October 2025 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2025-Oct 2025-Oct Final 1.0 544 2026-05-17T14:42:20 October 2025 Security Updates 2025-10-14T07:00:00 2026-05-17T14:42:20 <h2 id="this-release-consists-of-the-following-180-microsoft-cves">This release consists of the following 180 Microsoft CVEs:</h2> <table> <thead> <tr> <th>Tag</th> <th>CVE</th> <th>Base Score</th> <th>CVSS Vector</th> <th>Exploitability</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Agere Windows Modem Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24052">CVE-2025-24052</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Agere Windows Modem Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24990">CVE-2025-24990</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft PowerShell</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-25004">CVE-2025-25004</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Failover Cluster</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47979">CVE-2025-47979</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Connected Machine Agent</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47989">CVE-2025-47989</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Brokering File System</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48004">CVE-2025-48004</a></td> <td>7.4</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Virtual Secure Mode</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48813">CVE-2025-48813</a></td> <td>6.3</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49708">CVE-2025-49708</a></td> <td>9.9</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50152">CVE-2025-50152</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Device Association Broker service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50174">CVE-2025-50174</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50175">CVE-2025-50175</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hello</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53139">CVE-2025-53139</a></td> <td>7.7</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53150">CVE-2025-53150</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Virtualization-Based Security (VBS) Enclave</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53717">CVE-2025-53717</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Xbox</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53768">CVE-2025-53768</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53782">CVE-2025-53782</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55240">CVE-2025-55240</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55247">CVE-2025-55247</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET, .NET Framework, Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55248">CVE-2025-55248</a></td> <td>4.8</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>ASP.NET Core</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55315">CVE-2025-55315</a></td> <td>9.9</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Configuration Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55320">CVE-2025-55320</a></td> <td>6.8</td> <td>CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Monitor</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55321">CVE-2025-55321</a></td> <td>9.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Storage Management Provider</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55325">CVE-2025-55325</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Connected Devices Platform Service (Cdpsvc)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55326">CVE-2025-55326</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55328">CVE-2025-55328</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows BitLocker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55330">CVE-2025-55330</a></td> <td>6.1</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows PrintWorkflowUserSvc</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55331">CVE-2025-55331</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows BitLocker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55332">CVE-2025-55332</a></td> <td>6.1</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows BitLocker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55333">CVE-2025-55333</a></td> <td>6.1</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55334">CVE-2025-55334</a></td> <td>6.2</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NTFS</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55335">CVE-2025-55335</a></td> <td>7.4</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cloud Files Mini Filter Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55336">CVE-2025-55336</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows BitLocker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55337">CVE-2025-55337</a></td> <td>6.1</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows BitLocker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55338">CVE-2025-55338</a></td> <td>6.1</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NDIS</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55339">CVE-2025-55339</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Desktop Protocol</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55340">CVE-2025-55340</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows USB Video Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55676">CVE-2025-55676</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Device Association Broker service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55677">CVE-2025-55677</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DirectX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55678">CVE-2025-55678</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55679">CVE-2025-55679</a></td> <td>5.1</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cloud Files Mini Filter Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55680">CVE-2025-55680</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55681">CVE-2025-55681</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows BitLocker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55682">CVE-2025-55682</a></td> <td>6.1</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55683">CVE-2025-55683</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows PrintWorkflowUserSvc</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55684">CVE-2025-55684</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows PrintWorkflowUserSvc</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55685">CVE-2025-55685</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows PrintWorkflowUserSvc</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55686">CVE-2025-55686</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Resilient File System (ReFS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55687">CVE-2025-55687</a></td> <td>7.4</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows PrintWorkflowUserSvc</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55688">CVE-2025-55688</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows PrintWorkflowUserSvc</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55689">CVE-2025-55689</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows PrintWorkflowUserSvc</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55690">CVE-2025-55690</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows PrintWorkflowUserSvc</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55691">CVE-2025-55691</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Error Reporting</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55692">CVE-2025-55692</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55693">CVE-2025-55693</a></td> <td>7.4</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Error Reporting</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55694">CVE-2025-55694</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows WLAN Auto Config Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55695">CVE-2025-55695</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>NtQueryInformation Token function (ntifs.h)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55696">CVE-2025-55696</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Local</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55697">CVE-2025-55697</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DirectX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55698">CVE-2025-55698</a></td> <td>7.7</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55699">CVE-2025-55699</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55700">CVE-2025-55700</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55701">CVE-2025-55701</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58714">CVE-2025-58714</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows Speech</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58715">CVE-2025-58715</a></td> <td>8.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows Speech</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58716">CVE-2025-58716</a></td> <td>8.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58717">CVE-2025-58717</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Desktop Client</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58718">CVE-2025-58718</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Connected Devices Platform Service (Cdpsvc)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58719">CVE-2025-58719</a></td> <td>4.7</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cryptographic Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58720">CVE-2025-58720</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58722">CVE-2025-58722</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Connected Machine Agent</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58724">CVE-2025-58724</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows COM</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58725">CVE-2025-58725</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows SMB Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58726">CVE-2025-58726</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Connected Devices Platform Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58727">CVE-2025-58727</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Bluetooth Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58728">CVE-2025-58728</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Local Session Manager (LSM)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58729">CVE-2025-58729</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Inbox COM Objects</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58730">CVE-2025-58730</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Inbox