Important
21094-17084
8.1
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
20823-17084
8.1
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
20956-17084
8.1
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
20613-17084
8.1
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
20725-17084
8.1
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
20788-17084
8.1
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
20860-17084
8.1
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
21094-17084
2.0
2025-12-07T01:50:27
<p>Information published.</p>
4.0
2026-01-20T14:49:43
<p>Information published.</p>
6.0
2026-03-04T14:43:22
<p>Information published.</p>
7.0
2026-03-31T15:13:34
<p>Information published.</p>
1.0
2025-11-13T01:02:57
<p>Information published.</p>
3.0
2026-01-08T14:39:00
<p>Information published.</p>
5.0
2026-02-18T14:11:40
<p>Information published.</p>
ipv6: use RCU in ip6_output()
Mariner
Linux
Yes
CVE-2025-40158
20725-17084
20788-17084
20823-17084
20860-17084
20956-17084
21094-17084
20613-17084
20725-17084
20788-17084
20823-17084
20860-17084
20956-17084
21094-17084
20613-17084
Moderate
20725-17084
Moderate
20788-17084
Moderate
20823-17084
Moderate
20860-17084
Moderate
20956-17084
Moderate
21094-17084
Moderate
20613-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
20725-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
20788-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
20823-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
20860-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
20956-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
21094-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
20613-17084
2.0
2025-12-07T01:50:36
<p>Information published.</p>
3.0
2026-01-08T14:39:11
<p>Information published.</p>
5.0
2026-02-18T14:12:03
<p>Information published.</p>
6.0
2026-03-04T14:43:29
<p>Information published.</p>
7.0
2026-03-31T15:13:57
<p>Information published.</p>
1.0
2025-11-13T01:03:03
<p>Information published.</p>
1.1
2025-12-02T01:38:25
<p>Information published.</p>
4.0
2026-01-20T14:49:51
<p>Information published.</p>
tls: wait for pending async decryptions if tls_strp_msg_hold fails
Mariner
Linux
Yes
CVE-2025-40176
20613-17084
20613-17084
Important
20613-17084
8.4
7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
2.0
2025-12-07T01:50:46
<p>Information published.</p>
1.0
2025-11-13T01:03:08
<p>Information published.</p>
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.
Mariner
jpcert
Yes
CVE-2025-59777
NULL Pointer Dereference
20661-17084
20661-17084
Important
20661-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20661-17084
CBL-Mariner Releases
20661-17084
No
Security Update
0.9.77-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20661-17084
CBL-Mariner Releases
1.0
2025-11-13T01:03:17
<p>Information published.</p>
2.0
2025-11-19T14:35:32
<p>Information published.</p>
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.
Mariner
jpcert
Yes
CVE-2025-62689
Heap-based Buffer Overflow
20661-17084
20661-17084
Important
20661-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20661-17084
1.0
2025-11-13T01:03:22
<p>Information published.</p>
2.0
2025-11-25T01:40:58
<p>Information published.</p>
IRAI AUTOMGEN <= 8.0.0.7 Use-After-Free Remote DoS
Mariner
VulnCheck
Yes
CVE-2011-10034
Use After Free
20662-17084
20662-17084
Moderate
20662-17084
1.0
2025-11-14T01:01:24
<p>Information published.</p>
RGW DoS attack with empty HTTP header in S3 object copy
Mariner
GitHub_M
Yes
CVE-2024-47866
Improper Input Validation
20564-17084
20704-17086
20664-17086
20564-17084
20704-17086
20664-17086
Important
20564-17084
Moderate
20704-17086
Moderate
20664-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20564-17084
7.5
6.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
20704-17086
7.5
6.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
20664-17086
CBL-Mariner Releases
20564-17084
No
Security Update
18.2.2-12
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20564-17084
CBL-Mariner Releases
CBL-Mariner Releases
20704-17086
20664-17086
No
Security Update
16.2.10-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20704-17086
20664-17086
CBL-Mariner Releases
1.0
2025-11-14T01:01:30
<p>Information published.</p>
4.0
2025-12-06T14:39:56
<p>Information published.</p>
2.0
2025-11-18T01:37:27
<p>Information published.</p>
3.0
2025-11-19T14:35:40
<p>Information published.</p>
ext4: verify orphan file size is not too big
Mariner
Linux
Yes
CVE-2025-40179
20613-17084
20613-17084
Moderate
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
2.0
2025-12-07T01:51:03
<p>Information published.</p>
1.0
2025-11-14T01:01:35
<p>Information published.</p>
mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop
Mariner
Linux
Yes
CVE-2025-40180
20725-17084
20823-17084
20613-17084
20788-17084
20860-17084
20956-17084
21094-17084
20725-17084
20823-17084
20613-17084
20788-17084
20860-17084
20956-17084
21094-17084
Moderate
20725-17084
Moderate
20823-17084
Moderate
20613-17084
Moderate
20788-17084
Moderate
20860-17084
Moderate
20956-17084
Moderate
21094-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20956-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21094-17084
1.0
2025-11-14T01:01:41
<p>Information published.</p>
2.0
2025-12-07T01:51:11
<p>Information published.</p>
3.0
2026-01-08T14:39:21
<p>Information published.</p>
4.0
2026-01-20T14:49:59
<p>Information published.</p>
5.0
2026-02-18T14:14:02
<p>Information published.</p>
6.0
2026-03-04T14:43:42
<p>Information published.</p>
7.0
2026-03-31T14:37:24
<p>Information published.</p>
ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()
Mariner
Linux
Yes
CVE-2025-40198
20613-17084
20613-17084
Important
20613-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
2.0
2025-12-07T01:51:18
<p>Information published.</p>
1.0
2025-11-14T01:01:46
<p>Information published.</p>
media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try()
Mariner
Linux
Yes
CVE-2025-40207
20613-17084
20613-17084
Moderate
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
1.0
2025-11-14T01:01:52
<p>Information published.</p>
2.0
2025-12-07T01:51:24
<p>Information published.</p>
Squashfs: reject negative file sizes in squashfs_read_inode()
Mariner
Linux
Yes
CVE-2025-40200
20613-17084
20613-17084
Moderate
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
1.0
2025-11-14T01:01:57
<p>Information published.</p>
2.0
2025-12-07T01:51:30
<p>Information published.</p>
mount: handle NULL values in mnt_ns_release()
Mariner
Linux
Yes
CVE-2025-40195
20613-17084
20613-17084
Moderate
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
2.0
2025-12-07T01:51:37
<p>Information published.</p>
1.0
2025-11-14T01:02:03
<p>Information published.</p>
net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()
Mariner
Linux
Yes
CVE-2025-40187
20613-17084
20613-17084
Moderate
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
2.0
2025-12-07T01:51:43
<p>Information published.</p>
1.0
2025-11-14T01:02:08
<p>Information published.</p>
pid: Add a judgment for ns null in pid_nr_ns
Mariner
Linux
Yes
CVE-2025-40178
20613-17084
20613-17084
Moderate
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
1.0
2025-11-14T01:02:19
<p>Information published.</p>
2.0
2025-12-07T01:51:49
<p>Information published.</p>
kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths
Mariner
Linux
Yes
CVE-2025-40201
20613-17084
20613-17084
Important
20613-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
1.0
2025-11-14T01:02:24
<p>Information published.</p>
2.0
2025-12-07T01:51:54
<p>Information published.</p>
ext4: guard against EA inode refcount underflow in xattr update
Mariner
Linux
Yes
CVE-2025-40190
20613-17084
20613-17084
Important
20613-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
2.0
2025-12-07T01:52:00
<p>Information published.</p>
1.0
2025-11-14T01:02:30
<p>Information published.</p>
cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()
Mariner
Linux
Yes
CVE-2025-40194
20613-17084
20613-17084
Moderate
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
1.0
2025-11-14T01:02:35
<p>Information published.</p>
2.0
2025-12-07T01:52:05
<p>Information published.</p>
btrfs: avoid potential out-of-bounds in btrfs_encode_fh()
Mariner
Linux
Yes
CVE-2025-40205
20613-17084
20613-17084
Important
20613-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
2.0
2025-12-07T01:52:11
<p>Information published.</p>
1.0
2025-11-14T01:02:41
<p>Information published.</p>
netfilter: nft_objref: validate objref and objrefmap expressions
Mariner
Linux
Yes
CVE-2025-40206
20613-17084
20613-17084
Moderate
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
2.0
2025-12-07T01:52:17
<p>Information published.</p>
1.0
2025-11-14T01:02:46
<p>Information published.</p>
media: mc: Clear minor number before put device
Mariner
Linux
Yes
CVE-2025-40197
20613-17084
20613-17084
Moderate
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
1.0
2025-11-14T01:02:52
<p>Information published.</p>
2.0
2025-12-07T01:52:22
<p>Information published.</p>
Revert "ipmi: fix msg stack when IPMI is disconnected"
Mariner
Linux
Yes
CVE-2025-40192
20613-17084
20613-17084
Moderate
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
1.0
2025-11-14T01:02:57
<p>Information published.</p>
2.0
2025-12-07T01:52:27
<p>Information published.</p>
xtensa: simdisk: add input size check in proc_write_simdisk
Mariner
Linux
Yes
CVE-2025-40193
20613-17084
20613-17084
Moderate
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
2.0
2025-12-07T01:35:30
<p>Information published.</p>
1.0
2025-11-14T01:03:02
<p>Information published.</p>
sctp: Fix MAC comparison to be constant-time
Mariner
Linux
Yes
CVE-2025-40204
20613-17084
20613-17084
Important
20613-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
1.0
2025-11-14T01:03:08
<p>Information published.</p>
2.0
2025-12-07T01:35:42
<p>Information published.</p>
ipmi: Rework user message limit handling
Mariner
Linux
Yes
CVE-2025-40202
20613-17084
20613-17084
Moderate
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
2.0
2025-12-07T01:35:54
<p>Information published.</p>
1.0
2025-11-14T01:03:13
<p>Information published.</p>
PostgreSQL libpq undersizes allocations, via integer wraparound
Mariner
PostgreSQL
Yes
CVE-2025-12818
Integer Overflow or Wraparound
20865-17084
20663-17084
20665-17086
20744-17084
20822-17084
20964-17084
20865-17084
20663-17084
20665-17086
20744-17084
20822-17084
20964-17084
Moderate
20865-17084
Moderate
20663-17084
Moderate
20665-17086
Moderate
20744-17084
Moderate
20822-17084
Moderate
20964-17084
5.9
5.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
20865-17084
5.9
5.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
20663-17084
5.9
5.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
20665-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
20744-17084
5.9
5.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
20822-17084
5.9
5.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
20964-17084
CBL-Mariner Releases
20865-17084
20964-17084
No
Security Update
1.90.0-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20865-17084
20964-17084
CBL-Mariner Releases
CBL-Mariner Releases
20663-17084
No
Security Update
16.11-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20663-17084
CBL-Mariner Releases
CBL-Mariner Releases
20665-17086
No
Security Update
14.20-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20665-17086
CBL-Mariner Releases
1.0
2025-11-14T14:01:19
<p>Information published.</p>
2.0
2026-01-21T01:05:28
<p>Information published.</p>
3.0
2026-02-18T14:20:54
<p>Information published.</p>
4.0
2026-03-04T14:36:37
<p>Information published.</p>
PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege
Mariner
PostgreSQL
Yes
CVE-2025-12817
Missing Authorization
20665-17086
20663-17084
20665-17086
20663-17084
Low
20665-17086
Low
20663-17084
3.1
2.9
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U
20665-17086
3.1
2.9
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U
20663-17084
CBL-Mariner Releases
20665-17086
No
Security Update
14.20-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20665-17086
CBL-Mariner Releases
CBL-Mariner Releases
20663-17084
No
Security Update
16.11-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20663-17084
CBL-Mariner Releases
1.0
2025-11-14T14:01:24
<p>Information published.</p>
2.0
2025-11-19T01:02:30
<p>Information published.</p>
3.0
2025-12-06T14:40:04
<p>Information published.</p>
Libvirt: denial of service in xml parsing
Mariner
redhat
Yes
CVE-2025-12748
Allocation of Resources Without Limits or Throttling
20728-17084
20834-17084
20893-17086
19891-17084
19893-17086
20728-17084
20834-17084
20893-17086
19891-17084
19893-17086
Moderate
20728-17084
Moderate
20834-17084
Moderate
20893-17086
Moderate
19891-17084
Moderate
19893-17086
5.5
5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P
20728-17084
5.5
5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P
20834-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20893-17086
5.5
5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P
19891-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
19893-17086
CBL-Mariner Releases
20728-17084
20834-17084
No
Security Update
10.0.0-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20728-17084
20834-17084
CBL-Mariner Releases
CBL-Mariner Releases
20893-17086
19893-17086
No
Security Update
7.10.0-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20893-17086
19893-17086
CBL-Mariner Releases
2.0
2025-12-07T01:36:12
<p>Information published.</p>
4.0
2026-01-20T14:50:13
<p>Information published.</p>
5.0
2026-01-21T01:43:21
<p>Information published.</p>
6.0
2026-02-18T14:22:06
<p>Information published.</p>
1.0
2025-11-15T01:01:16
<p>Information published.</p>
3.0
2026-01-16T14:35:29
<p>Information published.</p>
Potential denial of service in golang.org/x/crypto/ssh/agent
Mariner
Go
Yes
CVE-2025-47913
20666-17086
20538-17086
19334-17084
20656-17084
17793-17084
20566-17084
20667-17084
19343-17084
20666-17086
20538-17086
19334-17084
20656-17084
17793-17084
20566-17084
20667-17084
19343-17084
Important
20666-17086
Important
20538-17086
Important
19334-17084
Important
20656-17084
Important
17793-17084
Important
20566-17084
Important
20667-17084
Important
19343-17084
7.5
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
20666-17086
7.5
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
20538-17086
7.5
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
19334-17084
7.5
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
20656-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17793-17084
7.5
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
20566-17084
7.5
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
20667-17084
7.5
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
19343-17084
CBL-Mariner Releases
20666-17086
No
Security Update
2.17.3-12
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20666-17086
CBL-Mariner Releases
CBL-Mariner Releases
20538-17086
No
Security Update
1.9.5-16
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20538-17086
CBL-Mariner Releases
CBL-Mariner Releases
19334-17084
No
Security Update
2.27.0-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19334-17084
CBL-Mariner Releases
CBL-Mariner Releases
20656-17084
No
Security Update
1.5.0-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20656-17084
CBL-Mariner Releases
CBL-Mariner Releases
20566-17084
No
Security Update
1.9.5-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20566-17084
CBL-Mariner Releases
CBL-Mariner Releases
20667-17084
No
Security Update
0.14.0-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20667-17084
CBL-Mariner Releases
CBL-Mariner Releases
19343-17084
No
Security Update
1.31.0-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19343-17084
CBL-Mariner Releases
1.0
2025-11-17T01:02:05
<p>Information published.</p>
2.0
2025-11-19T01:49:12
<p>Information published.</p>
3.0
2025-11-19T14:35:52
<p>Information published.</p>
4.0
2025-11-20T14:35:28
<p>Information published.</p>
5.0
2025-11-25T01:37:18
<p>Information published.</p>
KubeVirt Vulnerable to Arbitrary Host File Read and Write
Mariner
GitHub_M
Yes
CVE-2025-64324
Exposure of Sensitive Information to an Unauthorized Actor
20673-17084
20656-17084
20390-17086
20673-17084
20656-17084
20390-17086
Important
20673-17084
Important
20656-17084
Important
20390-17086
CBL-Mariner Releases
20673-17084
No
Security Update
1.5.3-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20673-17084
CBL-Mariner Releases
CBL-Mariner Releases
20390-17086
No
Security Update
0.59.0-31
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20390-17086
CBL-Mariner Releases
1.0
2025-11-20T01:01:32
<p>Information published.</p>
3.0
2025-12-07T01:36:59
<p>Information published.</p>
2.0
2025-11-22T14:36:00
<p>Information published.</p>
4.0
2025-12-17T14:35:11
<p>Information published.</p>
Grub2: missing unregister call for gettext command may lead to use-after-free
Mariner
redhat
Yes
CVE-2025-61662
Use After Free
20521-17086
20560-17084
20771-17086
20796-17084
20521-17086
20560-17084
20771-17086
20796-17084
Moderate
20521-17086
Moderate
20560-17084
Moderate
20771-17086
Moderate
20796-17084
4.9
4.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
20521-17086
4.9
4.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
20560-17084
4.9
4.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
20771-17086
4.9
4.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
20796-17084
CBL-Mariner Releases
20521-17086
20771-17086
No
Security Update
2.06-16
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20521-17086
20771-17086
CBL-Mariner Releases
CBL-Mariner Releases
20560-17084
20796-17084
No
Security Update
2.06-26
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20560-17084
20796-17084
CBL-Mariner Releases
1.0
2025-11-21T01:02:48
<p>Information published.</p>
3.0
2025-12-17T01:36:40
<p>Information published.</p>
4.0
2026-01-03T01:38:57
<p>Information published.</p>
5.0
2026-01-08T14:40:01
<p>Information published.</p>
2.0
2025-12-13T01:38:22
<p>Information published.</p>
Grub2: missing unregister call for normal commands may lead to use-after-free
Mariner
redhat
Yes
CVE-2025-61663
Expired Pointer Dereference
20521-17086
20560-17084
20771-17086
20796-17084
20521-17086
20560-17084
20771-17086
20796-17084
Moderate
20521-17086
Moderate
20560-17084
Moderate
20771-17086
Moderate
20796-17084
4.9
4.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U
20521-17086
4.9
4.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U
20560-17084
4.9
4.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U
20771-17086
4.9
4.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U
20796-17084
CBL-Mariner Releases
20521-17086
20771-17086
No
Security Update
2.06-16
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20521-17086
20771-17086
CBL-Mariner Releases
CBL-Mariner Releases
20560-17084
20796-17084
No
Security Update
2.06-26
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20560-17084
20796-17084
CBL-Mariner Releases
1.0
2025-11-21T01:02:56
<p>Information published.</p>
2.0
2025-12-13T01:38:28
<p>Information published.</p>
3.0
2025-12-17T01:36:53
<p>Information published.</p>
4.0
2026-01-03T01:39:02
<p>Information published.</p>
5.0
2026-01-08T14:40:24
<p>Information published.</p>
Grub2: grub2: out-of-bounds write via malicious usb device
Mariner
redhat
Yes
CVE-2025-61661
Incorrect Calculation of Buffer Size
20521-17086
20560-17084
20771-17086
20796-17084
20521-17086
20560-17084
20771-17086
20796-17084
Moderate
20521-17086
Moderate
20560-17084
Moderate
20771-17086
Moderate
20796-17084
4.8
4.4
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U
20521-17086
4.8
4.4
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U
20560-17084
4.8
4.4
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U
20771-17086
4.8
4.4
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U
20796-17084
CBL-Mariner Releases
20521-17086
20771-17086
No
Security Update
2.06-16
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20521-17086
20771-17086
CBL-Mariner Releases
CBL-Mariner Releases
20560-17084
20796-17084
No
Security Update
2.06-26
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20560-17084
20796-17084
CBL-Mariner Releases
1.0
2025-11-21T01:03:03
<p>Information published.</p>
3.0
2025-12-17T01:36:59
<p>Information published.</p>
4.0
2026-01-03T01:39:08
<p>Information published.</p>
5.0
2026-01-08T14:40:36
<p>Information published.</p>
2.0
2025-12-13T01:38:34
<p>Information published.</p>
Grub2: missing unregister call for normal_exit command may lead to use-after-free
Mariner
redhat
Yes
CVE-2025-61664
Expired Pointer Dereference
20521-17086
20560-17084
20796-17084
20521-17086
20560-17084
20796-17084
Moderate
20521-17086
Moderate
20560-17084
Moderate
20796-17084
4.9
4.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
20521-17086
4.9
4.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
20560-17084
4.9
4.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
20796-17084
CBL-Mariner Releases
20521-17086
No
Security Update
2.06-16
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20521-17086
CBL-Mariner Releases
CBL-Mariner Releases
20560-17084
20796-17084
No
Security Update
2.06-26
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20560-17084
20796-17084
CBL-Mariner Releases
1.0
2025-11-21T01:03:11
<p>Information published.</p>
2.0
2025-12-13T01:38:41
<p>Information published.</p>
3.0
2025-12-17T01:36:47
<p>Information published.</p>
4.0
2026-01-08T14:40:13
<p>Information published.</p>
Grub2: use-after-free in grub_file_close()
Mariner
redhat
Yes
CVE-2025-54771
Expired Pointer Dereference
20521-17086
20560-17084
20521-17086
20560-17084
Moderate
20521-17086
Moderate
20560-17084
4.9
4.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
20521-17086
4.9
4.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
20560-17084
1.0
2025-11-21T01:03:19
<p>Information published.</p>
Grub2: use-after-free in net_set_vlan
Mariner
redhat
Yes
CVE-2025-54770
Expired Pointer Dereference
20521-17086
20560-17084
20521-17086
20560-17084
Moderate
20521-17086
Moderate
20560-17084
4.9
4.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
20521-17086
4.9
4.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
20560-17084
1.0
2025-11-21T01:03:27
<p>Information published.</p>
Denial of service vulnerability in HAProxy mjson library
Mariner
canonical
Yes
CVE-2025-11230
Inefficient Algorithmic Complexity
17219-17086
19452-17084
20705-17086
20734-17084
17219-17086
19452-17084
20705-17086
20734-17084
Moderate
17219-17086
Moderate
19452-17084
Moderate
20705-17086
Moderate
20734-17084
7.5
6.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
17219-17086
7.5
6.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
19452-17084
7.5
6.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
20705-17086
7.5
6.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
20734-17084
CBL-Mariner Releases
17219-17086
20705-17086
No
Security Update
2.4.24-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17219-17086
20705-17086
CBL-Mariner Releases
CBL-Mariner Releases
19452-17084
20734-17084
No
Security Update
2.9.11-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19452-17084
20734-17084
CBL-Mariner Releases
1.0
2025-11-21T01:03:35
<p>Information published.</p>
2.0
2025-11-22T14:36:09
<p>Information published.</p>
3.0
2025-11-25T01:39:17
<p>Information published.</p>
4.0
2025-12-06T14:40:11
<p>Information published.</p>
5.0
2025-12-07T01:37:57
<p>Information published.</p>
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Mariner
Chrome
Yes
CVE-2025-13230
Access of Resource Using Incompatible Type ('Type Confusion')
20367-17086
19904-17084
20686-17086
20733-17084
21111-17084
20894-17086
20866-17084
21130-17086
20367-17086
19904-17084
20686-17086
20733-17084
21111-17084
20894-17086
20866-17084
21130-17086
Important
20367-17086
Important
19904-17084
Important
20686-17086
Important
20733-17084
Important
21111-17084
Important
20894-17086
Important
20866-17084
Important
21130-17086
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
20367-17086
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
19904-17084
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
20686-17086
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
20733-17084
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
21111-17084
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
20894-17086
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
20866-17084
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
21130-17086
1.0
2025-11-21T01:04:24
<p>Information published.</p>
2.0
2025-12-06T14:40:25
<p>Information published.</p>
3.0
2025-12-07T01:37:30
<p>Information published.</p>
4.0
2026-02-18T14:26:06
<p>Information published.</p>
5.0
2026-03-31T14:58:05
<p>Information published.</p>
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Mariner
Chrome
Yes
CVE-2025-13226
Access of Resource Using Incompatible Type ('Type Confusion')
20367-17086
19904-17084
20733-17084
21130-17086
21111-17084
20686-17086
20894-17086
20866-17084
20367-17086
19904-17084
20733-17084
21130-17086
21111-17084
20686-17086
20894-17086
20866-17084
Important
20367-17086
Important
19904-17084
Important
20733-17084
Important
21130-17086
Important
21111-17084
Important
20686-17086
Important
20894-17086
Important
20866-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
20367-17086
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
19904-17084
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
20733-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
21130-17086
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
21111-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
20686-17086
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
20894-17086
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
20866-17084
1.0
2025-11-21T01:04:32
<p>Information published.</p>
3.0
2025-12-07T01:37:44
<p>Information published.</p>
4.0
2026-02-18T14:26:43
<p>Information published.</p>
5.0
2026-03-31T14:58:43
<p>Information published.</p>
2.0
2025-12-06T14:40:30
<p>Information published.</p>
Libvirt: information disclosure via world-readable vm snapshots
Mariner
redhat
Yes
CVE-2025-13193
Incorrect Default Permissions
19891-17084
20728-17084
19891-17084
20728-17084
Moderate
19891-17084
Moderate
20728-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
19891-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
20728-17084
CBL-Mariner Releases
19891-17084
20728-17084
No
Security Update
10.0.0-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19891-17084
20728-17084
CBL-Mariner Releases
1.0
2025-11-21T01:04:38
<p>Information published.</p>
2.0
2025-11-25T01:39:28
<p>Information published.</p>
3.0
2025-12-07T01:38:09
<p>Information published.</p>
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Mariner
Chrome
Yes
CVE-2025-13227
Access of Resource Using Incompatible Type ('Type Confusion')
19904-17084
20733-17084
21111-17084
20866-17084
19904-17084
20733-17084
21111-17084
20866-17084
Important
19904-17084
Important
20733-17084
Important
21111-17084
Important
20866-17084
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
19904-17084
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
20733-17084
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
21111-17084
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
20866-17084
1.0
2025-11-21T01:04:43
<p>Information published.</p>
2.0
2025-12-07T01:38:31
<p>Information published.</p>
4.0
2026-03-31T14:59:07
<p>Information published.</p>
3.0
2026-02-18T14:27:08
<p>Information published.</p>
ACPI: video: Fix use-after-free in acpi_video_switch_brightness()
Mariner
Linux
Yes
CVE-2025-40211
20613-17084
20613-17084
Important
20613-17084
7.8
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
20613-17084
CBL-Mariner Releases
20613-17084
No
Security Update
6.6.117.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20613-17084
CBL-Mariner Releases
1.0
2025-11-22T01:02:28
<p>Information published.</p>
2.0
2025-12-02T14:35:54
<p>Information published.</p>
Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND"
Mariner
Linux
Yes
CVE-2025-40210
20613-17084
20613-17084
Moderate
20613-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20613-17084
1.0
2025-11-22T01:02:33
<p>Information published.</p>
2.0
2025-11-25T01:39:58
<p>Information published.</p>
Forward Secrecy Violation in WolfSSL TLS 1.3
Mariner
wolfSSL
Yes
CVE-2025-11935
Inadequate Encryption Strength
19283-17084
20085-17086
19283-17084
20085-17086
Moderate
19283-17084
Moderate
20085-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19283-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
20085-17086
1.0
2025-11-25T01:01:45
<p>Information published.</p>
2.0
2025-12-02T01:39:52
<p>Information published.</p>
Potential DoS Vulnerability through Multiple KeyShareEntry with Same Group in TLS 1.3 ClientHello
Mariner
wolfSSL
Yes
CVE-2025-11936
Improper Input Validation
19283-17084
20085-17086
19283-17084
20085-17086
Moderate
19283-17084
Moderate
20085-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19283-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20085-17086
1.0
2025-11-25T01:02:01
<p>Information published.</p>
3.0
2025-12-03T01:36:51
<p>Information published.</p>
2.0
2025-12-02T01:40:05
<p>Information published.</p>
TLS 1.2 Client Can Downgrade Digest Used
Mariner
wolfSSL
Yes
CVE-2025-12889
Improper Input Validation
19283-17084
20085-17086
19283-17084
20085-17086
Low
19283-17084
Low
20085-17086
1.0
2025-11-25T01:02:26
<p>Information published.</p>
2.0
2025-12-03T01:37:06
<p>Information published.</p>
DoS Vulnerability in wolfSSL TLS 1.3 CKS Extension
Mariner
wolfSSL
Yes
CVE-2025-11933
Improper Input Validation
19283-17084
20085-17086
19283-17084
20085-17086
Low
19283-17084
Low
20085-17086
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19283-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20085-17086
2.0
2025-12-11T01:39:29
<p>Information published.</p>
3.0
2025-12-16T01:35:19
<p>Information published.</p>
1.0
2025-11-25T01:02:34
<p>Information published.</p>
LIBPNG is vulnerable to a heap buffer overflow in `png_do_quantize` via malformed palette index
Mariner
GitHub_M
Yes
CVE-2025-64505
Out-of-bounds Read
20185-17086
18434-17086
19668-17086
20674-17084
19626-17084
16848-17084
17667-17084
18435-17086
20185-17086
18434-17086
19668-17086
20674-17084
19626-17084
16848-17084
17667-17084
18435-17086
Moderate
20185-17086
Moderate
18434-17086
Moderate
19668-17086
Moderate
20674-17084
Moderate
19626-17084
Moderate
16848-17084
Moderate
17667-17084
Moderate
18435-17086
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
20185-17086
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
18434-17086
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
19668-17086
6.1
5.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H/E:P
20674-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
19626-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
16848-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
17667-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
18435-17086
CBL-Mariner Releases
20674-17084
18435-17086
No
Security Update
1.6.51-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20674-17084
18435-17086
CBL-Mariner Releases
4.0
2025-12-03T01:38:21
<p>Information published.</p>
1.0
2025-11-26T01:01:55
<p>Information published.</p>
2.0
2025-11-27T01:04:40
<p>Information published.</p>
3.0
2025-12-02T01:40:16
<p>Information published.</p>
LIBPNG is vulnerable to a heap buffer over-read in `png_write_image_8bit` with grayscale+alpha or RGB/RGBA images
Mariner
GitHub_M
Yes
CVE-2025-64506
Out-of-bounds Read
20674-17084
17667-17084
18435-17086
19626-17084
20185-17086
19668-17086
20674-17084
17667-17084
18435-17086
19626-17084
20185-17086
19668-17086
Moderate
20674-17084
Moderate
17667-17084
Moderate
18435-17086
Moderate
19626-17084
Moderate
20185-17086
Moderate
19668-17086
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
20674-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
17667-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
18435-17086
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
19626-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
20185-17086
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
19668-17086
CBL-Mariner Releases
20674-17084
18435-17086
No
Security Update
1.6.51-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20674-17084
18435-17086
CBL-Mariner Releases
2.0
2025-12-02T01:41:08
<p>Information published.</p>
3.0
2025-12-03T01:38:33
<p>Information published.</p>
1.0
2025-11-27T01:04:20
<p>Information published.</p>
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
Mariner
mitre
Yes
CVE-2025-66382
Inefficient Algorithmic Complexity
20572-17084
20923-17086
20943-17086
20543-17086
20922-17084
20572-17084
20923-17086
20943-17086
20543-17086
20922-17084
Low
20572-17084
Low
20923-17086
Low
20943-17086
Low
20543-17086
Low
20922-17084
2.9
2.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U
20572-17084
2.9
2.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U
20923-17086
2.9
2.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U
20943-17086
2.9
2.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U
20543-17086
2.9
2.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U
20922-17084
2.0
2025-12-02T01:41:38
<p>Information published.</p>
3.0
2025-12-21T01:01:17
<p>Information published.</p>
5.0
2026-02-21T03:59:21
<p>Information published.</p>
6.0
2026-03-03T14:46:22
<p>Information published.</p>
1.0
2025-11-29T01:01:32
<p>Information published.</p>
4.0
2025-12-23T01:36:29
<p>Information published.</p>
UEFI Shell accessible in AAVMF with Secure Boot enabled on Ubuntu
Mariner
canonical
Yes
CVE-2025-2486
Active Debug Code
20377-17086
20577-17084
20378-17086
20691-17086
20727-17084
20779-17086
20780-17086
20602-17086
20615-17084
20793-17084
20377-17086
20577-17084
20378-17086
20691-17086
20727-17084
20779-17086
20780-17086
20602-17086
20615-17084
20793-17084
Low
20377-17086
Low
20577-17084
Low
20378-17086
Low
20691-17086
Low
20727-17084
Low
20779-17086
Low
20780-17086
20602-17086
20615-17084
Low
20793-17084
8.8
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
20377-17086
8.8
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
20577-17084
8.8
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
20378-17086
8.8
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
20691-17086
8.8
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
20727-17084
8.8
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
20779-17086
8.8
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
20780-17086
8.8
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
20602-17086
8.8
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
20615-17084
8.8
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
20793-17084
1.0
2025-11-29T01:02:03
<p>Information published.</p>
3.0
2025-12-07T01:39:29
<p>Information published.</p>
4.0
2025-12-11T01:39:49
<p>Information published.</p>
5.0
2025-12-16T01:35:27
<p>Information published.</p>
6.0
2026-01-03T01:39:24
<p>Information published.</p>
7.0
2026-01-08T14:40:56
<p>Information published.</p>
8.0
2026-01-13T01:41:34
<p>Information published.</p>
2.0
2025-12-06T14:40:42
<p>Information published.</p>
CVE-2025-12969
Mariner
certcc
Yes
CVE-2025-12969
Missing Authentication for Critical Function
20526-17086
20735-17084
20573-17084
20526-17086
20735-17084
20573-17084
Moderate
20526-17086
Moderate
20735-17084
Moderate
20573-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
20526-17086
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
20735-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
20573-17084
CBL-Mariner Releases
20526-17086
No
Security Update
3.0.6-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20526-17086
CBL-Mariner Releases
CBL-Mariner Releases
20735-17084
No
Security Update
3.1.10-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20735-17084
CBL-Mariner Releases
2.0
2025-12-01T14:38:02
<p>Information published.</p>
4.0
2025-12-07T01:39:03
<p>Information published.</p>
1.0
2025-11-29T01:02:20
<p>Information published.</p>
3.0
2025-12-04T14:35:35
<p>Information published.</p>
5.0
2025-12-17T14:35:34
<p>Information published.</p>
CVE-2025-12816
Mariner
certcc
Yes
CVE-2025-12816
Interpretation Conflict
20124-17086
19693-17084
20124-17086
19693-17084
Important
20124-17086
Important
19693-17084
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N/E:U
20124-17086
8.6
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N/E:U
19693-17084
CBL-Mariner Releases
20124-17086
No
Security Update
3.1.1-21
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20124-17086
CBL-Mariner Releases
1.0
2025-11-29T01:02:59