COM Objects</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58731">CVE-2025-58731</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Inbox COM Objects</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58732">CVE-2025-58732</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Inbox COM Objects</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58733">CVE-2025-58733</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Inbox COM Objects</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58734">CVE-2025-58734</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Inbox COM Objects</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58735">CVE-2025-58735</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Inbox COM Objects</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58736">CVE-2025-58736</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Desktop</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58737">CVE-2025-58737</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Inbox COM Objects</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58738">CVE-2025-58738</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows File Explorer</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-58739">CVE-2025-58739</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows High Availability Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59184">CVE-2025-59184</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Core Shell</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59185">CVE-2025-59185</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59186">CVE-2025-59186</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59187">CVE-2025-59187</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Failover Cluster</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59188">CVE-2025-59188</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Brokering File System</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59189">CVE-2025-59189</a></td> <td>7.4</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows Search Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59190">CVE-2025-59190</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Connected Devices Platform Service (Cdpsvc)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59191">CVE-2025-59191</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Storport.sys Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59192">CVE-2025-59192</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Management Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59193">CVE-2025-59193</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59194">CVE-2025-59194</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59195">CVE-2025-59195</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows SSDP Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59196">CVE-2025-59196</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows ETL Channel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59197">CVE-2025-59197</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows Search Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59198">CVE-2025-59198</a></td> <td>5.0</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Software Protection Platform (SPP)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59199">CVE-2025-59199</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Data Sharing Service Client</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59200">CVE-2025-59200</a></td> <td>7.7</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Network Connection Status Indicator (NCSI)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59201">CVE-2025-59201</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Desktop Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59202">CVE-2025-59202</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows StateRepository API</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59203">CVE-2025-59203</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Management Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59204">CVE-2025-59204</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59205">CVE-2025-59205</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Resilient File System (ReFS) Deduplication Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59206">CVE-2025-59206</a></td> <td>7.4</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59207">CVE-2025-59207</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows MapUrlToZone</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59208">CVE-2025-59208</a></td> <td>7.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Push Notification Core</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59209">CVE-2025-59209</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Resilient File System (ReFS) Deduplication Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59210">CVE-2025-59210</a></td> <td>7.4</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Push Notification Core</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59211">CVE-2025-59211</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Configuration Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59213">CVE-2025-59213</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows File Explorer</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59214">CVE-2025-59214</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Entra ID</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59218">CVE-2025-59218</a></td> <td>9.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59221">CVE-2025-59221</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59222">CVE-2025-59222</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59223">CVE-2025-59223</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59224">CVE-2025-59224</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59225">CVE-2025-59225</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Visio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59226">CVE-2025-59226</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59227">CVE-2025-59227</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59228">CVE-2025-59228</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59229">CVE-2025-59229</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Access Connection Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59230">CVE-2025-59230</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59231">CVE-2025-59231</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59232">CVE-2025-59232</a></td> <td>7.1</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59233">CVE-2025-59233</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59234">CVE-2025-59234</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59235">CVE-2025-59235</a></td> <td>7.1</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59236">CVE-2025-59236</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59237">CVE-2025-59237</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office PowerPoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59238">CVE-2025-59238</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Health and Optimized Experiences Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59241">CVE-2025-59241</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59242">CVE-2025-59242</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59243">CVE-2025-59243</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Core Shell</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59244">CVE-2025-59244</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Entra ID</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59246">CVE-2025-59246</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure PlayFab</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59247">CVE-2025-59247</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59248">CVE-2025-59248</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59249">CVE-2025-59249</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>JDBC Driver for SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59250">CVE-2025-59250</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Copilot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59252">CVE-2025-59252</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows Search Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59253">CVE-2025-59253</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59254">CVE-2025-59254</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59255">CVE-2025-59255</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Local Session Manager (LSM)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59257">CVE-2025-59257</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Active Directory Federation Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59258">CVE-2025-59258</a></td> <td>6.2</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Local Session Manager (LSM)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59259">CVE-2025-59259</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Failover Cluster Virtual Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59260">CVE-2025-59260</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59261">CVE-2025-59261</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Redis Enterprise</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59271">CVE-2025-59271</a></td> <td>8.7</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Copilot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59272">CVE-2025-59272</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Event Grid</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59273">CVE-2025-59273</a></td> <td>7.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Authentication Methods</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59275">CVE-2025-59275</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Authentication Methods</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59277">CVE-2025-59277</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Authentication Methods</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59278">CVE-2025-59278</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows SMB Client</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59280">CVE-2025-59280</a></td> <td>3.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>XBox Gaming Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59281">CVE-2025-59281</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Inbox COM Objects</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59282">CVE-2025-59282</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows NTLM</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59284">CVE-2025-59284</a></td> <td>3.