<p>Information published.</p>
2.0
2025-12-02T01:35:20
<p>Information published.</p>
3.0
2025-12-04T14:35:48
<p>Information published.</p>
node-forge ASN.1 Unbounded Recursion
Mariner
GitHub_M
Yes
CVE-2025-66031
Uncontrolled Recursion
19693-17084
20124-17086
19693-17084
20124-17086
Important
19693-17084
Important
20124-17086
CBL-Mariner Releases
20124-17086
No
Security Update
3.1.1-21
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20124-17086
CBL-Mariner Releases
2.0
2025-12-02T01:35:26
<p>Information published.</p>
3.0
2025-12-04T14:36:01
<p>Information published.</p>
1.0
2025-11-29T01:03:13
<p>Information published.</p>
Werkzeug safe_join() allows Windows special device names
Mariner
GitHub_M
Yes
CVE-2025-66221
Improper Handling of Windows Device Names
19693-17084
19712-17086
17667-17084
19693-17084
19712-17086
17667-17084
Moderate
19693-17084
Moderate
19712-17086
Moderate
17667-17084
1.0
2025-12-03T01:01:52
<p>Information published.</p>
2.0
2025-12-09T01:37:04
<p>Information published.</p>
Path Traversal Vulnerability in keras-team/keras via Tar Archive Extraction in keras.utils.get_file()
Mariner
@huntr_ai
Yes
CVE-2025-12638
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
20630-17084
20630-17084
Important
20630-17084
7.6
7.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P
20630-17084
1.0
2025-12-03T01:02:14
<p>Information published.</p>
2.0
2025-12-09T01:36:54
<p>Information published.</p>
Azure Application Gateway Elevation of Privilege Vulnerability
<p>Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Application Gateway
Microsoft
No
CVE-2025-64656
Out-of-bounds Read
11852
Elevation of Privilege
11852
Critical
11852
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
9.4
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11852
Stav Nir with Microsoft
1.0
2025-11-20T00:00:00
<p>Information published.</p>
Azure Monitor Agent Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.</p>
<p><strong>How can I tell if this issue affects me, and what steps should I take to stay protected?</strong></p>
<p>If you have Azure Monitor Agent extension version 1.37.0 or below you are affected. To protect your device, please upgrade to version 1.37.1 and above.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) and integrity (I:L), and major loss of availability (A:H). What does that mean for this vulnerability?</strong></p>
<p>This means for the vulnerability, while data exposure and tampering are possible, the most significant impact is on system availability—exploitation could crash processes or exhaust memory, disrupting log collection and monitoring services.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
Azure Monitor Agent
Microsoft
Yes
CVE-2025-59504
Heap-based Buffer Overflow
11934
Remote Code Execution
11934
Important
11934
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C
11934
Release Notes
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal
11934
Maybe
Security Update
v1.37.1
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-extension-versions
11934
Release Notes
P1hcn
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Smart Card Reader Elevation of Privilege Vulnerability
<p>Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Smart Card
Microsoft
Yes
CVE-2025-59505
Double Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
10816
10855
5068864
5068907
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068907
5066875
10378
10379
Yes
Monthly Rollup
6.2.9200.25768
https://support.microsoft.com/help/5068907
10378
10379
5068907
5068905
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068905
5066873
10483
10543
Yes
Monthly Rollup
6.3.9600.22869
https://support.microsoft.com/help/5068905
10483
10543
5068905
Anonymous
1.0
2025-11-11T00:00:00
<p>Information published.</p>
DirectX Graphics Kernel Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows DirectX
Microsoft
Yes
CVE-2025-59506
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
10816
10855
5068864
5068907
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068907
5066875
10378
10379
Yes
Monthly Rollup
6.2.9200.25768
https://support.microsoft.com/help/5068907
10378
10379
5068907
5068905
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068905
5066873
10483
10543
Yes
Monthly Rollup
6.3.9600.22869
https://support.microsoft.com/help/5068905
10483
10543
5068905
<a href="https://twitter.com/b2ahex">b2ahex</a>
cyanbamboo
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Speech Runtime Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level.</p>
Windows Speech
Microsoft
Yes
CVE-2025-59507
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
10816
10855
5068864
Anonymous
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Speech Recognition Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows Speech
Microsoft
Yes
CVE-2025-59508
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
10816
10855
5068864
Anonymous
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Speech Recognition Information Disclosure Vulnerability
<p>Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is internal memory pointers. These leaked addresses could help an attacker bypass security protection and facilitate further exploitation.</p>
Windows Speech
Microsoft
Yes
CVE-2025-59509
Insertion of Sensitive Information Into Sent Data
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
Anonymous
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability
<p>Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.</p>
Windows Routing and Remote Access Service (RRAS)
Microsoft
Yes
CVE-2025-59510
Improper Link Resolution Before File Access ('Link Following')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
12437
Denial of Service
20437
Denial of Service
20438
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
20437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
20438
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
10816
10855
5068864
5068905
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068905
5066873
10483
10543
Yes
Monthly Rollup
6.3.9600.22869
https://support.microsoft.com/help/5068905
10483
10543
5068905
<a href="https://twitter.com/filip_dragovic">Filip Dragović</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows WLAN Service Elevation of Privilege Vulnerability
<p>External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p>
Windows WLAN Service
Microsoft
Yes
CVE-2025-59511
External Control of File Name or Path
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
<a href="https://x.com/t0zhang">T0</a>
<a href="https://x.com/t0zhang">T0</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability
<p>Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Customer Experience Improvement Program (CEIP)
Microsoft
Yes
CVE-2025-59512
Improper Access Control
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
10816
10855
5068864
5068907
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068907
5066875
10378
10379
Yes
Monthly Rollup
6.2.9200.25768
https://support.microsoft.com/help/5068907
10378
10379
5068907
5068905
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068905
5066873
10483
10543
Yes
Monthly Rollup
6.3.9600.22869
https://support.microsoft.com/help/5068905
10483
10543
5068905
<a href="https://x.com/t0zhang">T0</a>
<a href="https://x.com/t0zhang">T0</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Bluetooth RFCOM Protocol Driver Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), no loss of integrity (I:N), and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p>
<p>An attacker who successfully exploited this use after free vulnerability could view sensitive, previously freed memory heap information (Confidentiality) since the impacted component might be divulged to the attacker.</p>
<p>While the attacker cannot make changes to disclosed information (Integrity), they might be able to force a crash within the function (Availability).</p>
Windows Bluetooth RFCOM Protocol Driver
Microsoft
Yes
CVE-2025-59513
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
10816
10855
5068864
5068906
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068906
5066874
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23624
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068906
5068906
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068909
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068909
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23624
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068909
5068909
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068904
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068904
5066872
10051
10049
Yes
Monthly Rollup
6.1.7601.28021
https://support.microsoft.com/help/5068904
10051
10049
5068904
5068908
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068908
10051
10049
Yes
Security Only
6.1.7601.28021
https://support.microsoft.com/help/5068908
10051
10049
5068908
<a href="https://x.com/_twinklestar03">TwinkleStar03</a> with <a href="https://devco.re/">DEVCORE Internship Program</a>
<a href="https://x.com/_twinklestar03">TwinkleStar03</a> with <a href="https://devco.re/">DEVCORE Internship Program</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Remote Desktop Services Elevation of Privilege Vulnerability
<p>Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Remote Desktop
Microsoft
Yes
CVE-2025-60703
Untrusted Pointer Dereference
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
10816
10855
5068864
5068906
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068906
5066874
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23624
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068906
5068906
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068909
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068909
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23624
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068909
5068909
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068904
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068904
5066872
10051
10049
Yes
Monthly Rollup
6.1.7601.28021
https://support.microsoft.com/help/5068904
10051
10049
5068904
5068908
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068908
10051
10049
Yes
Security Only
6.1.7601.28021
https://support.microsoft.com/help/5068908
10051
10049
5068908
5068907
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068907
5066875
10378
10379
Yes
Monthly Rollup
6.2.9200.25768
https://support.microsoft.com/help/5068907
10378
10379
5068907
5068905
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068905
5066873
10483
10543
Yes
Monthly Rollup
6.3.9600.22869
https://support.microsoft.com/help/5068905
10483
10543
5068905
<a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37)</a> with <a href="https://www.enki.co.kr/">ENKI WhiteHat</a>
<a href="https://linkedin.com/in/kdj-abysslab">Dongjun Kim (smlijun)</a> with <a href="https://www.enki.co.kr/">ENKI WhiteHat</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Kerberos Elevation of Privilege Vulnerability
<p>Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk. In one such scenario for this vulnerability, the attacker could convince a victim to connect to an attacker controlled malicious application (for example, SMB) server. Upon connecting, the malicious server could compromise the protocol.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p>
<p>An unauthorized attacker must wait for a user to initiate a connection.</p>
Windows Kerberos
Microsoft
Yes
CVE-2025-60704
Missing Cryptographic Step
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
10816
10855
5068864
5068906
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068906
5066874
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23624
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068906
5068906
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068909
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068909
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23624
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068909
5068909
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068904
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068904
5066872
10051
10049
Yes
Monthly Rollup
6.1.7601.28021
https://support.microsoft.com/help/5068904
10051
10049
5068904
5068908
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068908
10051
10049
Yes
Security Only
6.1.7601.28021
https://support.microsoft.com/help/5068908
10051
10049
5068908
5068907
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068907
5066875
10378
10379
Yes
Monthly Rollup
6.2.9200.25768
https://support.microsoft.com/help/5068907
10378
10379
5068907
5068905
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068905
5066873
10483
10543
Yes
Monthly Rollup
6.3.9600.22869
https://support.microsoft.com/help/5068905
10483
10543
5068905
Dor Segal with Silverfort
Eliran Partush with Silverfort
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Client-Side Caching Elevation of Privilege Vulnerability
<p>Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>
Windows Client-Side Caching (CSC) Service
Microsoft
Yes
CVE-2025-60705
Improper Access Control
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
10816
10855
5068864
5068906
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068906
5066874
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23624
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068906
5068906
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068909
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068909
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23624
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068909
5068909
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068904
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068904
5066872
10051
10049
Yes
Monthly Rollup
6.1.7601.28021
https://support.microsoft.com/help/5068904
10051
10049
5068904
5068908
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068908
10051
10049
Yes
Security Only
6.1.7601.28021
https://support.microsoft.com/help/5068908
10051
10049
5068908
5068907
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068907
5066875
10378
10379
Yes
Monthly Rollup
6.2.9200.25768
https://support.microsoft.com/help/5068907
10378
10379
5068907
5068905
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068905
5066873
10483
10543
Yes
Monthly Rollup
6.3.9600.22869
https://support.microsoft.com/help/5068905
10483
10543
5068905
<a href="https://x.com/t0zhang">T0</a>
<a href="https://x.com/t0zhang">T0</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Hyper-V Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
Role: Windows Hyper-V
Microsoft
Yes
CVE-2025-60706
Out-of-bounds Read
11569
11571
11572
11923
11924
11931
12097
12437
20437
20438
12242
12243
12244
12389
12390
12436
10853
10816
10855
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11931
Information Disclosure
12097
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11931
Important
12097
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11931
12097
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10853
10816
10855
5068864
pwnky
pwnky
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability
<p>Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Multimedia Class Scheduler Service (MMCSS)
Microsoft
Yes
CVE-2025-60707
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
hazard
hazard
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Storvsp.sys Driver Denial of Service Vulnerability
<p>Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to cause denial of service on the Hyper-V host environment.</p>
Storvsp.sys Driver
Microsoft
Yes
CVE-2025-60708
Untrusted Pointer Dereference
11569
11571
11572
11923
11924
11931
12097
12437
20437
20438
12242
12243
12244
12389
12390
12436
10853
10816
10855
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11931
Denial of Service
12097
Denial of Service
12437
Denial of Service
20437
Denial of Service
20438
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11931
Important
12097
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.5
5.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
20437
6.5
5.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
20438
6.5
5.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11931
12097
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10853
10816
10855
5068864
Valter Wik with <a href="https://cparta.se/">Cparta Cyber Defense AB</a>
Valter Mann with <a href="https://cparta.se/">Cparta Cyber Defense AB</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Common Log File System Driver Elevation of Privilege Vulnerability
<p>Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Common Log File System Driver
Microsoft
Yes
CVE-2025-60709
Out-of-bounds Read
20437
20438
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
20437
Important
20438
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068861
https://support.microsoft.com/help/5068861
20437
20438
12437
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068966
https://support.microsoft.com/help/5068966
20437
20438
12437
12389
12390
12436
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
10816
10855
5068864
5068906
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068906
5066874
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23624
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068906
5068906
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068909
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068909
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23624
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068909
5068909
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068904
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068904
5066872
10051
10049
Yes
Monthly Rollup
6.1.7601.28021
https://support.microsoft.com/help/5068904
10051
10049
5068904
5068908
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068908
10051
10049
Yes
Security Only
6.1.7601.28021
https://support.microsoft.com/help/5068908
10051
10049
5068908
5068907
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068907
5066875
10378
10379
Yes
Monthly Rollup
6.2.9200.25768
https://support.microsoft.com/help/5068907
10378
10379
5068907
5068905
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068905
5066873
10483
10543
Yes
Monthly Rollup
6.3.9600.22869
https://support.microsoft.com/help/5068905
10483
10543
5068905
<a href="https://twitter.com/thezdi">Anonymous</a> with <a href="https://www.zerodayinitiative.com/">Trend Zero Day Initiative</a>
<a href="https://twitter.com/thezdi">Anonymous</a> with <a href="https://www.zerodayinitiative.com/">Trend Zero Day Initiative</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Microsoft Excel Information Disclosure Vulnerability
<p>Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p>
<p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-60726
Out-of-bounds Read
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Information Disclosure
10836
Information Disclosure
11573
Information Disclosure
11574
Information Disclosure
11762
Information Disclosure
11763
Information Disclosure
11951
Information Disclosure
11952
Information Disclosure
11953
Information Disclosure
12420
Information Disclosure
12421
Information Disclosure
12440
Information Disclosure
10739
Information Disclosure
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
10836
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
11573
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
11574
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
11762
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
11763
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
11951
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
11952
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
11953
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
12420
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
12421
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
12440
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
10739
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
10740
5002801
https://www.microsoft.com/en-us/download/details.aspx?id=108443
5002797
10836
Maybe
Security Update
16.0.10417.20068
https://support.microsoft.com/help/5002801
10836
5002801
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.103.25110922
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002811
https://www.microsoft.com/en-us/download/details.aspx?id=108438
5002794
10739
10740
Maybe
Security Update
16.0.5526.1002
https://support.microsoft.com/help/5002811
10739
10740
5002811
5002810
https://www.microsoft.com/en-us/download/details.aspx?id=108439
5002757
10739
10740
Maybe
Security Update
16.0.5526.1003
https://support.microsoft.com/help/5002810
10739
10740
5002810
<a href="https://x.com/dnpushme">@dnpushme & Zhiniang Peng with HUST</a> & @sat0rn3
1.0
2025-11-11T00:00:00
<p>Information published.</p>
2.0
2025-11-11T00:00:00
<p>Affected software updated with new package information.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p>
<p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-60727
Out-of-bounds Read
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002801
https://www.microsoft.com/en-us/download/details.aspx?id=108443
5002797
10836
Maybe
Security Update
16.0.10417.20068
https://support.microsoft.com/help/5002801
10836
5002801
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.103.25110922
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002811
https://www.microsoft.com/en-us/download/details.aspx?id=108438
5002794
10739
10740
Maybe
Security Update
16.0.5526.1002
https://support.microsoft.com/help/5002811
10739
10740
5002811
5002810
https://www.microsoft.com/en-us/download/details.aspx?id=108439
5002757
10739
10740
Maybe
Security Update
16.0.5526.1003
https://support.microsoft.com/help/5002810
10739
10740
5002810
<a href="https://twitter.com/edwardzpeng">wh1tc in Kunlun lab & devoke & Zhiniang Peng</a> with HUST
1.0
2025-11-11T00:00:00
<p>Information published.</p>
2.0
2025-11-11T00:00:00
<p>Affected software updated with new package information.</p>
Microsoft Excel Information Disclosure Vulnerability
<p>Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) and integrity (I:N), but could lead to some loss of availability (A:L). What does that mean for this vulnerability?</strong></p>
<p>While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-60728
Untrusted Pointer Dereference
Out-of-bounds Read
11762
11763
12420
12421
12440
Information Disclosure
11762
Information Disclosure
11763
Information Disclosure
12420
Information Disclosure
12421
Information Disclosure
12440
Important
11762
Important
11763
Important
12420
Important
12421
Important
12440
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
11762
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
11763
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
12420
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
12421
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
12440
Click to Run
11762
11763
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates
11762
11763
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
12440
Maybe
Security Update
16.103.25110922
https://go.microsoft.com/fwlink/p/?linkid=831049
12440
Release Notes
<a href="https://www.linkedin.com/in/boolgombear/">boolgombear</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
Microsoft Office
Microsoft
Yes
CVE-2025-62199
Use After Free
10753
10754
11953
11952
12420
12421
12155
11762
11763
11951
12440
Remote Code Execution
10753
Remote Code Execution
10754
Remote Code Execution
11953
Remote Code Execution
11952
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12155
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
12440
Critical
10753
Critical
10754
Critical
11953
Critical
11952
Critical
12420
Critical
12421
Critical
12155
Critical
11762
Critical
11763
Critical
11951
Critical
12440
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10753
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10754
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12155
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
5002809
https://www.microsoft.com/en-us/download/details.aspx?id=108440
5002792
10753
10754
Maybe
Security Update
16.0.5526.1000
https://support.microsoft.com/help/5002809
10753
10754
5002809
Click to Run
11953
11952
12420
12421
11762
11763
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11953
11952
12420
12421
11762
11763
Click to Run
Release Notes
https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow
12155
Maybe
Security Update
16.0.19426.20044
https://support.google.com/googleplay/answer/113412?hl=en
12155
Release Notes
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.103.25110922
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
Li Shuang, willJ and Guang Gong with Vulnerability Research Institute
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
<p>Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have to click on a specially crafted URL to be compromised by the attacker, and navigate to a malicious site where malicious code would execute a series of specially crafted queries.</p>
Microsoft Dynamics 365 (on-premises)
Microsoft
Yes
CVE-2025-62206
Exposure of Sensitive Information to an Unauthorized Actor
11921
Information Disclosure
11921
Important
11921
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11921
5067331
https://www.microsoft.com/en-us/download/details.aspx?id=108455
11921
Maybe
Security Update
9.1.41.07
https://support.microsoft.com/help/5067331
11921
5067331
Ha Anh Hoang with <a href="https://viettelcybersecurity.com/">Viettel Cyber Security</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Dynamics 365 Field Service (online) Spoofing Vulnerability
<p>Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.</p>
<p><strong>What actions do customers need to take to protect themselves from this vulnerability?</strong></p>
<p>Customers running Dynamics 365 Field Service (online) need to go to the Power Platform admin center and apply the updates. See <a href="https://learn.microsoft.com/en-us/dynamics365/field-service/update-field-service">Update apps and solutions</a> for more information about updating your Field Service app.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>An authorized attacker must send the user a malicious link and convince the user to open it.</p>
Dynamics 365 Field Service (online)
Microsoft
Yes
CVE-2025-62210
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
20588
Spoofing
20588
Important
20588
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
8.7
7.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C
20588
Release Notes
20588
Maybe
Security Update
8.8.139.398
https://learn.microsoft.com/en-us/dynamics365/field-service/version-history#88139398
20588
Release Notes
<a href="https://x.com/nmdhkr">Brad Schlintz (nmdhkr)</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
Microsoft Office
Microsoft
Yes
CVE-2025-62216
Use After Free
11762
11763
11952
11953
12420
12421
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Important
11762
Important
11763
Important
11952
Important
11953
Important
12420
Important
12421
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
Click to Run
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates
11762
11763
11952
11953
12420
12421
Click to Run
Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
<p>Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Ancillary Function Driver for WinSock
Microsoft
Yes
CVE-2025-60719
Untrusted Pointer Dereference
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
10816
10855
5068864
5068906
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068906
5066874
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23624
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068906
5068906
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068909
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068909
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23624
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068909
5068909
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068904
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068904
5066872
10051
10049
Yes
Monthly Rollup
6.1.7601.28021
https://support.microsoft.com/help/5068904
10051
10049
5068904
5068908
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068908
10051
10049
Yes
Security Only
6.1.7601.28021
https://support.microsoft.com/help/5068908
10051
10049
5068908
5068907
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068907
5066875
10378
10379
Yes
Monthly Rollup
6.2.9200.25768
https://support.microsoft.com/help/5068907
10378
10379
5068907
5068905
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068905
5066873
10483
10543
Yes
Monthly Rollup
6.3.9600.22869
https://support.microsoft.com/help/5068905
10483
10543
5068905
<a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Microsoft OneDrive for Android Elevation of Privilege Vulnerability
<p>Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>What privileges could an attacker gain with successful exploitation?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions with the same privileges as the compromised process.</p>
<p>This could lead to further system compromise and unauthorized actions within the network.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), but could lead to no loss of availability (A:N). What does that mean for this vulnerability?</strong></p>
<p>Exploiting this vulnerability could allow an attacker to disclose files and modify data, but the attacker cannot impact the Availability of the system.</p>
OneDrive for Android
Microsoft
Yes
CVE-2025-60722
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
11726
Elevation of Privilege
11726
Important
11726
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11726
App Store
https://play.google.com/store/apps/details?id=com.microsoft.skydrive&hl=en_US&gl=US
11726
Maybe
Security Update
7.42
https://play.google.com/store/apps/details?id=com.microsoft.skydrive&hl=en_US&gl=US
11726
App Store
<a href="https://www.linkedin.com/in/thongvv3">Vo Van Thong</a> with <a href="https://vnggames.com/">VNGGames</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Ancillary Function Driver for WinSock
Microsoft
Yes
CVE-2025-62217
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
10816
10855
5068864
5068906
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068906
5066874
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23624
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068906
5068906
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068909
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068909
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23624
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068909
5068909
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068904
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068904
5066872
10051
10049
Yes
Monthly Rollup
6.1.7601.28021
https://support.microsoft.com/help/5068904
10051
10049
5068904
5068908
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068908
10051
10049
Yes
Security Only
6.1.7601.28021
https://support.microsoft.com/help/5068908
10051
10049
5068908
5068907
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068907
5066875
10378
10379
Yes
Monthly Rollup
6.2.9200.25768
https://support.microsoft.com/help/5068907
10378
10379
5068907
5068905
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068905
5066873
10483
10543
Yes
Monthly Rollup
6.3.9600.22869
https://support.microsoft.com/help/5068905
10483
10543
5068905
<a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Microsoft Wireless Provisioning System
Microsoft
Yes
CVE-2025-62218
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11929
11930
11931
12097
12098
12099
20437
20438
12242
12243
12389
12390
10852
10853
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
10852
Elevation of Privilege
10853
Important
11568
Important
11569
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
20437
Important
20438
Important
12242
Important
12243
Important
12389
Important
12390
Important
10852
Important
10853
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
5068791
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068861
https://support.microsoft.com/help/5068861
20437
20438
12389
12390
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068966
https://support.microsoft.com/help/5068966
20437
20438
12389
12390
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12389
12390
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12389
12390
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12389
12390
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12389
12390
5068966
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
5068864
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability
<p>Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Microsoft Wireless Provisioning System
Microsoft
Yes
CVE-2025-62219
Double Free
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11929
11930
11931
12097
12098
12099
20437
20438
12242
12243
12389
12390
10852
10853
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
10852
Elevation of Privilege
10853
Important
11568
Important
11569
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
20437
Important
20438
Important
12242
Important
12243
Important
12389
Important
12390
Important
10852
Important
10853
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
5068791
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068861
https://support.microsoft.com/help/5068861
20437
20438
12389
12390
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068966
https://support.microsoft.com/help/5068966
20437
20438
12389
12390
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12389
12390
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12389
12390
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12389
12390
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12389
12390
5068966
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
5068864
Anonymous
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Subsystem for Linux GUI Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network.</p>
<p><strong>Where do I find installation steps for WSL and WSLg?</strong></p>
<p>If you have an existing WSL installation without WSLg and want to update to the latest version of WSL which includes WSLg, run the command <code>wsl --update </code> from an elevated command prompt.</p>
<p>To learn more visit the <a href="https://github.com/microsoft/wslg?tab=readme-ov-file#install-instructions-fresh-install---no-prior-wsl-installation">GitHub Repo</a>.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). How could an attacker exploit this vulnerability?</strong></p>
<p>A vulnerability in the Remote Desktop client can lead to remote code execution in the Windows host process (msrdc.exe). While the typical scenario involves local communication between a Windows host and a Linux VM, the attack vector is Network (AV:N) because it relies on a network protocol.</p>
<p>Although user interaction is required, the risk extends beyond local use: the client supports loading plugins via the /plugin option, and the protocol is open source. This means a crafted attack could potentially be delivered remotely if an attacker can interact with the protocol.</p>
Windows Subsystem for Linux GUI
Microsoft
Yes
CVE-2025-62220
Heap-based Buffer Overflow
20594
Remote Code Execution
20594
Important
20594
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20594
Release Notes 2.6.2 Microsoft WSL
https://github.com/microsoft/wslg
20594
No
Security Update
2.6.2
https://github.com/microsoft/WSL/releases/tag/2.6.2
20594
Release Notes 2.6.2 Microsoft WSL
<a href="https://twitter.com/mas0nshi">YingQi Shi (@Mas0n)</a> with <a href="https://www.dbappsecurity.com.cn/product/cloud250.html">DBAPPSecurity WeBin Lab</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
1.1
2025-11-13T00:00:00
<p>Corrected one or more links in the FAQ. This is an informational change only.</p>
Chromium: CVE-2025-12729 Inappropriate implementation in Omnibox
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong>
| Microsoft Edge Version | Date Released | Based on Chromium Version |
| ----- | ----- | ----- |
| 142.0.3595.66 | 11/10/2025 | 142.0.7444.135 |</p>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-12729
11655
11655
11655
Release Notes
11655
No
Security Update
142.0.3595.66
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-11-10T00:00:30
<p>Information published.</p>
Chromium: CVE-2025-12726 Inappropriate implementation in Views.