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Monitor Agent</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59285">CVE-2025-59285</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Copilot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59286">CVE-2025-59286</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Server Update Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59287">CVE-2025-59287</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td><strong>Yes</strong></td> <td><strong>Yes</strong></td> </tr> <tr> <td>GitHub</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59288">CVE-2025-59288</a></td> <td>5.3</td> <td>CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Bluetooth Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59289">CVE-2025-59289</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Bluetooth Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59290">CVE-2025-59290</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Confidential Azure Container Instances</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59291">CVE-2025-59291</a></td> <td>8.2</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Confidential Azure Container Instances</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59292">CVE-2025-59292</a></td> <td>8.2</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Taskbar Live</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59294">CVE-2025-59294</a></td> <td>2.1</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Internet Explorer</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59295">CVE-2025-59295</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Monitor Agent</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59494">CVE-2025-59494</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Defender for Linux</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59497">CVE-2025-59497</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Notification Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59500">CVE-2025-59500</a></td> <td>7.7</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Configuration Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59501">CVE-2025-59501</a></td> <td>4.8</td> <td>CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Procedure Call</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59502">CVE-2025-59502</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Compute Gallery</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59503">CVE-2025-59503</a></td> <td>10.0</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60711">CVE-2025-60711</a></td> <td>6.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="we-are-republishing-41-non-microsoft-cves">We are republishing 41 non-Microsoft CVEs:</h2> <table> <thead> <tr> <th>CNA</th> <th>Tag</th> <th>CVE</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>MITRE</td> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2016-9535">CVE-2016-9535</a></td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>AMD</td> <td>AMD Restricted Memory Page</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-0033">CVE-2025-0033</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-11205">CVE-2025-11205</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-11206">CVE-2025-11206</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-11207">CVE-2025-11207</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-11208">CVE-2025-11208</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-11209">CVE-2025-11209</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-11210">CVE-2025-11210</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-11211">CVE-2025-11211</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-11212">CVE-2025-11212</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-11213">CVE-2025-11213</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-11215">CVE-2025-11215</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-11216">CVE-2025-11216</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-11219">CVE-2025-11219</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-11458">CVE-2025-11458</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-11460">CVE-2025-11460</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-11756">CVE-2025-11756</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12036">CVE-2025-12036</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12428">CVE-2025-12428</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12429">CVE-2025-12429</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12430">CVE-2025-12430</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12431">CVE-2025-12431</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12432">CVE-2025-12432</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12433">CVE-2025-12433</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12434">CVE-2025-12434</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12435">CVE-2025-12435</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12436">CVE-2025-12436</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12437">CVE-2025-12437</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12438">CVE-2025-12438</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12439">CVE-2025-12439</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12440">CVE-2025-12440</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12441">CVE-2025-12441</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12443">CVE-2025-12443</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12444">CVE-2025-12444</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12445">CVE-2025-12445</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12446">CVE-2025-12446</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12447">CVE-2025-12447</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>CERT/CC</td> <td>TCG TPM2.0</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-2884">CVE-2025-2884</a></td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>MITRE</td> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47827">CVE-2025-47827</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>GitHub</td> <td>Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54132">CVE-2025-54132</a></td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>MITRE</td> <td>Microsoft Windows Codecs Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54957">CVE-2025-54957</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>MITRE</td> <td>Games</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59489">CVE-2025-59489</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>October 31, 2025</td> <td><a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/introducing-new-features-improved-security-experience">You asked, we delivered: Introducing new features for an improved security experience</a></td> </tr> <tr> <td>October 28, 2025</td> <td><a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/understanding-cve-2025-55315">Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know</a></td> </tr> <tr> <td>October 22, 2025</td> <td><a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">Toward greater transparency: Introducing machine-readable Vulnerability Exploitability Xchange (VEX) for Azure Linux and beyond</a></td> </tr> <tr> <td>November 12, 2024</td> <td><a href="https://aka.ms/MSRC-CSAF-Blog">Toward greater transparency: Publishing machine-readable CSAF files</a></td> </tr> <tr> <td>June 27, 2024</td> <td><a href="https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves/">Toward greater transparency: Unveiling Cloud Service CVEs</a></td> </tr> <tr> <td>April 9, 2024</td> <td><a href="https://aka.ms/MSRC-CWE-Blog">Toward greater transparency: Security Update Guide now shares CWEs for CVEs</a></td> </tr> <tr> <td>January 6, 2023</td> <td><a href="https://msrc.microsoft.com/blog/2023/01/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/">Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API</a></td> </tr> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-resources">Relevant Resources</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5066835">5066835</a></td> <td>Windows 11, version 24H2, Windows 11, version 25H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5066874">5066874</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5066877">5066877</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Arc Enabled Servers - Azure Connected Machine Agent Azure Confidential Compute VM SKU ECasv5/ECadsv5 Azure Confidential Compute VM SKU DCasv5/DCadsv5 Azure Confidential Compute VM SKU DCasv6/DCadsv6 Azure Confidential Compute VM SKU ECasv6/ECadsv6 Azure Confidential Compute GPU SKU NCC40ads_H100_v5 Azure Compute Gallery Azure Monitor Agent Microsoft Entra ID Azure PlayFab Azure Cache for Redis Enterprise Azure Managed Redis Azure Monitor Azure Event Grid System Azure Compute Resource Provider Azure Notification Service Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 25H2 for ARM64-based Systems Windows Server 2025 (Server Core installation) Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Windows Server 2025 Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 21H2 for x64-based Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 1607 for 32-bit Systems Windows App Client for Windows Desktop Remote Desktop client for Windows Desktop Windows 11 version 26H1 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Microsoft Exchange Server 2019 Cumulative Update 15 Microsoft Exchange Server 2019 Cumulative Update 14 Microsoft Exchange Server 2016 Cumulative Update 23 Windows 10 Version 22H2 for x64-based Systems Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Exchange Server Subscription Edition RTM .NET 8.0 installed on Linux .NET 9.0 installed on Linux ASP.NET Core 8.0 ASP.NET Core 9.0 ASP.NET Core 2.3 Microsoft Visual Studio 2022 version 17.12 Microsoft Visual Studio 2022 version 17.10 Microsoft Visual Studio 2022 version 17.14 PowerShell 7.4 PowerShell 7.5 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) .NET 8.0 installed on Mac OS .NET 9.0 installed on Mac OS .NET 9.0 installed on Windows .NET 8.0 installed on Windows Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2016 Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for x64-based Systems Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.5 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.5 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.5 on Windows Server 2012 Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 25H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 25H2 for x64-based Systems Microsoft Configuration Manager 2503 Microsoft Configuration Manager 2403 Microsoft Configuration Manager 2409 Microsoft Defender for Endpoint for Linux Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition Office Online Server Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2024 for 64-bit editions Microsoft Office LTSC for Mac 2024 Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office for Android Microsoft Access 2016 (32-bit edition) Microsoft Access 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft PowerPoint 2016 (32-bit edition) Microsoft PowerPoint 2016 (64-bit edition) Microsoft JDBC Driver 12.4 for SQL Server Microsoft JDBC Driver 12.2 for SQL Server Microsoft JDBC Driver 12.8 for SQL Server Microsoft JDBC Driver 10.2 for SQL Server Microsoft JDBC Driver 11.2 for SQL Server Microsoft JDBC Driver 12.6 for SQL Server Microsoft JDBC Driver 13.2 for SQL Server Microsoft JDBC Driver 12.10 for SQL Server Xbox Gaming Services Avowed Artbook DOOM: Dark Ages Companion App Fallout Shelter Ghostwide Tokyo Prelude Knights and Bikes Pillars of Eternity II: Deadfire Pillars of Eternity II: Deadfire - Ultimate Edition Pillars of Eternity: Definitive Edition Pillars of Eternity: Hero Edition Starfield Companion App The Bard's Tale Trilogy The Elder Scrolls IV: Oblivion Remastered Companion App The Elder Scrolls: Blades The Elder Scrolls: Castles Warcraft Rumble Wasteland 3 Wasteland Remastered DOOM (2019) DOOM II (2019) Forza Customs Gears POP! Halo Recruit Mighty Doom The Elder Scrolls: Legends Zoo Tycoon Friends Microsoft Mesh for Meta Quest Grounded 2 Artbook Hearthstone Pillars of Eternity Microsoft Mesh PC Applications Microsoft 365 Word Copilot Microsoft 365 Copilot's Business Chat Microsoft Edge (Chromium-based) microsoft/playwright azl3 kernel 6.6.96.2-2 on Azure Linux 3.0 azl3 kernel 6.6.104.2-4 on Azure Linux 3.0 azl3 qtsvg 6.6.1-2 on Azure Linux 3.0 azl3 openssh 9.8p1-5 on Azure Linux 3.0 cbl2 openssh 8.9p1-8 on CBL Mariner 2.0 cbl2 openssh 8.9p1-9 on CBL Mariner 2.0 cbl2 redis 6.2.18-3 on CBL Mariner 2.0 cbl2 redis 6.2.20-1 on CBL Mariner 2.0 cbl2 binutils 2.37-17 on CBL Mariner 2.0 azl3 binutils 2.41-9 on Azure Linux 3.0 azl3 binutils 2.41-10 on Azure Linux 3.0 cbl2 binutils 2.37-16 on CBL Mariner 2.0 cbl2 gdb 11.2-6 on CBL Mariner 2.0 cbl2 gdb 11.2-7 on CBL Mariner 2.0 cbl2 binutils 2.37-19 on CBL Mariner 2.0 cbl2 gdb 11.2-10 on CBL Mariner 2.0 azl3 rubygem-elasticsearch 8.9.0-1 on Azure Linux 3.0 cbl2 rubygem-elasticsearch 8.3.0-1 on CBL Mariner 2.0 azl3 mysql 8.0.43-1 on Azure Linux 3.0 azl3 qemu 8.2.0-19 on Azure Linux 3.0 azl3 qemu 8.2.0-21 on Azure Linux 3.0 azl3 qemu 8.2.0-23 on Azure Linux 3.0 cbl2 qemu 6.2.0-25 on CBL Mariner 2.0 azl3 python3 3.12.9-5 on Azure Linux 3.0 cbl2 python3 3.9.19-16 on CBL Mariner 2.0 azl3 python3 3.12.9-4 on Azure Linux 3.0 cbl2 python3 3.9.19-15 on CBL Mariner 2.0 azl3 ceph 18.2.2-11 on Azure Linux 3.0 cbl2 crash 8.0.1-4 on CBL Mariner 2.0 azl3 kernel 6.6.104.2-1 on Azure Linux 3.0 azl3 squid 6.13-1 on Azure Linux 3.0 azl3 squid 6.13-3 on Azure Linux 3.0 cbl2 javapackages-bootstrap 1.5.0-7 on CBL Mariner 2.0 azl3 javapackages-bootstrap 1.14.0-3 on Azure Linux 3.0 azl3 coredns 1.11.4-10 on Azure Linux 3.0 cbl2 coredns 1.11.1-22 on CBL Mariner 2.0 cbl2 golang 1.18.8-10 on CBL Mariner 2.0 cbl2 golang 1.22.7-5 on CBL Mariner 2.0 azl3 golang 1.23.12-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 cbl2 msft-golang 1.24.8-1 on CBL Mariner 2.0 cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0 azl3 golang 1.25.3-1 on Azure Linux 3.0 cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 cbl2 msft-golang 1.24.9-1 on CBL Mariner 2.0 cbl2 qt5-qtsvg 5.12.11-6 on CBL Mariner 2.0 azl3 openssh 9.8p1-4 on Azure Linux 3.0 azl3 valkey 8.0.4-1 on Azure Linux 3.0 cbl2 ceph 16.2.10-9 on CBL Mariner 2.0 azl3 ceph 18.2.2-10 on Azure Linux 3.0 azl3 binutils 2.41-7 on Azure Linux 3.0 cbl2 mysql 8.0.43-1 on CBL Mariner 2.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 python3 3.9.19-14 on CBL Mariner 2.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 azl3 crash 8.0.4-4 on Azure Linux 3.0 cbl2 gcc 11.2.0-8 on CBL Mariner 2.0 azl3 gcc 13.2.0-7 on Azure Linux 3.0 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft PowerPoint 2016 (32-bit edition) Microsoft PowerPoint 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Access 2016 (32-bit edition) Microsoft Access 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Windows Server 2016 Office Online Server Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft SharePoint Server 2019 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2016 Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) Microsoft Edge (Chromium-based) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Remote Desktop client for Windows Desktop Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Azure Monitor Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft SharePoint Server Subscription Edition Microsoft Defender for Endpoint for Linux Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 25H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Office for Android Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) ASP.NET Core 8.0 PowerShell 7.4 Microsoft Exchange Server 2019 Cumulative Update 14 Azure Compute Gallery Xbox Gaming Services Microsoft Visual Studio 2022 version 17.10 Azure Monitor Agent Microsoft Entra ID Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Microsoft Configuration Manager 2403 .NET 8.0 installed on Windows .NET 8.0 installed on Linux .NET 8.0 installed on Mac OS Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2024 for 64-bit editions .NET 9.0 installed on Linux .NET 9.0 installed on Mac OS .NET 9.0 installed on Windows Windows Server 2025 Windows Server 2025 (Server Core installation) Microsoft Office LTSC for Mac 2024 Windows App Client for Windows Desktop Microsoft Visual Studio 2022 version 17.12 Microsoft Exchange Server 2019 Cumulative Update 15 ASP.NET Core 9.0 Microsoft Visual Studio 2022 version 17.14 PowerShell 7.5 Microsoft Configuration Manager 2503 Microsoft 365 Copilot's Business Chat Microsoft Exchange Server Subscription Edition RTM cbl2 kernel 5.15.186.1-1 on CBL Mariner 2.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 azl3 libxslt 1.1.43-1 on Azure Linux 3.0 azl3 unbound 1.19.1-4 on Azure Linux 3.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 azl3 libcontainers-common 20240213-3 on Azure Linux 3.0 azl3 gcc 13.2.0-7 on Azure Linux 3.0 cbl2 gcc 11.2.0-8 on CBL Mariner 2.0 azl3 crash 8.0.4-4 on Azure Linux 3.0 cbl2 qt5-qtsvg 5.12.11-6 on CBL Mariner 2.0 azl3 openssh 9.8p1-4 on Azure Linux 3.0 azl3 ceph 18.2.2-10 on Azure Linux 3.0 cbl2 python3 3.9.19-14 on CBL Mariner 2.0 cbl2 ceph 16.2.10-9 on CBL Mariner 2.0 cbl2 mysql 8.0.43-1 on CBL Mariner 2.0 azl3 frr 9.1.1-3 on Azure Linux 3.0 azl3 valkey 8.0.4-1 on Azure Linux 3.0 azl3 gh 2.62.0-9 on Azure Linux 3.0 azl3 xorg-x11-server-Xwayland 24.1.6-2 on Azure Linux 3.0 azl3 binutils 2.41-7 on Azure Linux 3.0 cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0 azl3 moby-engine 25.0.3-13 on Azure Linux 3.0 cbl2 unbound 1.19.1-3 on CBL Mariner 2.0 cbl2 libcontainers-common 20210626-7 on CBL Mariner 2.0 azl3 javapackages-bootstrap 1.14.0-3 on Azure Linux 3.0 cbl2 frr 8.5.5-3 on CBL Mariner 2.0 azl3 python3 3.12.9-4 on Azure Linux 3.0 cbl2 keras 2.11.0-3 on CBL Mariner 2.0 azl3 golang 1.23.12-1 on Azure Linux 3.0 cbl2 crash 8.0.1-4 on CBL Mariner 2.0 azl3 squid 6.13-1 on Azure Linux 3.0 cbl2 rubygem-elasticsearch 8.3.0-1 on CBL Mariner 2.0 azl3 rubygem-elasticsearch 8.9.0-1 on Azure Linux 3.0 cbl2 javapackages-bootstrap 1.5.0-7 on CBL Mariner 2.0 cbl2 libxslt 1.1.34-8 on CBL Mariner 2.0 cbl2 openssh 8.9p1-8 on CBL Mariner 2.0 cbl2 gdb 11.2-6 on CBL Mariner 2.0 azl3 bind 9.20.11-1 on Azure Linux 3.0 cbl2 redis 6.2.18-3 on CBL Mariner 2.0 cbl2 binutils 2.37-16 on CBL Mariner 2.0 cbl2 golang 1.22.7-5 on CBL Mariner 2.0 azl3 kernel 6.6.96.2-2 on Azure Linux 3.0 azl3 qemu 8.2.0-19 on Azure Linux 3.0 azl3 kata-containers-cc 3.15.0.aks0-5 on Azure Linux 3.0 Windows 11 Version 25H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems azl3 mysql 8.0.43-1 on Azure Linux 3.0 Azure PlayFab Azure Cache for Redis Enterprise Azure Managed Redis Microsoft 365 Word Copilot Microsoft JDBC Driver 13.2 for SQL Server Microsoft JDBC Driver 12.10 for SQL Server Microsoft JDBC Driver 12.8 for SQL Server Microsoft JDBC Driver 12.6 for SQL Server Microsoft JDBC Driver 12.4 for SQL Server Microsoft JDBC Driver 12.2 for SQL Server Microsoft JDBC Driver 11.2 for SQL Server Microsoft JDBC Driver 10.2 for SQL Server Avowed Artbook DOOM: Dark Ages Companion App Fallout Shelter Ghostwide Tokyo Prelude Grounded 2 Artbook Hearthstone Knights and Bikes Pillars of Eternity Pillars of Eternity II: Deadfire Pillars of Eternity II: Deadfire - Ultimate Edition Pillars of Eternity: Definitive Edition Pillars of Eternity: Hero Edition Starfield Companion App The Bard's Tale Trilogy The Elder Scrolls IV: Oblivion Remastered Companion App The Elder Scrolls: Blades The Elder Scrolls: Castles Warcraft Rumble Wasteland 3 Wasteland Remastered DOOM (2019) DOOM II (2019) Forza Customs Gears POP! Halo Recruit Mighty Doom The Elder Scrolls: Legends Zoo Tycoon Friends Azure Event Grid System Microsoft Mesh PC Applications azl3 qtsvg 6.6.1-2 on Azure Linux 3.0 Microsoft Mesh for Meta Quest microsoft/playwright Arc Enabled Servers - Azure Connected Machine Agent ASP.NET Core 2.3 cbl2 golang 1.18.8-10 on CBL Mariner 2.0 cbl2 cri-o 1.22.3-16 on CBL Mariner 2.0 cbl2 msft-golang 1.24.8-1 on CBL Mariner 2.0 cbl2 gdb 11.2-7 on CBL Mariner 2.0 cbl2 binutils 2.37-17 on CBL Mariner 2.0 cbl2 redis 6.2.20-1 on CBL Mariner 2.0 cbl2 python3 3.9.19-15 on CBL Mariner 2.0 cbl2 containerized-data-importer 1.55.0-25 on CBL Mariner 2.0 cbl2 skopeo 1.14.2-12 on CBL Mariner 2.0 Microsoft Configuration Manager 2409 Azure Confidential Compute VM SKU DCasv5/DCadsv5 Azure Confidential Compute VM SKU ECasv5/ECadsv5 Azure Confidential Compute VM SKU DCasv6/DCadsv6 Azure Confidential Compute VM SKU ECasv6/ECadsv6 azl3 kernel 6.6.104.2-1 on Azure Linux 3.0 Azure Confidential Compute GPU SKU NCC40ads_H100_v5 azl3 kernel 6.6.104.2-4 on Azure Linux 3.0 azl3 python3 3.12.9-5 on Azure Linux 3.0 azl3 keras 3.3.3-4 on Azure Linux 3.0 azl3 qemu 8.2.0-21 on Azure Linux 3.0 azl3 ceph 18.2.2-11 on Azure Linux 3.0 azl3 squid 6.13-3 on Azure Linux 3.0 azl3 crash 8.0.4-5 on Azure Linux 3.0 azl3 binutils 2.41-9 on Azure Linux 3.0 azl3 containerized-data-importer 1.57.0-16 on Azure Linux 3.0 azl3 skopeo 1.14.4-6 on Azure Linux 3.0 Azure Compute Resource Provider Azure Notification Service azl3 lz4 1.9.4-1 on Azure Linux 3.0 cbl2 bind 9.16.50-2 on CBL Mariner 2.0 azl3 coredns 1.11.4-10 on Azure Linux 3.0 cbl2 coredns 1.11.1-22 on CBL Mariner 2.0 cbl2 lz4 1.9.4-1 on CBL Mariner 2.0 cbl2 moby-engine 24.0.9-18 on CBL Mariner 2.0 azl3 golang 1.25.3-1 on Azure Linux 3.0 cbl2 msft-golang 1.24.9-1 on CBL Mariner 2.0 cbl2 gdb 11.2-10 on CBL Mariner 2.0 cbl2 binutils 2.37-19 on CBL Mariner 2.0 cbl2 crash 8.0.1-5 