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong>
| Microsoft Edge Version | Date Released | Based on Chromium Version |
| ----- | ----- | ----- |
| 142.0.3595.65 | 11/6/2025 | 142.0.7444.134/.135 |</p>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-12726
11655
11655
11655
Release Notes
11655
No
Security Update
142.0.3595.65
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-11-06T11:20:27
<p>Information published.</p>
Chromium: CVE-2025-12727 Inappropriate implementation in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong>
| Microsoft Edge Version | Date Released | Based on Chromium Version |
| ----- | ----- | ----- |
| 142.0.3595.66 | 11/10/2025 | 142.0.7444.135 |</p>
<p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p>
<p>Yes. Customers should apply all updates offered for the software installed on their systems.</p>
<p><strong>What is the version information for this release?</strong>
| Microsoft Edge Version | Date Released | Based on Chromium Version |
| ----- | ----- | ----- |
| 142.0.3595.65 | 11/6/2025 | 142.0.7444.134/.135 |</p>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-12727
11655
11655
11655
Release Notes
11655
No
Security Update
142.0.3595.65
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
Release Notes
11655
No
Security Update
142.0.3595.66
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-11-06T11:20:28
<p>Information published.</p>
2.0
2025-11-10T00:00:00
<p>Affected software updated with new package information.</p>
2.1
2025-11-10T00:00:00
<p>Added FAQ information. This is an informational change only.</p>
Chromium: CVE-2025-12728 Inappropriate implementation in Omnibox
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong>
| Microsoft Edge Version | Date Released | Based on Chromium Version |
| ----- | ----- | ----- |
| 142.0.3595.66 | 11/10/2025 | 142.0.7444.135 |</p>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-12728
11655
11655
11655
Release Notes
11655
No
Security Update
142.0.3595.66
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-11-10T00:00:29
<p>Information published.</p>
Chromium: CVE-2025-12725 Out of bounds write in WebGPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong>
| Microsoft Edge Version | Date Released | Based on Chromium Version |
| ----- | ----- | ----- |
| 142.0.3595.66 | 11/10/2025 | 142.0.7444.135 |</p>
<p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p>
<p>Yes. Customers should apply all updates offered for the software installed on their systems.</p>
<p><strong>What is the version information for this release?</strong>
| Microsoft Edge Version | Date Released | Based on Chromium Version |
| ----- | ----- | ----- |
| 142.0.3595.65 | 11/6/2025 | 142.0.7444.134/.135 |</p>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-12725
11655
11655
11655
Release Notes
11655
No
Security Update
142.0.3595.65
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
Release Notes
11655
No
Security Update
142.0.3595.66
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-11-06T11:20:24
<p>Information published.</p>
2.0
2025-11-10T00:00:00
<p>Affected software updated with new package information.</p>
2.1
2025-11-10T00:00:00
<p>Added FAQ information. This is an informational change only.</p>
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p>
<p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker authenticated on the domain could exploit this vulnerability by tricking a domain-joined user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p>
Windows Routing and Remote Access Service (RRAS)
Microsoft
Yes
CVE-2025-62452
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
20437
Remote Code Execution
20438
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
10816
10855
5068864
5068906
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068906
5066874
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23624
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068906
5068906
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068909
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068909
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23624
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068909
5068909
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068904
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068904
5066872
10051
10049
Yes
Monthly Rollup
6.1.7601.28021
https://support.microsoft.com/help/5068904
10051
10049
5068904
5068908
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068908
10051
10049
Yes
Security Only
6.1.7601.28021
https://support.microsoft.com/help/5068908
10051
10049
5068908
5068907
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068907
5066875
10378
10379
Yes
Monthly Rollup
6.2.9200.25768
https://support.microsoft.com/help/5068907
10378
10379
5068907
5068905
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068905
5066873
10483
10543
Yes
Monthly Rollup
6.3.9600.22869
https://support.microsoft.com/help/5068905
10483
10543
5068905
Anonymous
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Chromium: CVE-2025-13042 Inappropriate implementation in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>142.0.3595.80</td>
<td>11/13/2025</td>
<td>142.0.7444.162/.163</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-13042
11655
11655
11655
Release Notes
11655
No
Security Update
142.0.3595.80
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-11-13T11:38:27
<p>Information published.</p>
Chromium: CVE-2025-13224 Type Confusion in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>142.0.3595.90</td>
<td>11/18/2025</td>
<td>142.0.7444.176</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-13224
11655
11655
11655
Release Notes
11655
No
Security Update
142.0.3595.90
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-11-18T08:57:58
<p>Information published.</p>
Chromium: CVE-2025-13223 Type Confusion in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information. Google is aware that an exploit for CVE-2025-13223 exists in the wild.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>142.0.3595.90</td>
<td>11/18/2025</td>
<td>142.0.7444.176</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-13223
11655
11655
11655
Release Notes
11655
No
Security Update
142.0.3595.90
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-11-18T08:57:54
<p>Information published.</p>
Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability
<p>Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Dynamics OmniChannel SDK Storage Containers
Microsoft
No
CVE-2025-64655
Improper Authorization
20670
Elevation of Privilege
20670
Critical
20670
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20670
<a href="https://www.linkedin.com/in/vaishabernard/">Vaisha Bernard</a> with <a href="https://eye.security/">Eye Security</a>
1.0
2025-11-20T00:00:00
<p>Information published.</p>
Microsoft SharePoint Online Elevation of Privilege Vulnerability
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Microsoft Office SharePoint
Microsoft
No
CVE-2025-59245
Deserialization of Untrusted Data
20446
Remote Code Execution
20446
Critical
20446
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20446
cjm00n & Zhiniang Peng with HUST
IuHrm & cjm00n & Zhiniang Peng with HUST
1.0
2025-11-20T00:00:00
<p>Information published.</p>
Azure Bastion Elevation of Privilege Vulnerability
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Software for Open Networking in the Cloud (SONiC)
Microsoft
No
CVE-2025-49752
Authentication Bypass by Capture-replay
16816
Elevation of Privilege
16816
Critical
16816
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
10.0
8.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C
16816
Microsoft
1.2
2025-11-21T00:00:00
<p>Updated acknowledgment.</p>
1.0
2025-11-20T00:00:00
<p>Information published.</p>
1.1
2025-11-20T00:00:00
<p>Corrected security updates table. This is an informational change only.</p>
Azure Monitor Elevation of Privilege Vulnerability
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Monitor
Microsoft
No
CVE-2025-62207
Server-Side Request Forgery (SSRF)
20611
Elevation of Privilege
20611
Critical
20611
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
8.6
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
20611
Sriharsha Pallekonda with Microsoft
Harsh Vardhan with Microsoft
1.0
2025-11-20T00:00:00
<p>Information published.</p>
Microsoft Excel Information Disclosure Vulnerability
<p>Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-59240
Exposure of Sensitive Information to an Unauthorized Actor
11953
11952
12420
12421
11573
11574
11762
11763
10739
10740
Information Disclosure
11953
Information Disclosure
11952
Information Disclosure
12420
Information Disclosure
12421
Information Disclosure
11573
Information Disclosure
11574
Information Disclosure
11762
Information Disclosure
11763
Information Disclosure
10739
Information Disclosure
10740
Important
11953
Important
11952
Important
12420
Important
12421
Important
11573
Important
11574
Important
11762
Important
11763
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11953
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11952
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12420
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12421
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11573
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11574
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11762
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11763
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10739
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10740
Click to Run
11953
11952
12420
12421
11573
11574
11762
11763
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11953
11952
12420
12421
11573
11574
11762
11763
Click to Run
5002811
https://www.microsoft.com/en-us/download/details.aspx?id=108438
5002794
10739
10740
Maybe
Security Update
16.0.5526.1002
https://support.microsoft.com/help/5002811
10739
10740
5002811
Felix B.
Felix B.
Felix B.