on CBL Mariner 2.0 cbl2 qemu 6.2.0-25 on CBL Mariner 2.0 cbl2 python3 3.9.19-16 on CBL Mariner 2.0 cbl2 openssh 8.9p1-9 on CBL Mariner 2.0 cbl2 lz4 1.9.4-2 on CBL Mariner 2.0 cbl2 mysql 8.0.44-2 on CBL Mariner 2.0 azl3 kernel 6.6.112.1-2 on Azure Linux 3.0 azl3 qemu 8.2.0-23 on Azure Linux 3.0 azl3 binutils 2.41-10 on Azure Linux 3.0 azl3 lz4 1.9.4-2 on Azure Linux 3.0 azl3 mysql 8.0.44-2 on Azure Linux 3.0 azl3 bind 9.20.15-1 on Azure Linux 3.0 azl3 libsoup 3.4.4-10 on Azure Linux 3.0 azl3 keras 3.3.3-5 on Azure Linux 3.0 azl3 openssh 9.8p1-5 on Azure Linux 3.0 cbl2 python3 3.9.19-17 on CBL Mariner 2.0 cbl2 msft-golang 1.24.11-1 on CBL Mariner 2.0 cbl2 libxslt 1.1.34-9 on CBL Mariner 2.0 cbl2 unbound 1.19.1-4 on CBL Mariner 2.0 cbl2 containerized-data-importer 1.55.0-26 on CBL Mariner 2.0 cbl2 cri-o 1.22.3-17 on CBL Mariner 2.0 cbl2 moby-engine 24.0.9-19 on CBL Mariner 2.0 cbl2 skopeo 1.14.2-13 on CBL Mariner 2.0 azl3 golang 1.25.5-1 on Azure Linux 3.0 azl3 python3 3.12.9-6 on Azure Linux 3.0 azl3 containerized-data-importer 1.57.0-17 on Azure Linux 3.0 azl3 kernel 6.6.117.1-1 on Azure Linux 3.0 azl3 libxslt 1.1.43-3 on Azure Linux 3.0 azl3 qemu 8.2.0-25 on Azure Linux 3.0 azl3 unbound 1.19.1-5 on Azure Linux 3.0 azl3 gh 2.62.0-10 on Azure Linux 3.0 azl3 moby-engine 25.0.3-14 on Azure Linux 3.0 azl3 skopeo 1.14.4-7 on Azure Linux 3.0 azl3 rust 1.75.0-22 on Azure Linux 3.0 azl3 wayland 1.22.0-1 on Azure Linux 3.0 cbl2 frr 8.5.5-4 on CBL Mariner 2.0 azl3 kernel 6.6.119.3-1 on Azure Linux 3.0 azl3 frr 9.1.1-4 on Azure Linux 3.0 azl3 rust 1.90.0-1 on Azure Linux 3.0 azl3 kernel 6.6.119.3-3 on Azure Linux 3.0 azl3 kata-containers-cc 3.15.0.aks0-6 on Azure Linux 3.0 Windows 11 version 26H1 for x64-based Systems azl3 keras 3.3.3-6 on Azure Linux 3.0 azl3 kernel 6.6.121.1-1 on Azure Linux 3.0 azl3 golang 1.25.6-1 on Azure Linux 3.0 cbl2 msft-golang 1.24.12-1 on CBL Mariner 2.0 cbl2 frr 8.5.5-5 on CBL Mariner 2.0 azl3 frr 9.1.1-5 on Azure Linux 3.0 cbl2 kernel 5.15.200.1-1 on CBL Mariner 2.0 cbl2 binutils 2.37-20 on CBL Mariner 2.0 cbl2 msft-golang 1.24.13-1 on CBL Mariner 2.0 azl3 kernel 6.6.126.1-1 on Azure Linux 3.0 azl3 golang 1.26.0-1 on Azure Linux 3.0 azl3 golang 1.25.7-1 on Azure Linux 3.0 cbl2 kernel 5.15.202.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.130.1-3 on Azure Linux 3.0 azl3 golang 1.25.8-1 on Azure Linux 3.0 cbl2 msft-golang 1.25.8-1 on CBL Mariner 2.0 azl3 binutils 2.41-11 on Azure Linux 3.0 azl3 golang 1.25.9-1 on Azure Linux 3.0 azl3 kernel 6.6.134.1-2 on Azure Linux 3.0 azl3 keras 3.3.3-7 on Azure Linux 3.0 azl3 kernel 6.6.137.1-2 on Azure Linux 3.0 azl3 kernel 6.6.138.1-1 on Azure Linux 3.0 azl3 kernel 6.6.139.1-1 on Azure Linux 3.0 Microsoft .NET Framework 3.5 on Windows Server 2012 Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.5 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 sched: Fix sched_numa_find_nth_cpu() if mask offline <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39895 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-02T01:06:30 <p>Information published.</p> drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39934 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-05T01:02:01 <p>Information published.</p> smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39929 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-05T01:02:06 <p>Information published.</p> ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39938 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-05T01:02:11 <p>Information published.</p> ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39942 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-05T01:02:17 <p>Information published.</p> tls: make sure to abort the stream if headers are bogus <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39946 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-05T01:02:22 <p>Information published.</p> ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39943 20412-17084 20412-17084 Critical 20412-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20412-17084 1.0 2025-10-05T01:02:27 <p>Information published.</p> um: virtio_uml: Fix use-after-free after put_device in probe <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39951 Use After Free 20412-17084 20412-17084 Moderate 20412-17084 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 20412-17084 1.0 2025-10-05T01:02:32 <p>Information published.</p> net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39937 NULL Pointer Dereference 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-05T01:02:37 <p>Information published.</p> smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39932 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 21094-17084 21248-17084 21332-17084 20553-17084 20956-17084 21308-17084 21344-17084 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 21094-17084 21248-17084 21332-17084 20553-17084 20956-17084 21308-17084 21344-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 21332-17084 Moderate 20553-17084 Moderate 20956-17084 Moderate 21308-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-10-05T01:02:43 <p>Information published.</p> 2.0 2025-12-07T01:37:57 <p>Information published.</p> 4.0 2026-01-20T14:44:01 <p>Information published.</p> 8.0 2026-04-29T14:45:23 <p>Information published.</p> 3.0 2026-01-08T14:49:04 <p>Information published.</p> 5.0 2026-02-19T01:38:36 <p>Information published.</p> 6.0 2026-03-04T14:40:10 <p>Information published.</p> 7.0 2026-03-31T15:18:35 <p>Information published.</p> 9.0 2026-05-06T14:39:42 <p>Information published.</p> 10.0 2026-05-11T01:39:45 <p>Information published.</p> 11.0 2026-05-17T14:40:34 <p>Information published.</p> qed: Don't collect too many protection override GRC elements <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39949 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-05T01:02:48 <p>Information published.</p> cnic: Fix use-after-free bugs in cnic_delete_task <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39945 20412-17084 20553-17084 20412-17084 20553-17084 Important 20412-17084 Important 20553-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-05T01:02:58 <p>Information published.</p> smb: client: let recv_done verify data_offset, data_length and remaining_data_length <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39933 20412-17084 20412-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20412-17084 1.0 2025-10-05T01:03:08 <p>Information published.</p> crypto: af_alg - Set merge to zero early in af_alg_sendmsg <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39931 Use of Uninitialized Resource 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-05T01:03:19 <p>Information published.</p> net/mlx5e: Harden uplink netdev access against device unbind <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39947 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-05T01:03:29 <p>Information published.</p> Uncontrolled recursion in Qt SVG module <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner TQtC Yes CVE-2025-10728 Uncontrolled Recursion 20512-17084 19089-17086 20512-17084 19089-17086 Important 20512-17084 Important 19089-17086 1.0 2025-10-07T01:01:25 <p>Information published.</p> ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-61985 Improper Neutralization of Null Byte or NUL Character 19453-17084 20632-17084 20199-17086 20608-17086 19453-17084 20632-17084 20199-17086 20608-17086 Low 19453-17084 Low 20632-17084 Moderate 20199-17086 Moderate 20608-17086 3.6 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 19453-17084 3.6 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 20632-17084 4.5 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U 20199-17086 4.5 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U 20608-17086 CBL-Mariner Releases 19453-17084 20632-17084 No Security Update 9.8p1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19453-17084 20632-17084 CBL-Mariner Releases CBL-Mariner Releases 20199-17086 20608-17086 No Security Update 8.9p1-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20199-17086 20608-17086 CBL-Mariner Releases 1.0 2025-10-08T01:02:00 <p>Information published.</p> ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.) <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-61984 Improper Handling of Invalid Use of Special Elements 19453-17084 20199-17086 20632-17084 19453-17084 20199-17086 20632-17084 Low 19453-17084 Low 20199-17086 Low 20632-17084 3.6 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 19453-17084 3.6 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 20199-17086 3.6 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 20632-17084 CBL-Mariner Releases 19453-17084 20632-17084 No Security Update 9.8p1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19453-17084 20632-17084 CBL-Mariner Releases 1.0 2025-10-08T01:02:05 <p>Information published.</p> tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39955 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 20412-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-10T01:02:17 <p>Information published.</p> Redis is vulnerable to DoS via specially crafted LUA scripts <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-46819 Integer Overflow or Wraparound 19593-17084 20345-17086 19540-17086 19531-17084 20527-17086 19593-17084 20345-17086 19540-17086 19531-17084 20527-17086 Moderate 19593-17084 Moderate 20345-17086 Moderate 19540-17086 Moderate 19531-17084 Moderate 20527-17086 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 19593-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 20345-17086 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 19540-17086 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 19531-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 20527-17086 CBL-Mariner Releases 19593-17084 No Security Update 8.0.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19593-17084 CBL-Mariner Releases 1.0 2025-10-10T01:37:12 <p>Information published.</p> GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-11412 Out-of-bounds Read 20525-17086 20568-17084 20618-17084 20376-17086 20203-17086 19634-17084 20524-17086 20599-17086 20598-17086 20525-17086 20568-17084 20618-17084 20376-17086 20203-17086 19634-17084 20524-17086 20599-17086 20598-17086 Moderate 20525-17086 Moderate 20568-17084 Moderate 20618-17084 Moderate 20376-17086 Moderate 20203-17086 Moderate 19634-17084 Moderate 20524-17086 Moderate 20599-17086 Moderate 20598-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20525-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20568-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20618-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20376-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20203-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 19634-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20524-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20599-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20598-17086 CBL-Mariner Releases 20525-17086 No Security Update 2.37-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20525-17086 CBL-Mariner Releases CBL-Mariner Releases 20568-17084 20618-17084 No Security Update 2.41-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20568-17084 20618-17084 CBL-Mariner Releases CBL-Mariner Releases 20524-17086 20598-17086 No Security Update 11.2-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20524-17086 20598-17086 CBL-Mariner Releases CBL-Mariner Releases 20599-17086 No Security Update 2.37-19 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20599-17086 CBL-Mariner Releases 1.0 2025-10-11T01:02:46 <p>Information published.