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Configuration Manager Elevation of Privilege Vulnerability
<p>Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker with access to any user account assigned the built-in CMPivot Administrator security role could exploit this vulnerability by escalating privileges. Specifically, they could assign themselves—or another account—the Full Administrator role (or any other elevated role), or modify existing role permissions. This would allow them to bypass intended security boundaries and gain unrestricted access across the hierarchy.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An authorized attacker who successfully exploited this vulnerability could gain configuration manager administrator privileges.</p>
Microsoft Configuration Manager
Microsoft
Yes
CVE-2025-47179
Improper Access Control
12402
16788
20545
Elevation of Privilege
12402
Elevation of Privilege
16788
Elevation of Privilege
20545
Important
12402
Important
16788
Important
20545
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12402
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16788
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20545
Release Notes
https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2409/35360093
12402
No
Security Update
5.00.9128.1037
https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2409/35360093
12402
Release Notes
Release Notes
https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2503/32851084
16788
No
Security Update
5.0.9135.1013
https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2503/32851084
16788
Release Notes
Release Notes
https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2409/35360093
20545
No
Security Update
5.00.9132.1031
https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2409/35360093
20545
Release Notes
<a href="https://x.com/_mayyhem">Chris Thompson</a> with <a href="https://specterops.io/">SpecterOps</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
<p>Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Microsoft Streaming Service
Microsoft
Yes
CVE-2025-59514
Improper Privilege Management
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
10816
10855
5068864
5068906
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068906
5066874
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23624
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068906
5068906
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068909
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068909
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23624
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068909
5068909
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068904
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068904
5066872
10051
10049
Yes
Monthly Rollup
6.1.7601.28021
https://support.microsoft.com/help/5068904
10051
10049
5068904
5068908
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068908
10051
10049
Yes
Security Only
6.1.7601.28021
https://support.microsoft.com/help/5068908
10051
10049
5068908
5068907
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068907
5066875
10378
10379
Yes
Monthly Rollup
6.2.9200.25768
https://support.microsoft.com/help/5068907
10378
10379
5068907
5068905
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068905
5066873
10483
10543
Yes
Monthly Rollup
6.3.9600.22869
https://support.microsoft.com/help/5068905
10483
10543
5068905
<a href="https://x.com/t0zhang">T0</a>
<a href="https://x.com/t0zhang">T0</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Broadcast DVR User Service Elevation of Privilege Vulnerability
<p>Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p>
Windows Broadcast DVR User Service
Microsoft
Yes
CVE-2025-59515
Use After Free
11568
11569
11571
11572
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
<a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37), SEC-agent team</a> with <a href="https://www.enki.co.kr/">ENKI WhiteHat</a>
<a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37), SEC-agent team</a> with <a href="https://www.enki.co.kr/">ENKI WhiteHat</a>
Hwiwon Lee (hwiwonl), SEC-agent team
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
<p>Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Routing and Remote Access Service (RRAS)
Microsoft
Yes
CVE-2025-60713
Untrusted Pointer Dereference
11571
11572
11923
11924
12437
12244
12436
10816
10855
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
12437
Elevation of Privilege
12244
Elevation of Privilege
12436
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11571
Important
11572
Important
11923
Important
11924
Important
12437
Important
12244
Important
12436
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
12436
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10816
10855
5068864
<a href="https://twitter.com/ezrak1e">Ezrak1e</a>
<a href="https://twitter.com/ezrak1e">Ezrak1e</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows OLE Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p>
<ul>
<li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li>
<li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li>
</ul>
<p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
Windows OLE
Microsoft
Yes
CVE-2025-60714
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12242
12243
12244
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12242
Important
12243
Important
12244
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
10816
10855
5068864
5068906
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068906
5066874
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23624
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068906
5068906
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068909
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068909
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23624
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068909
5068909
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068904
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068904
5066872
10051
10049
Yes
Monthly Rollup
6.1.7601.28021
https://support.microsoft.com/help/5068904
10051
10049
5068904
5068908
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068908
10051
10049
Yes
Security Only
6.1.7601.28021
https://support.microsoft.com/help/5068908
10051
10049
5068908
5068907
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068907
5066875
10378
10379
Yes
Monthly Rollup
6.2.9200.25768
https://support.microsoft.com/help/5068907
10378
10379
5068907
5068905
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068905
5066873
10483
10543
Yes
Monthly Rollup
6.3.9600.22869
https://support.microsoft.com/help/5068905
10483
10543
5068905
<a href="https://twitter.com/tecr0c">Rocco Calvi (@TecR0c)</a> with <a href="https://tecsecurity.io/">TecSecurity</a>
<a href="https://twitter.com/tecr0c">Rocco Calvi (@TecR0c)</a> with <a href="https://tecsecurity.io/">TecSecurity</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Exploitation of this vulnerability requires an authorized attacker on the domain to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker authenticated on the domain could exploit this vulnerability by tricking a domain-joined user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p>
Windows Routing and Remote Access Service (RRAS)
Microsoft
Yes
CVE-2025-60715
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
20437
Remote Code Execution
20438
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
10816
10855
5068864
5068906
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068906
5066874
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23624
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068906
5068906
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068909
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068909
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23624
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068909
5068909
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068904
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068904
5066872
10051
10049
Yes
Monthly Rollup
6.1.7601.28021
https://support.microsoft.com/help/5068904
10051
10049
5068904
5068908
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068908
10051
10049
Yes
Security Only
6.1.7601.28021
https://support.microsoft.com/help/5068908
10051
10049
5068908
5068907
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068907
5066875
10378
10379
Yes
Monthly Rollup
6.2.9200.25768
https://support.microsoft.com/help/5068907
10378
10379
5068907
5068905
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068905
5066873
10483
10543
Yes
Monthly Rollup
6.3.9600.22869
https://support.microsoft.com/help/5068905
10483
10543
5068905
Sruthy TV
Manish Kumawat
Anonymous
1.0
2025-11-11T00:00:00
<p>Information published.</p>
DirectX Graphics Kernel Elevation of Privilege Vulnerability
<p>Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows DirectX
Microsoft
Yes
CVE-2025-60716
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Critical
11568
Critical
11569
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11929
Critical
11930
Critical
11931
Critical
12097
Critical
12098
Critical
12099
Critical
12437
Critical
20437
Critical
20438
Critical
12242
Critical
12243
Critical
12244
Critical
12389
Critical
12390
Critical
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
cyanbamboo and b2ahex
cyanbamboo and b2ahex
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Broadcast DVR User Service Elevation of Privilege Vulnerability
<p>Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows Broadcast DVR User Service
Microsoft
Yes
CVE-2025-60717
Use After Free
11568
11569
11571
11572
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
Anonymous
<a href="https://linkedin.com/in/hwiwonlee">Hwiwon Lee (hwiwonl), SEC-agent team</a>
<a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37), SEC-agent team</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Administrator Protection Elevation of Privilege Vulnerability
<p>Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>With successful exploitation of this vulnerability, an attacker could gain elevated privileges equivalent to a system managed administrator, allowing them to execute arbitrary code with high integrity and bypass administrator protections.</p>
Windows Administrator Protection
Microsoft
Yes
CVE-2025-60718
Untrusted Search Path
12389
12390
20437
20438
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
20437
Elevation of Privilege
20438
Important
12389
Important
12390
Important
20437
Important
20438
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12389
12390
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12389
12390
5068861
5068861
https://support.microsoft.com/help/5068861
12389
12390
20437
20438
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12389
12390
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12389
12390
5068966
5068966
https://support.microsoft.com/help/5068966
12389
12390
20437
20438
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
James Forshaw with Google Project Zero
James Forshaw with Google Project Zero
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability
<p>Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows TDX.sys
Microsoft
Yes
CVE-2025-60720
Buffer Over-read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
10816
10855
5068864
5068906
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068906
5066874
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23624
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068906
5068906
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068909
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068909
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23624
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068909
5068909
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068904
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068904
5066872
10051
10049
Yes
Monthly Rollup
6.1.7601.28021
https://support.microsoft.com/help/5068904
10051
10049
5068904
5068908
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068908
10051
10049
Yes
Security Only
6.1.7601.28021
https://support.microsoft.com/help/5068908
10051
10049
5068908
5068907
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068907
5066875
10378
10379
Yes
Monthly Rollup
6.2.9200.25768
https://support.microsoft.com/help/5068907
10378
10379
5068907
5068905
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068905
5066873
10483
10543
Yes
Monthly Rollup
6.3.9600.22869
https://support.microsoft.com/help/5068905
10483
10543
5068905
haowei yan(jingdong dawnslab)
haowei yan(jingdong dawnslab)
1.0
2025-11-11T00:00:00
<p>Information published.</p>
DirectX Graphics Kernel Denial of Service Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to cause denial of service on the Hyper-V host environment.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows DirectX
Microsoft
Yes
CVE-2025-60723
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Denial of Service
11568
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
12437
Denial of Service
20437
Denial of Service
20438
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.3
5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
6.3
5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
6.3
5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
6.3
5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
6.3
5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
6.3
5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
6.3
5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
6.3
5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
6.3
5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
6.3
5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
6.3
5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
6.3
5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
6.3
5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
6.3
5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
20437
6.3
5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
20438
6.3
5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
6.3
5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
6.3
5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
6.3
5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
6.3
5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
6.3
5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
cyanbamboo and b2ahex
1.0
2025-11-11T00:00:00
<p>Information published.</p>
GDI+ Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N). How could an attacker exploit the vulnerability?</strong></p>
<p>An attacker could trigger this vulnerability by convincing a victim to download and open a document that contains a specially crafted metafile. In the worst-case scenario, an attacker could trigger this vulnerability on web services by uploading documents containing a specially crafted metafile (AV:N) without user interaction. When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk.</p>
<p><strong>According to the CVSS metric, the privilege required is none (PR:N) and user interaction is none (UI:N). What does that mean for this vulnerability?</strong></p>
<p>An attacker doesn't require any privileges on the systems hosting the web services. Successful exploitation of this vulnerability could cause Remote Code Execution or Information Disclosure on web services that are parsing documents that contain a specially crafted metafile, without the involvement of a victim user.</p>
Microsoft Graphics Component
Microsoft
Yes
CVE-2025-60724
Heap-based Buffer Overflow
11951
12155
12440
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11951
Remote Code Execution
12155
Remote Code Execution
12440
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
20437
Remote Code Execution
20438
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11951
Important
12155
Important
12440
Critical
11568
Critical
11569
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11929
Critical
11930
Critical
11931
Critical
12097
Critical
12098
Critical
12099
Critical
12437
Critical
20437
Critical
20438
Critical
12242
Critical
12243
Critical
12244
Critical
12389
Critical
12390
Critical
12436
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12155
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.103.25110922
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
Release Notes
https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow
12155
Maybe
Security Update
16.0.19426.20044
https://support.google.com/googleplay/answer/113412?hl=en
12155
Release Notes
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
10816
10855
5068864
5068906
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068906
5066874
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23624
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068906
5068906
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068909
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068909
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23624
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068909
5068909
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068904
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068904
5066872
10051
10049
Yes
Monthly Rollup
6.1.7601.28021
https://support.microsoft.com/help/5068904
10051
10049
5068904
5068908
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068908
10051
10049
Yes
Security Only
6.1.7601.28021
https://support.microsoft.com/help/5068908
10051
10049
5068908
5068907
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068907
5066875
10378
10379
Yes
Monthly Rollup
6.2.9200.25768
https://support.microsoft.com/help/5068907
10378
10379
5068907
5068905
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068905
5066873
10483
10543
Yes
Monthly Rollup
6.3.9600.22869
https://support.microsoft.com/help/5068905
10483
10543
5068905
<a href="https://www.linkedin.com/in/4n0nym4u5">4n0nym4u5</a> with <a href="https://www.zscaler.com/">Zscaler</a>
<a href="https://www.linkedin.com/in/4n0nym4u5">4n0nym4u5</a> with <a href="https://www.zscaler.com/">Zscaler</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-62200
Untrusted Pointer Dereference
10836
11573
11574
11762
11763
11952
11953
12420
12421
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
10739
Remote Code Execution
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11952
Important
11953
Important
12420
Important
12421
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002801
https://www.microsoft.com/en-us/download/details.aspx?id=108443
5002797
10836
Maybe
Security Update
16.0.10417.20068
https://support.microsoft.com/help/5002801
10836
5002801
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
5002811
https://www.microsoft.com/en-us/download/details.aspx?id=108438
5002794
10739
10740
Maybe
Security Update
16.0.5526.1002
https://support.microsoft.com/help/5002811
10739
10740
5002811
<a href="https://www.linkedin.com/in/boolgombear/">boolgombear</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-62201
Heap-based Buffer Overflow
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002801
https://www.microsoft.com/en-us/download/details.aspx?id=108443
5002797
10836
Maybe
Security Update
16.0.10417.20068
https://support.microsoft.com/help/5002801
10836
5002801
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.103.25110922
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002811
https://www.microsoft.com/en-us/download/details.aspx?id=108438
5002794
10739
10740
Maybe
Security Update
16.0.5526.1002
https://support.microsoft.com/help/5002811
10739
10740
5002811
<a href="https://www.linkedin.com/in/boolgombear/">boolgombear</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Microsoft Excel Information Disclosure Vulnerability
<p>Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p>
<p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-62202
Out-of-bounds Read
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Information Disclosure
10836
Information Disclosure
11573
Information Disclosure
11574
Information Disclosure
11762
Information Disclosure
11763
Information Disclosure
11951
Information Disclosure
11952
Information Disclosure
11953
Information Disclosure
12420
Information Disclosure
12421
Information Disclosure
12440
Information Disclosure