</p> Elasticsearch Insertion of sensitive information in log file <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner elastic Yes CVE-2025-37727 Insertion of Sensitive Information into Log File 20188-17084 20182-17086 20188-17084 20182-17086 Moderate 20188-17084 Moderate 20182-17086 5.7 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 20188-17084 5.7 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 20182-17086 1.0 2025-10-11T01:03:07 <p>Information published.</p> i40e: add max boundary check for VF filters <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39968 20412-17084 20553-17084 20412-17084 20553-17084 Critical 20412-17084 Critical 20553-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20412-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-16T01:01:21 <p>Information published.</p> can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39988 20412-17084 20412-17084 Important 20412-17084 7.3 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20412-17084 1.0 2025-10-16T01:01:43 <p>Information published.</p> i40e: fix idx validation in config queues msg <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39971 20412-17084 20553-17084 20412-17084 20553-17084 Critical 20412-17084 Critical 20553-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20412-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-16T01:01:48 <p>Information published.</p> i40e: fix idx validation in i40e_validate_queue_map <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39972 20412-17084 20553-17084 20412-17084 20553-17084 Critical 20412-17084 Critical 20553-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20412-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-16T01:01:53 <p>Information published.</p> octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39978 20412-17084 20412-17084 Critical 20412-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20412-17084 1.0 2025-10-16T01:01:59 <p>Information published.</p> i40e: fix validation of VF state in get resources <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39969 20553-17084 20412-17084 20553-17084 20412-17084 Moderate 20553-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-16T01:02:04 <p>Information published.</p> media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39995 20412-17084 20412-17084 Important 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20412-17084 1.0 2025-10-16T01:02:10 <p>Information published.</p> Bluetooth: MGMT: Fix possible UAFs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39981 20613-17084 20725-17084 20823-17084 20860-17084 21094-17084 21248-17084 21308-17084 21332-17084 20412-17084 20553-17084 20788-17084 20956-17084 21344-17084 20613-17084 20725-17084 20823-17084 20860-17084 21094-17084 21248-17084 21308-17084 21332-17084 20412-17084 20553-17084 20788-17084 20956-17084 21344-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 21308-17084 Moderate 21332-17084 Critical 20412-17084 Critical 20553-17084 Moderate 20788-17084 Moderate 20956-17084 Moderate 21344-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20613-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20725-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20823-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20860-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21094-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21248-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21308-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21332-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20412-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20553-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20788-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20956-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21344-17084 2.0 2025-12-07T01:38:18 <p>Information published.</p> 4.0 2026-01-20T14:44:21 <p>Information published.</p> 5.0 2026-02-18T15:00:22 <p>Information published.</p> 7.0 2026-03-31T14:40:11 <p>Information published.</p> 9.0 2026-05-06T14:40:23 <p>Information published.</p> 1.0 2025-10-16T01:02:27 <p>Information published.</p> 1.1 2025-12-02T01:36:50 <p>Information published.</p> 3.0 2026-01-08T14:49:20 <p>Information published.</p> 6.0 2026-03-04T14:40:23 <p>Information published.</p> 8.0 2026-04-29T14:45:50 <p>Information published.</p> 10.0 2026-05-11T01:40:04 <p>Information published.</p> 11.0 2026-05-17T14:40:54 <p>Information published.</p> scsi: target: target_core_configfs: Add length check to avoid buffer overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39998 20412-17084 20553-17084 20412-17084 20553-17084 Important 20412-17084 Important 20553-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-16T01:02:33 <p>Information published.</p> nexthop: Forbid FDB status change while nexthop is in a group <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39980 20412-17084 20553-17084 20412-17084 20553-17084 Important 20412-17084 Important 20553-17084 7.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 20412-17084 7.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-16T01:02:38 <p>Information published.</p> media: tuner: xc5000: Fix use-after-free in xc5000_release <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39994 20412-17084 20553-17084 20412-17084 20553-17084 Critical 20412-17084 Critical 20553-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20412-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-16T01:02:44 <p>Information published.</p> wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40000 20412-17084 20412-17084 Critical 20412-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20412-17084 1.0 2025-10-16T01:02:49 <p>Information published.</p> can: hi311x: populate ndo_change_mtu() to prevent buffer overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39987 20412-17084 20553-17084 20412-17084 20553-17084 Important 20412-17084 Important 20553-17084 7.3 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20412-17084 7.3 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-16T01:02:55 <p>Information published.</p> futex: Prevent use-after-free during requeue-PI <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39977 20412-17084 20553-17084 20412-17084 20553-17084 Important 20412-17084 Important 20553-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-16T01:03:11 <p>Information published.</p> can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39986 20412-17084 20412-17084 Critical 20412-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20412-17084 1.0 2025-10-16T01:03:16 <p>Information published.</p> media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39996 20412-17084 20412-17084 Critical 20412-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20412-17084 1.0 2025-10-16T01:03:22 <p>Information published.</p> ASoC: qcom: audioreach: fix potential null pointer dereference <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40013 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 1.0 2025-10-22T01:01:20 <p>Information published.</p> media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40016 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20412-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-22T01:01:25 <p>Information published.</p> drm/gma500: Fix null dereference in hdmi teardown <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40011 20553-17084 20412-17084 20553-17084 20412-17084 Moderate 20553-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 1.0 2025-10-22T01:01:36 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-53044 Uncontrolled Resource Consumption 20440-17084 19570-17086 20440-17084 19570-17086 Moderate 20440-17084 Moderate 19570-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20440-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19570-17086 CBL-Mariner Releases 20440-17084 19570-17086 No Security Update 8.0.44-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20440-17084 19570-17086 CBL-Mariner Releases 1.0 2025-10-23T01:06:00 <p>Information published.</p> Possible domain hijacking via promiscuous records in the authority section <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner NLnet Labs Yes CVE-2025-11411 Acceptance of Extraneous Untrusted Data With Trusted Data 17617-17084 19765-17086 20736-17084 20698-17086 17617-17084 19765-17086 20736-17084 20698-17086 Moderate 17617-17084 Moderate 19765-17086 Moderate 20736-17084 Moderate 20698-17086 CBL-Mariner Releases 17617-17084 20736-17084 No Security Update 1.19.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17617-17084 20736-17084 CBL-Mariner Releases CBL-Mariner Releases 19765-17086 20698-17086 No Security Update 1.19.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19765-17086 20698-17086 CBL-Mariner Releases 1.0 2025-10-24T01:01:26 <p>Information published.</p> 2.0 2025-12-06T14:38:14 <p>Information published.</p> 3.0 2025-12-07T01:39:13 <p>Information published.</p> Cache poisoning due to weak PRNG <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner isc Yes CVE-2025-40780 Predictable from Observable State 20621-17084 20589-17086 20336-17084 20621-17084 20589-17086 20336-17084 Important 20621-17084 Important 20589-17086 Important 20336-17084 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N 20621-17084 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N 20589-17086 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N 20336-17084 CBL-Mariner Releases 20589-17086 No Security Update 9.16.50-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20589-17086 CBL-Mariner Releases 1.0 2025-10-25T01:01:29 <p>Information published.</p> 2.0 2025-11-25T01:38:24 <p>Information published.</p> ipvs: Defer ip_vs_ftp unregister during netns cleanup <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40018 20553-17084 20553-17084 Important 20553-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-25T14:01:29 <p>Information published.</p> astral-tokio-tar Vulnerable to PAX Header Desynchronization <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-62518 Access of Resource Using Incompatible Type (&#39;Type Confusion&#39;) 20824-17084 20421-17084 20824-17084 20421-17084 Important 20824-17084 Important 20421-17084 8.1 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 20824-17084 8.1 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 20421-17084 1.0 2025-10-25T14:01:53 <p>Information published.</p> 2.0 2026-01-20T14:45:03 <p>Information published.</p> f2fs: fix to do sanity check on node footer for non inode dnode <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40025 20553-17084 20553-17084 Moderate 20553-17084 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U 20553-17084 1.0 2025-10-29T01:02:43 <p>Information published.</p> vhost: vringh: Modify the return value check <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40051 20553-17084 20553-17084 Moderate 20553-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-29T01:02:54 <p>Information published.</p> f2fs: fix to avoid overflow while left shift operation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40077 20553-17084 20553-17084 Important 20553-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 1.0 2025-10-29T01:03:32 <p>Information published.</p> smc: Fix use-after-free in __pnet_find_base_ndev(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40064 20613-17084 20725-17084 20788-17084 20823-17084 20956-17084 21094-17084 21248-17084 20553-17084 20860-17084 21308-17084 21332-17084 21344-17084 20613-17084 20725-17084 20788-17084 20823-17084 20956-17084 21094-17084 21248-17084 20553-17084 20860-17084 21308-17084 21332-17084 21344-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 20553-17084 Moderate 20860-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H 20613-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H 20725-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H 20788-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H 20823-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H 20956-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H 21094-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H 21248-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H 20553-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H 20860-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H 21308-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H 21332-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H 21344-17084 2.0 2025-12-07T01:40:09 <p>Information published.</p> 3.0 2026-01-08T14:50:03 <p>Information published.</p> 4.0 2026-01-20T14:45:23 <p>Information published.</p> 6.0 2026-03-04T14:40:51 <p>Information published.</p> 7.0 2026-03-31T14:50:38 <p>Information published.</p> 8.0 2026-04-29T14:46:47 <p>Information published.</p> 9.0 2026-05-06T14:41:44 <p>Information published.</p> 1.0 2025-10-29T01:03:48 <p>Information published.</p> 5.0 2026-02-19T01:44:17 <p>Information published.</p> 10.0 2026-05-11T01:40:40 <p>Information published.</p> 11.0 2026-05-17T14:41:36 <p>Information published.</p> ksmbd: transport_ipc: validate payload size before reading handle <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40084 20553-17084 20613-17084 20553-17084 20613-17084 Moderate 20553-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 2.0 2025-12-07T01:40:52 <p>Information published.</p> 1.0 2025-10-31T01:03:20 <p>Information published.</p> net/sched: sch_qfq: Fix null-deref in agg_dequeue <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40083 20613-17084 20553-17084 20613-17084 20553-17084 Moderate 20613-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 2.0 2025-12-07T01:41:04 <p>Information published.</p> 1.0 2025-10-31T01:03:26 <p>Information published.</p> Parsing DER payload can cause memory exhaustion in encoding/asn1 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2025-58185 20519-17086 20387-17086 19712-17086 19693-17084 17667-17084 20597-17086 20707-17084 20863-17084 18447-17086 20523-17086 18315-17084 20074-17084 20596-17084 19668-17086 20687-17086 20867-17086 20519-17086 20387-17086 19712-17086 19693-17084 17667-17084 20597-17086 20707-17084 20863-17084 18447-17086 20523-17086 18315-17084 20074-17084 20596-17084 19668-17086 20687-17086 20867-17086 Moderate 20519-17086 Moderate 20387-17086 Important 19712-17086 Important 19693-17084 Important 17667-17084 Important 20597-17086 Moderate 20707-17084 Moderate 20863-17084 Important 18447-17086 Important 20523-17086 Moderate 18315-17084 Moderate 20074-17084 Important 20596-17084 Important 19668-17086 Important 20687-17086 Important 20867-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20519-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20387-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19712-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17667-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20597-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20707-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20863-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18447-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20523-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 18315-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20074-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20596-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19668-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20687-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20867-17086 1.0 2025-10-31T01:06:07 <p>Information published.</p> 3.0 2025-12-07T01:43:08 <p>Information published.</p> 4.0 2025-12-12T01:37:17 <p>Information published.</p> 2.0 2025-12-06T14:38:59 <p>Information published.</p> 5.0 2025-12-13T01:37:42 <p>Information published.</p> 6.0 2026-02-18T02:14:53 <p>Information published.</p> Panic when validating certificates with DSA public keys in crypto/x509 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2025-58188 18447-17086 20519-17086 20387-17086 18315-17084 19712-17086 20596-17084 20597-17086 20707-17084 20867-17086 20942-17086 20973-17084 21051-17084 21117-17086 21113-17084 20523-17086 20074-17084 19668-17086 19693-17084 17667-17084 20687-17086 20863-17084 21203-17084 18447-17086 20519-17086 20387-17086 18315-17084 19712-17086 20596-17084 20597-17086 20707-17084 20867-17086 20942-17086 20973-17084 21051-17084 21117-17086 21113-17084 20523-17086 20074-17084 19668-17086 19693-17084 17667-17084 20687-17086 20863-17084 21203-17084 Moderate 18447-17086 Moderate 20519-17086 Moderate 20387-17086 Moderate 18315-17084 Moderate 19712-17086 Moderate 20596-17084 Moderate 20597-17086 Important 20707-17084 Low 20867-17086 Low 20942-17086 Low 20973-17084 Low 21051-17084 Low 21117-17086 Low 21113-17084 Moderate 20523-17086 Moderate 20074-17084 Moderate 19668-17086 Moderate 19693-17084 Moderate 17667-17084 Low 20687-17086 Low 20863-17084 Low 21203-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 18447-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20519-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20387-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 18315-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19712-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20596-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20597-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20707-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20867-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20942-17086 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20973-17084 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 21051-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21117-17086 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 21113-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20523-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20074-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19668-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19693-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 17667-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20687-17086 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20863-17084 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 21203-17084 1.0 2025-10-31T01:08:48 <p>Information published.</p> 3.0 2025-12-07T01:42:25 <p>Information published.</p> 3.1 2025-12-08T14:35:03 <p>Information published.</p> 6.0 2026-02-18T02:31:53 <p>Information published.</p> 7.0 2026-03-03T14:45:16 <p>Information published.</p> 9.0 2026-03-12T01:36:27 <p>Information published.</p> 10.0 2026-03-31T14:56:10 <p>Information published.</p> 2.0 2025-12-06T14:38:43 <p>Information published.</p> 4.0 2025-12-12T01:37:22 <p>Information published.</p> 5.0 2025-12-13T01:37:47 <p>Information published.</p> 8.0 2026-03-04T14:41:41 <p>Information published.</p> 11.0 2026-04-14T14:39:01 <p>Information published.</p> ixgbevf: fix mailbox API compatibility by negotiating supported features <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40104 20553-17084 20613-17084 20553-17084 20613-17084 Moderate 20553-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-10-31T01:09:36 <p>Information published.</p> 2.0 2025-12-07T01:43:55 <p>Information published.</p> hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40088 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 1.0 2025-10-31T01:10:26 <p>Information published.</p> FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-61103 NULL Pointer Dereference 20784-17086 20873-17086 20875-17084 19931-17086 19585-17084 20789-17084 20784-17086 20873-17086 20875-17084 19931-17086 19585-17084 20789-17084 Moderate 20784-17086 Moderate 20873-17086 Moderate 20875-17084 Moderate 19931-17086 Moderate 19585-17084 Moderate 20789-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20784-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20873-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20875-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19931-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19585-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20789-17084 CBL-Mariner Releases 20873-17086 No Security Update 8.5.5-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20873-17086 CBL-Mariner Releases CBL-Mariner Releases 20875-17084 No Security Update 9.1.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20875-17084 CBL-Mariner Releases 4.0 2026-02-18T02:40:00 <p>Information published.</p> 1.0 2025-10-31T01:10:51 <p>Information published.</p> 2.0 2026-01-03T01:37:55 <p>Information published.</p> 3.0 2026-01-08T14:35:21 <p>Information published.