10739
Information Disclosure
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
10836
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
11573
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
11574
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
11762
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
11763
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
11951
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
11952
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
11953
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
12420
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
12421
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
12440
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
10739
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
10740
5002801
https://www.microsoft.com/en-us/download/details.aspx?id=108443
5002797
10836
Maybe
Security Update
16.0.10417.20068
https://support.microsoft.com/help/5002801
10836
5002801
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.103.25110922
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002811
https://www.microsoft.com/en-us/download/details.aspx?id=108438
5002794
10739
10740
Maybe
Security Update
16.0.5526.1002
https://support.microsoft.com/help/5002811
10739
10740
5002811
5002810
https://www.microsoft.com/en-us/download/details.aspx?id=108439
5002757
10739
10740
Maybe
Security Update
16.0.5526.1003
https://support.microsoft.com/help/5002810
10739
10740
5002810
<a href="https://www.linkedin.com/in/boolgombear/">boolgombear</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-62203
Use After Free
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002801
https://www.microsoft.com/en-us/download/details.aspx?id=108443
5002797
10836
Maybe
Security Update
16.0.10417.20068
https://support.microsoft.com/help/5002801
10836
5002801
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.103.25110922
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002811
https://www.microsoft.com/en-us/download/details.aspx?id=108438
5002794
10739
10740
Maybe
Security Update
16.0.5526.1002
https://support.microsoft.com/help/5002811
10739
10740
5002811
<a href="https://twitter.com/jq0904">Quan Jin</a> with DBAPPSecurity
1.0
2025-11-11T00:00:00
<p>Information published.</p>
2.0
2025-11-11T00:00:00
<p>Affected software updated with new package information.</p>
Microsoft SharePoint Remote Code Execution Vulnerability
<p>Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p>
<p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p>
<p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>An authorized attacker with privileges could send controlled inputs to exploit this vulnerability.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2025-62204
Deserialization of Untrusted Data
10950
11585
11961
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11961
Important
10950
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002805
https://www.microsoft.com/en-us/download/details.aspx?id=108441
5002788
10950
Maybe
Security Update
16.0.5526.1001
https://support.microsoft.com/help/5002805
10950
5002805
5002805
https://support.microsoft.com/help/5002805
10950
5002803
https://www.microsoft.com/en-us/download/details.aspx?id=108442
5002796
11585
Maybe
Security Update
16.0.10417.20068
https://support.microsoft.com/help/5002803
11585
5002803
5002803
https://support.microsoft.com/help/5002803
11585
5002800
https://www.microsoft.com/en-us/download/details.aspx?id=108444
5002786
11961
Maybe
Security Update
16.0.19127.20338
https://support.microsoft.com/help/5002800
11961
5002800
5002800
https://support.microsoft.com/help/5002800
11961
41ae55e9310ff27fa6f26af4727e5590
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Word
Microsoft
Yes
CVE-2025-62205
Use After Free
11762
11763
11952
11953
12420
12421
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Important
11762
Important
11763
Important
11952
Important
11953
Important
12420
Important
12421
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
Click to Run
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates
11762
11763
11952
11953
12420
12421
Click to Run
Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows License Manager Information Disclosure Vulnerability
<p>Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the local memory address.</p>
Windows License Manager
Microsoft
Yes
CVE-2025-62208
Insertion of Sensitive Information into Log File
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5066586
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586
5065428
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7919
https://support.microsoft.com/help/5066586
11568
11569
11571
11572
5066586
5066782
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782
5065432
11923
11924
Yes
Security Update
10.0.20348.4294
https://support.microsoft.com/help/5066782
11923
11924
5066782
5066791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791
5065429
11929
11930
11931
Yes
Security Update
10.0.19044.6456
https://support.microsoft.com/help/5066791
11929
11930
11931
5066791
5066791
https://support.microsoft.com/help/5066791
11929
11930
11931
12097
12098
12099
5066793
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793
5065431
12085
12086
Yes
Security Update
10.0.22621.6060
https://support.microsoft.com/help/5066793
12085
12086
5066793
5066791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791
5065429
12097
12098
12099
Yes
Security Update
10.0.19045.6456
https://support.microsoft.com/help/5066791
12097
12098
12099
5066791
5066835
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835
5065426
12437
12389
12390
12436
Yes
Security Update
10.0.26100.6899
https://support.microsoft.com/help/5066835
12437
12389
12390
12436
5066835
5066835
https://support.microsoft.com/help/5066835
12437
20437
20438
12389
12390
12436
5066835
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835
20437
20438
Yes
Security Update
10.0.26200.6899
https://support.microsoft.com/help/5066835
20437
20438
5066835
5066793
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793
5065431
12242
12243
Yes
Security Update
10.0.22631.6060
https://support.microsoft.com/help/5066793
12242
12243
5066793
5066780
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780
5065425
12244
Yes
Security Update
10.0.25398.1913
https://support.microsoft.com/help/5066780
12244
5066780
5066837
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837
5065430
10729
10735
Yes
Security Update
10.0.10240.21161
https://support.microsoft.com/help/5066837
10729
10735
5066837
5066836
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836
5065427
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8519
https://support.microsoft.com/help/5066836
10852
10853
10816
10855
5066836
<a href="https://x.com/M4x_1997">Aobo Wang</a>
Pwnforr777
<a href="https://x.com/M4x_1997">Aobo Wang</a>
1.1
2025-11-18T00:00:00
<p>Updated the build numbers. This is an informational update only.</p>
1.0
2025-11-11T00:00:00
<p>Information published. This CVE was addressed by updates that were released in October 2025, but the CVE was inadvertently omitted from the October 2025 Security Updates. This is an informational change only. Customers who have already installed the October 2025 updates do not need to take any further action.</p>
Windows License Manager Information Disclosure Vulnerability
<p>Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the local memory address.</p>
Windows License Manager
Microsoft
Yes
CVE-2025-62209
Insertion of Sensitive Information into Log File
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5066586
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586
5065428
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7919
https://support.microsoft.com/help/5066586
11568
11569
11571
11572
5066586
5066782
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782
5065432
11923
11924
Yes
Security Update
10.0.20348.4294
https://support.microsoft.com/help/5066782
11923
11924
5066782
5066791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791
5065429
11929
11930
11931
Yes
Security Update
10.0.19044.6456
https://support.microsoft.com/help/5066791
11929
11930
11931
5066791
5066791
https://support.microsoft.com/help/5066791
11929
11930
11931
12097
12098
12099
5066793
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793
5065431
12085
12086
Yes
Security Update
10.0.22621.6060
https://support.microsoft.com/help/5066793
12085
12086
5066793
5066791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791
5065429
12097
12098
12099
Yes
Security Update
10.0.19045.6456
https://support.microsoft.com/help/5066791
12097
12098
12099
5066791
5066835
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835
5065426
12437
12389
12390
12436
Yes
Security Update
10.0.26100.6899
https://support.microsoft.com/help/5066835
12437
12389
12390
12436
5066835
5066835
https://support.microsoft.com/help/5066835
12437
20437
20438
12389
12390
12436
5066835
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835
20437
20438
Yes
Security Update
10.0.26200.6899
https://support.microsoft.com/help/5066835
20437
20438
5066835
5066793
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793
5065431
12242
12243
Yes
Security Update
10.0.22631.6060
https://support.microsoft.com/help/5066793
12242
12243
5066793
5066780
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780
5065425
12244
Yes
Security Update
10.0.25398.1913
https://support.microsoft.com/help/5066780
12244
5066780
5066837
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837
5065430
10729
10735
Yes
Security Update
10.0.10240.21161
https://support.microsoft.com/help/5066837
10729
10735
5066837
5066836
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836
5065427
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8519
https://support.microsoft.com/help/5066836
10852
10853
10816
10855
5066836
<a href="https://x.com/M4x_1997">Aobo Wang</a>
1.1
2025-11-18T00:00:00
<p>Updated the build numbers. This is an informational update only.</p>
1.0
2025-11-11T00:00:00
<p>Information published. This CVE was addressed by updates that were released in October 2025, but the CVE was inadvertently omitted from the October 2025 Security Updates. This is an informational change only. Customers who have already installed the October 2025 updates do not need to take any further action.</p>
Microsoft SQL Server Elevation of Privilege Vulnerability
<p>Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>An attacker could inject arbitrary T-SQL commands by crafting a malicious database name.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain the privileges of the process running the query. For example, if the process running the query containing a SQL injection is sysadmin, the attacker would gain sysadmin privileges.</p>
<p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p>
<p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p>
<p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p>
<ul>
<li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li>
<li>Second, in the following table, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li>
</ul>
<p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product to apply this and future security updates.</p>
<table>
<thead>
<tr>
<th>Update Number</th>
<th>Title</th>
<th>Version</th>
<th>Apply if current product version is…</th>
<th>This security update also includes servicing releases up through…</th>
</tr>
</thead>
<tbody>
<tr>
<td>5068406</td>
<td>Security update for SQL Server 2022 CU21+GDR</td>
<td>16.0.4222.2</td>
<td>16.0.4003.1 - 16.0.4215.2</td>
<td>KB 5065865 - SQL2022 RTM CU21</td>
</tr>
<tr>
<td>5068407</td>
<td>Security update for SQL Server 2022 RTM+GDR</td>
<td>16.0.1160.1</td>
<td>16.0.1000.6 - 16.0.1150.1</td>
<td>KB 5065221 - Previous SQL2022 RTM GDR</td>
</tr>
<tr>
<td>5068404</td>
<td>Security update for SQL Server 2019 CU32+GDR</td>
<td>15.0.4455.2</td>
<td>15.0.4003.23 - 15.0.4445.1</td>
<td>KB 5065222 - Previous SQL2019 RTM CU32 GDR</td>
</tr>
<tr>
<td>5068405</td>
<td>Security update for SQL Server 2019 RTM+GDR</td>
<td>15.0.2155.2</td>
<td>15.0.2000.5 - 15.0.2145.1</td>
<td>KB 5065223 - Previous SQL2019 RTM GDR</td>
</tr>
<tr>
<td>5068402</td>
<td>Security update for SQL Server 2017 CU31+GDR</td>
<td>14.0.3515.1</td>
<td>14.0.3006.16 - 14.0.3505.1</td>
<td>KB 5065225 - Previous SQL2017 RTM CU31 GDR</td>
</tr>
<tr>
<td>5068403</td>
<td>Security update for SQL Server 2017 RTM+GDR</td>
<td>14.0.2095.1</td>
<td>14.0.1000.169 - 14.0.2085.1</td>
<td>KB 5065224 - Previous SQL2017 RTM GDR</td>
</tr>
<tr>
<td>5068400</td>
<td>Security update for SQL 2016 Azure Connect Feature Pack+GDR</td>
<td>13.0.7070.1</td>
<td>13.0.7000.253 - 13.0.7065.1</td>
<td>KB 5065227 - Previous SQL2016 Azure Connect Feature Pack GDR</td>
</tr>
<tr>
<td>5068401</td>
<td>Security update for SQL Server 2016 SP3 RTM+GDR</td>
<td>13.0.6475.1</td>
<td>13.0.6300.2 - 13.0.6470.1</td>
<td>KB 5065226 - Previous SQL2016 RTM GDR</td>
</tr>
</tbody>
</table>
<p><strong>What are the GDR and CU update designations and how do they differ?</strong></p>
<p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p>
<ul>
<li>GDR updates – cumulatively only contain security updates for the given baseline.</li>
<li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li>
</ul>
<p>For any given baseline, either the GDR or CU updates could be options (see below).</p>
<ul>
<li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li>
<li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li>
<li>If SQL Server installation has intentionally installed previous CU updates, then choose to install the CU security update package.</li>
</ul>
<p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p>
<p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p>
<p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p>
SQL Server
Microsoft
Yes
CVE-2025-59499
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
11478
11821
12048
12053
12145
12147
16785
20469
Elevation of Privilege
11478
Elevation of Privilege
11821
Elevation of Privilege
12048
Elevation of Privilege
12053
Elevation of Privilege
12145
Elevation of Privilege
12147
Elevation of Privilege
16785
Elevation of Privilege
20469
Important
11478
Important
11821
Important
12048
Important
12053
Important
12145
Important
12147
Important
16785
Important
20469
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11478
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11821
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12048
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12053
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12145
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12147
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16785
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20469
5068403
https://www.microsoft.com/download/details.aspx?id=108449
11478
Maybe
Security Update
14.0.2095.1
https://support.microsoft.com/help/5068403
11478
5068403
5068405
https://www.microsoft.com/download/details.aspx?id=108452
11821
Maybe
Security Update
15.0.2155.2
https://support.microsoft.com/help/5068405
11821
5068405
5068401
https://www.microsoft.com/download/details.aspx?id=108447
12048
Maybe
Security Update
13.0.6475.1
https://support.microsoft.com/help/5068401
12048
5068401
5068400
https://www.microsoft.com/download/details.aspx?id=108448
12053
Maybe
Security Update
13.0.7070.1
https://support.microsoft.com/help/5068400
12053
5068400
5068402
https://www.microsoft.com/download/details.aspx?id=108446
12145
Maybe
Security Update
14.0.3515.1
https://support.microsoft.com/help/5068402
12145
5068402
5068407
https://www.microsoft.com/download/details.aspx?id=108453
12147
Maybe
Security Update
16.0.1160.1
https://support.microsoft.com/help/5068407
12147
5068407
5068404
https://www.microsoft.com/download/details.aspx?id=108451
16785
Maybe
Security Update
15.0.4455.2
https://support.microsoft.com/help/5068404
16785
5068404
5068406
https://www.microsoft.com/download/details.aspx?id=108450
20469
Maybe
Security Update
16.0.4222.2
https://support.microsoft.com/help/5068406
20469
5068406
<a href="https://www.linkedin.com/in/fabianoamorim/">Fabiano Amorim</a> with <a href="https://pythian.com/">Pythian</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Dynamics 365 Field Service (online) Spoofing Vulnerability
<p>Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>An authorized attacker must send the user a malicious link and convince the user to open it.</p>
<p><strong>What actions do customers need to take to protect themselves from this vulnerability?</strong></p>
<p>Customers running Dynamics 365 Field Service (online) need to go to the Power Platform admin center and apply the updates. See <a href="https://learn.microsoft.com/en-us/dynamics365/field-service/update-field-service">Update apps and solutions</a> for more information about updating your Field Service app.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p>
Dynamics 365 Field Service (online)
Microsoft
Yes
CVE-2025-62211
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
20588
Spoofing
20588
Important
20588
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
8.7
7.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C
20588
Release Notes
20588
Maybe
Security Update
8.8.139.398
https://learn.microsoft.com/en-us/dynamics365/field-service/version-history#88139398
20588
Release Notes
<a href="https://x.com/nmdhkr">Brad Schlintz (nmdhkr)</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Visual Studio Remote Code Execution Vulnerability
<p>Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does this mean for this vulnerability?</strong></p>
<p>Exploitation is not trivial for this vulnerability as it requires multiple steps: prompt injection, Copilot Agent interaction, and triggering a build.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
Visual Studio
Microsoft
Yes
CVE-2025-62214
Improper Neutralization of Special Elements used in a Command ('Command Injection')
16767
Remote Code Execution
16767
Critical
16767
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16767
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.14
16767
Maybe
Security Update
17.14.17
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
16767
Release Notes
<a href="https://www.linkedin.com/in/tarek-nakkouch/">Nakkouch Tarek</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Kernel Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Kernel
Microsoft
Yes
CVE-2025-62215
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Double Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11568
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11569
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11571
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11572
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11923
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11924
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11929
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11930
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11931
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12097
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12098
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12099
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12437
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
20437
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
20438
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12242
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12243
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12244
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12389
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12390
7.0
6.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12436
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
Microsoft Threat Intelligence Center (MSTIC) & Microsoft Security Response Center (MSRC)
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
<p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Ancillary Function Driver for WinSock
Microsoft
Yes
CVE-2025-62213
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5068791
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791
5066586
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8027
https://support.microsoft.com/help/5068791
11568
11569
11571
11572
5068791
5068787
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787
5066782
11923
11924
Yes
Security Update
10.0.20348.4405
https://support.microsoft.com/help/5068787
11923
11924
5068787
5068787
https://support.microsoft.com/help/5068787
11923
11924
5068840
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840
11923
11924
Yes
Security Hotpatch Update
10.0.20348.4346
https://support.microsoft.com/help/5068840
11923
11924
5068840
5068840
https://support.microsoft.com/help/5068840
11923
11924
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
11929
11930
11931
Yes
Security Update
10.0.19044.6575
https://support.microsoft.com/help/5068781
11929
11930
11931
5068781
5068781
https://support.microsoft.com/help/5068781
11929
11930
11931
12097
12098
12099
5068781
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781
5066791
12097
12098
12099
Yes
Security Update
10.0.19045.6575
https://support.microsoft.com/help/5068781
12097
12098
12099
5068781
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12437
12389
12390
12436
5068861
5068861
https://support.microsoft.com/help/5068861
12437
20437
20438
12389
12390
12436
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12437
12389
12390
12436
5068966
5068966
https://support.microsoft.com/help/5068966
12437
20437
20438
12389
12390
12436
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20437
20438
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20437
20438
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20437
20438
5068966
5068865
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865
5066793
12242
12243
Yes
Security Update
10.0.22631.6199
https://support.microsoft.com/help/5068865
12242
12243
5068865
5068779
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779
5066780
12244
Yes
Security Update
10.0.25398.1965
https://support.microsoft.com/help/5068779
12244
5068779
5068779
https://support.microsoft.com/help/5068779
12244
5068864
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864
5066836
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8594
https://support.microsoft.com/help/5068864
10852
10853
10816
10855
5068864
5068906
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068906
5066874
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23624
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068906
5068906
https://support.microsoft.com/help/5068906
9312
10287
9318
9344
5068909
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068909
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23624
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068909
5068909
https://support.microsoft.com/help/5068909
9312
10287
9318
9344
5068904
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068904
5066872
10051
10049
Yes
Monthly Rollup
6.1.7601.28021
https://support.microsoft.com/help/5068904
10051
10049
5068904
5068908
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068908
10051
10049
Yes
Security Only
6.1.7601.28021
https://support.microsoft.com/help/5068908
10051
10049
5068908
5068907
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068907
5066875
10378
10379
Yes
Monthly Rollup
6.2.9200.25768
https://support.microsoft.com/help/5068907
10378
10379
5068907
5068905
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068905
5066873
10483
10543
Yes
Monthly Rollup
6.3.9600.22869
https://support.microsoft.com/help/5068905
10483
10543
5068905
<a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Agentic AI and Visual Studio Code Remote Code Execution Vulnerability
<p>Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>A remote (AV:N) attacker could create a specially crafted GitHub issue within a user's repository. To exploit this, the user must enable a particular mode on the attacker’s crafted issue, which would execute the issue’s description and enable remote code execution by the attacker.</p>
Visual Studio Code CoPilot Chat Extension
Microsoft
Yes
CVE-2025-62222
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Improper Input Validation
16782
Remote Code Execution
16782
Important
16782
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16782
Release Notes
https://code.visualstudio.com/Download
16782
Maybe
Security Update
0.32.5
https://github.com/microsoft/vscode/
16782
Release Notes
Anonymous
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability
<p>Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could bypass Visual Studio Code sensitive file protections.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could view sensitive information (Confidentiality) and modify code in the repo, (Integrity), and they might be able to interfere with availability of the code (Availability).</p>
Visual Studio Code CoPilot Chat Extension
Microsoft
Yes
CVE-2025-62449
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
16782
Security Feature Bypass
16782
Important
16782
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.8
5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
16782
Release Notes
https://code.visualstudio.com/Download
16782
Maybe
Security Update
0.32.5
https://github.com/microsoft/vscode/
16782
Release Notes
<a href="https://twitter.com/philiptsukerman">Philip Tsukerman</a> with <a href="https://cyberark.com/">Cyberark</a>
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Windows Administrator Protection Elevation of Privilege Vulnerability
<p>Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>With successful exploitation of this vulnerability, an attacker could gain elevated privileges equivalent to a system managed administrator, allowing them to execute arbitrary code with high integrity and bypass administrator protections.</p>
Windows Administrator Protection
Microsoft
Yes
CVE-2025-60721
Privilege Context Switching Error
20438
20437
12389
12390
Elevation of Privilege
20438
Elevation of Privilege
20437
Elevation of Privilege
12389
Elevation of Privilege
12390
Important
20438
Important
20437
Important
12389
Important
12390
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C
20438
7.8
6.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C
20437
7.8
6.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C
12389
7.8
6.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C
12390
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
20438
20437
Yes
Security Update
10.0.26200.7171
https://support.microsoft.com/help/5068861
20438
20437
5068861
5068861
https://support.microsoft.com/help/5068861
20438
20437
12389
12390
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
20438
20437
Yes
Security Hotpatch Update
10.0.26200.7092
https://support.microsoft.com/help/5068966
20438
20437
5068966
5068966
https://support.microsoft.com/help/5068966
20438
20437
12389
12390
5068861
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861
5066835
12389
12390
Yes
Security Update
10.0.26100.7171
https://support.microsoft.com/help/5068861
12389
12390
5068861
5068966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966
12389
12390
Yes
Security Hotpatch Update
10.0.26100.7092
https://support.microsoft.com/help/5068966
12389
12390
5068966
James Forshaw with Google Project Zero
James Forshaw with Google Project Zero
1.0
2025-11-11T00:00:00
<p>Information published.</p>
GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
<p>Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could bypass Visual Studio Code sensitive file protections.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L), privileges are required (PR:L) and user interaction is required (UI:R). How could an attacker exploit this security feature bypass vulnerability?</strong></p>
<p>The attack itself is carried out locally by a user with authentication to the targeted repo. An authenticated attacker could place a malicious file in the targeted repo and then wait for the user to prompt Copilot to review the file.</p>
GitHub Copilot and Visual Studio Code
Microsoft
Yes
CVE-2025-62453
Improper Validation of Generative AI Output
Protection Mechanism Failure
11622
Security Feature Bypass
11622
Important
11622
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.0
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11622
Release Notes
https://code.visualstudio.com/download
11622
Maybe
Security Update
1.105.0
https://code.visualstudio.com/updates/v1_105
11622
Release Notes
Name: Lam Jun Rong
Company name: NUS Greyhats
URL: https://jro.sg
1.0
2025-11-11T00:00:00
<p>Information published.</p>
GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
<p>Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, privileges are required (PR:L) and user interaction is required (UI:R). How could an attacker exploit this remote code execution vulnerability?</strong></p>
<p>An authenticated attacker could place a malicious file in the targeted repo. The user would then have to trust the file on Visual Studio Code and ask for assistance from GitHub Copilot.</p>
GitHub Copilot and Visual Studio Code
Microsoft
Yes
CVE-2025-64660
Improper Access Control
11622
Remote Code Execution
11622
Important
11622
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11622
Release Notes
https://code.visualstudio.com/download
11622
Maybe
Security Update
1.106.2
https://code.visualstudio.com/updates/v1_106
11622
Release Notes
<a href="https://x.com/ari_maccarita">Ari Marzuk</a> with https://maccarita.com/
<a href="https://www.linkedin.com/in/tarek-nakkouch/">Tarek Nakkouch</a>
<a href="https://linkedin.com/in/ameen-basha-37a8b710a">AmeenBasha M K</a>
1.0
2025-11-20T00:00:00
<p>Information published.</p>
1.1
2025-11-25T00:00:00
<p>The following revisions have been made: 1) In the Security Updates table, corrected the impact entries to Remote Code Execution. 2) The CVSS scores have been updated. These are informational changes only. Customers who have successfully installed the update do not need to take any further action.</p>
Microsoft Defender Portal Spoofing Vulnerability
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Microsoft Defender Portal
Microsoft
No
CVE-2025-62459
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
20612
Spoofing
20612
Critical
20612
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
8.3
7.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
20612
<a href="https://x.com/serverinspector">serverinspector</a>
1.0
2025-11-20T00:00:00
<p>Information published.</p>
Nuance PowerScribe 360 Information Disclosure Vulnerability
<p>Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p>
<p>An unauthorized attacker must wait for a user to initiate a connection.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthenticated attacker could exploit this vulnerability by making an API call to a specific endpoint. The attacker could then use the data to gain access to sensitive information on the server.</p>
<p><strong>Why is a login required to view the Release Notes for the products listed in the Security Updates table?</strong></p>
<p>Only Nuance customers have access to the release notes via their customer account.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), but could lead to no loss of availability (A:N). What does that mean for this vulnerability?</strong></p>
<p>Exploiting this vulnerability could allow an attacker to view highly sensitive user information and modify data, but they cannot affect the availability of the service.</p>
<p><strong>How do I get the update for my version of PowerScribe?</strong></p>
<p>Customers using any of the affected versions of PowerScribe listed in the Security Updates table can contact your Customer Success Manager (CSM) or Technical Support at (800) 833-7776 to request an update.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is PowerScribe configuration settings.</p>
Nuance PowerScribe
Microsoft
Yes
CVE-2025-30398
Missing Authorization
20638
20641
20642
20639
20640
20645
20644
20643
20634
20635
20636
20637
20647
20646
20648
20650
20649
20651
20652
20653
Information Disclosure
20638
Information Disclosure
20641
Information Disclosure
20642
Information Disclosure
20639
Information Disclosure
20640
Information Disclosure
20645
Information Disclosure
20644
Information Disclosure
20643
Information Disclosure
20634
Information Disclosure
20635
Information Disclosure
20636
Information Disclosure
20637
Information Disclosure
20647
Information Disclosure
20646
Information Disclosure
20648
Information Disclosure
20650
Information Disclosure
20649
Information Disclosure
20651
Information Disclosure
20652
Information Disclosure
20653
Critical
20638
Critical
20641
Critical
20642
Critical
20639
Critical
20640
Critical
20645
Critical
20644
Critical
20643
Critical
20634
Critical
20635
Critical
20636
Critical
20637
Critical
20647
Critical
20646
Critical
20648
Critical
20650
Critical
20649
Critical
20651
Critical
20652
Critical
20653
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20638
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20641
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20642
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20639
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20640
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20645
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20644
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20643
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20634
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20635
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20636
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20637
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20647
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20646
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20648
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20650
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20649
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20651
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20652
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
20653
Release Notes
20638
Maybe
Security Update
7.0.243.17
https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-360-Reporting-Release-Notes-for-Version-4-x
20638
Release Notes
Release Notes
20641
Maybe
Security Update
7.0.427.13
https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-360-Reporting-Release-Notes-for-Version-4-x
20641
Release Notes
Release Notes
20642
Maybe
Security Update
7.0.528.18
https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-360-Reporting-Release-Notes-for-Version-4-x
20642
Release Notes
Release Notes
20639
Maybe
Security Update
7.0.277.26
https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-360-Reporting-Release-Notes-for-Version-4-x
20639
Release Notes
Release Notes
20640
No
Security Update
7.0.316.9
https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-360-Reporting-Release-Notes-for-Version-4-x
20640
Release Notes
Release Notes
20645
Maybe
Security Update
2019.3.16.20
https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes
20645
Release Notes
Release Notes
20644
Maybe
Security Update
2019.2.9.8
https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes
20644
Release Notes
Release Notes
20643
Maybe
Security Update
2019.1.96.5
https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes
20643
Release Notes
Release Notes
20634
Maybe
Security Update
7.0.111.66
https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-360-Reporting-Release-Notes-for-Version-4-x
20634
Release Notes
Release Notes
20635
Maybe
Security Update
7.0.154.16
https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-360-Reporting-Release-Notes-for-Version-4-x
20635
Release Notes
Release Notes
20636
Maybe
Security Update
7.0.197.8
https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-360-Reporting-Release-Notes-for-Version-4-x
20636
Release Notes
Release Notes
20637
Maybe
Security Update
7.0.212.9
https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-360-Reporting-Release-Notes-for-Version-4-x
20637
Release Notes
Release Notes
20647
Maybe
Security Update
2019.5.14.39
https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes
20647
Release Notes
Release Notes
20646
Maybe
Security Update
2019.4.9.16
https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes
20646
Release Notes
Release Notes
20648
Maybe
Security Update
2019.6.36.39
https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes
20648
Release Notes
Release Notes
20650
Maybe
Security Update
2019.8.43.15
https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes
20650
Release Notes
Release Notes
20649
Maybe
Security Update
2019.7.107.21
https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes
20649
Release Notes
Release Notes
20651
Maybe
Security Update
2019.9.31.19
https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes
20651
Release Notes
Release Notes
20652
Maybe
Security Update
2019.10.36.4
https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes
20652
Release Notes
Release Notes
20653
Maybe
Security Update
2023.2.3027.0
https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-Release-Notes
20653
Release Notes
Brandon Kraycirik
1.0
2025-11-11T00:00:00
<p>Information published.</p>
Azure Application Gateway Elevation of Privilege Vulnerability
<p>Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Application Gateway
Microsoft
No
CVE-2025-64657
Out-of-bounds Write
11852
Elevation of Privilege
11852
Critical
11852
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11852
Stav Nir with Microsoft
1.0
2025-11-20T00:00:00
<p>Information published.</p>
Host Process for Windows Tasks Elevation of Privilege Vulnerability
<p>Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Host Process for Windows Tasks
Microsoft
Yes
CVE-2025-60710
Improper Link Resolution Before File Access ('Link Following')
12437
20437
20438
12389
12390
12436
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
12437
Important
20437
Important
20438
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5072033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033
5068861
12437
12389
12390
12436
Yes
Security Update
10.0.26100.7462
https://support.microsoft.com/help/5072033
12437
12389
12390
12436
5072033
5072033
https://support.microsoft.com/help/5072033
12437
20437
20438
12389
12390
12436
5072014
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014
5068966
12437
12389
12390
12436
Yes
Security Hotpatch Update
10.0.26100.7392
https://support.microsoft.com/help/5072014
12437
12389
12390
12436
5072014
5072014
https://support.microsoft.com/help/5072014
12437
20437
20438
12389
12390
12436
5072033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033
5068861
20437
20438
Yes
Security Update
10.0.26200.7462
https://support.microsoft.com/help/5072033
20437
20438
5072033
5072014
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014
5068966
20437
20438
Yes
Security Hotpatch Update
10.0.26200.7392
https://support.microsoft.com/help/5072014
20437
20438
5072014
<p>The following workaround might be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible:</p>
<p>Customers running Windows Server 2025 who have Desktop Experience installed are affected by this vulnerability. To protect yourself you can disable the following task in Task Scheduler:</p>
<p>\Microsoft\Windows\WindowsAI\Recall\PolicyConfiguration</p>
<p>You should reenable the task once you have installed the fix.</p>
<p><strong>Important</strong>: Do NOT undo the workaround until after you have installed the update.</p>
@2st___ of Diffract
Thanatos Tian of Diffract
R4nger with Kunlun Lab
Zhiniang Peng with HUST
<a href="https://twitter.com/filip_dragovic">Filip Dragović</a>
<a href="https://x.com/m4x_1997">Aobo Wang</a>
<a href="https://twitter.com/filip_dragovic">Filip Dragović</a>
Joel Land of CISA Vulnerability Response and Coordination
1.0
2025-11-11T08:00:00
<p>Information published.</p>
2.0
2025-12-09T08:00:00
<p>The following updates have been made:</p>
<ol>
<li>To comprehensively address CVE-2025-60710, Microsoft has released December 2025 security updates for all supported editions of Windows 11 Version 24H2, Windows 11 Version 25H2, and Windows Server 2025. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</li>
<li>Added a Workaround for customers running Windows Server 2025, in the event they cannot immediately install the update.</li>
</ol>
2.1
2025-12-11T08:00:00
<p>Added an acknowledgement. This is an informational change only.</p>
2.2
2026-01-02T08:00:00
<p>Added an acknowledgement. This is an informational change only.</p>