</p> FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-61107 NULL Pointer Dereference 19585-17084 20784-17086 20789-17084 20873-17086 20875-17084 19931-17086 19585-17084 20784-17086 20789-17084 20873-17086 20875-17084 19931-17086 Moderate 19585-17084 Moderate 20784-17086 Moderate 20789-17084 Moderate 20873-17086 Moderate 20875-17084 Moderate 19931-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19585-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20784-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20789-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20873-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20875-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19931-17086 CBL-Mariner Releases 20873-17086 No Security Update 8.5.5-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20873-17086 CBL-Mariner Releases CBL-Mariner Releases 20875-17084 No Security Update 9.1.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20875-17084 CBL-Mariner Releases 2.0 2026-01-03T01:38:07 <p>Information published.</p> 4.0 2026-02-18T02:41:48 <p>Information published.</p> 1.0 2025-10-31T01:11:07 <p>Information published.</p> 3.0 2026-01-08T14:50:51 <p>Information published.</p> FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-61102 NULL Pointer Dereference 19931-17086 19585-17084 20784-17086 20873-17086 20789-17084 20875-17084 19931-17086 19585-17084 20784-17086 20873-17086 20789-17084 20875-17084 Moderate 19931-17086 Moderate 19585-17084 Moderate 20784-17086 Moderate 20873-17086 Moderate 20789-17084 Moderate 20875-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19931-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19585-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20784-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20873-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20789-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20875-17084 CBL-Mariner Releases 20873-17086 No Security Update 8.5.5-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20873-17086 CBL-Mariner Releases CBL-Mariner Releases 20875-17084 No Security Update 9.1.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20875-17084 CBL-Mariner Releases 2.0 2026-01-03T01:38:13 <p>Information published.</p> 4.0 2026-02-18T02:42:38 <p>Information published.</p> 1.0 2025-10-31T01:11:15 <p>Information published.</p> 3.0 2026-01-08T14:50:44 <p>Information published.</p> Xorg: xmayland: value overflow in xkbsetcompatmap() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-62231 Integer Overflow or Wraparound 19615-17084 20749-17084 19615-17084 20749-17084 Moderate 19615-17084 Important 20749-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 19615-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H 20749-17084 CBL-Mariner Releases 19615-17084 No Security Update 24.1.6-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19615-17084 CBL-Mariner Releases 1.0 2025-10-31T01:11:26 <p>Information published.</p> 2.0 2025-12-24T01:02:28 <p>Information published.</p> Xorg: xmayland: use-after-free in xpresentnotify structure creation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-62229 Use After Free 19615-17084 20749-17084 19615-17084 20749-17084 Important 19615-17084 Important 20749-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19615-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H 20749-17084 CBL-Mariner Releases 19615-17084 No Security Update 24.1.6-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19615-17084 CBL-Mariner Releases 1.0 2025-10-31T01:11:31 <p>Information published.</p> 2.0 2025-12-24T01:02:23 <p>Information published.</p> Keras keras.utils.get_file Utility Path Traversal Vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2025-12060 Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;) 20558-17084 20558-17084 Important 20558-17084 CBL-Mariner Releases 20558-17084 No Security Update 3.3.3-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20558-17084 CBL-Mariner Releases 1.0 2025-11-01T01:01:19 <p>Information published.</p> comedi: fix divide-by-zero in comedi_buf_munge() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40106 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20553-17084 1.0 2025-11-01T01:02:23 <p>Information published.</p> FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-61100 NULL Pointer Dereference 19931-17086 19585-17084 20784-17086 20789-17084 20873-17086 20875-17084 19931-17086 19585-17084 20784-17086 20789-17084 20873-17086 20875-17084 Important 19931-17086 Important 19585-17084 Important 20784-17086 Important 20789-17084 Important 20873-17086 Important 20875-17084 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 19931-17086 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 19585-17084 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 20784-17086 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 20789-17084 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 20873-17086 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 20875-17084 CBL-Mariner Releases 20873-17086 No Security Update 8.5.5-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20873-17086 CBL-Mariner Releases CBL-Mariner Releases 20875-17084 No Security Update 9.1.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20875-17084 CBL-Mariner Releases 1.0 2025-11-02T02:02:36 <p>Information published.</p> 2.0 2026-01-03T01:38:23 <p>Information published.</p> 3.0 2026-01-08T14:36:12 <p>Information published.</p> 4.0 2026-02-18T02:49:53 <p>Information published.</p> Quadratic complexity in os.path.expandvars() with user-controlled template <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner PSF Yes CVE-2025-6075 Uncontrolled Resource Consumption 20557-17084 20708-17084 20528-17086 17667-17084 20603-17086 20685-17086 20557-17084 20708-17084 20528-17086 17667-17084 20603-17086 20685-17086 Low 20557-17084 Low 20708-17084 Low 20528-17086 Low 17667-17084 Low 20603-17086 Low 20685-17086 CBL-Mariner Releases 20557-17084 20708-17084 No Security Update 3.12.9-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20557-17084 20708-17084 CBL-Mariner Releases CBL-Mariner Releases 20603-17086 20685-17086 No Security Update 3.9.19-17 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20603-17086 20685-17086 CBL-Mariner Releases 1.0 2025-11-05T01:02:10 <p>Information published.</p> 4.0 2025-12-07T01:46:03 <p>Information published.</p> 2.0 2025-11-18T01:37:02 <p>Information published.</p> 3.0 2025-12-06T14:39:10 <p>Information published.</p> Qemu-kvm: stack buffer overflow in e1000 device via short frames in loopback mode <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-12464 Stack-based Buffer Overflow 20727-17084 20559-17084 20615-17084 20727-17084 20559-17084 20615-17084 Moderate 20727-17084 Moderate 20559-17084 Moderate 20615-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20727-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20559-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20615-17084 CBL-Mariner Releases 20727-17084 20615-17084 No Security Update 8.2.0-25 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20727-17084 20615-17084 CBL-Mariner Releases 1.0 2025-11-05T01:02:16 <p>Information published.</p> 2.0 2025-11-21T01:36:35 <p>Information published.</p> 3.0 2025-12-07T01:46:15 <p>Information published.</p> GNU Binutils Linker elfxx-x86.c _bfd_x86_elf_late_size_sections out-of-bounds Mariner VulDB Yes CVE-2025-11494 Out-of-bounds Read 20599-17086 20600-17086 20618-17084 20598-17086 20567-17084 20599-17086 20600-17086 20618-17084 20598-17086 20567-17084 Moderate 20599-17086 Moderate 20600-17086 Moderate 20618-17084 Moderate 20598-17086 Moderate 20567-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20599-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20600-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20618-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20598-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20567-17084 1.0 2025-11-29T01:01:47 <p>Information published.</p> 3.0 2025-12-03T01:39:19 <p>Information published.</p> 2.0 2025-12-01T14:37:50 <p>Information published.</p> Libsoup: heap use-after-free in libsoup message queue handling during http/2 read completion Mariner redhat Yes CVE-2025-12105 Use After Free 20625-17084 20625-17084 Important 20625-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20625-17084 CBL-Mariner Releases 20625-17084 No Security Update 3.4.4-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20625-17084 CBL-Mariner Releases 1.0 2025-12-21T01:01:54 <p>Information published.</p> 2.0 2025-12-22T14:35:26 <p>Information published.</p> 3.0 2025-12-24T01:38:08 <p>Information published.</p> mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2() Mariner Linux Yes CVE-2022-50464 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 3.0 2026-02-18T14:51:48 <p>Information published.</p> 1.0 2026-01-18T01:01:34 <p>Information published.</p> 2.0 2026-01-20T14:46:11 <p>Information published.</p> x86: fix clear_user_rep_good() exception handling annotation Mariner Linux Yes CVE-2023-53642 20412-17084 20412-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 1.0 2026-02-18T14:46:26 <p>Information published.</p> hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() Mariner Linux Yes CVE-2025-40082 Out-of-bounds Read 20860-17084 20860-17084 Important 20860-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20860-17084 CBL-Mariner Releases 20860-17084 No Security Update 6.6.126.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20860-17084 CBL-Mariner Releases 1.0 2026-02-28T01:04:41 <p>Information published.</p> ceph: fix race condition validating r_parent before applying state <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39927 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 21332-17084 20553-17084 17087-17086 20860-17084 21308-17084 21344-17084 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 21332-17084 20553-17084 17087-17086 20860-17084 21308-17084 21344-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21094-17084 Moderate 21093-17086 Moderate 21248-17084 Moderate 21332-17084 Moderate 20553-17084 Moderate 17087-17086 Moderate 20860-17084 Moderate 21308-17084 Moderate 21344-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-10-02T01:06:25 <p>Information published.</p> 2.0 2025-12-07T01:36:39 <p>Information published.</p> 7.0 2026-03-03T15:04:14 <p>Information published.</p> 9.0 2026-03-31T15:16:04 <p>Information published.</p> 11.0 2026-05-06T14:39:14 <p>Information published.</p> 3.0 2025-12-12T01:01:37 <p>Information published.</p> 4.0 2026-01-08T14:48:23 <p>Information published.</p> 5.0 2026-01-20T14:43:31 <p>Information published.</p> 6.0 2026-02-21T03:37:46 <p>Information published.</p> 8.0 2026-03-04T14:39:33 <p>Information published.</p> 10.0 2026-04-29T14:44:16 <p>Information published.</p> 12.0 2026-05-11T01:39:19 <p>Information published.</p> 13.0 2026-05-17T14:40:05 <p>Information published.</p> wifi: mwifiex: Initialize the chan_stats array to zero <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39891 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-02T01:06:37 <p>Information published.</p> i40e: remove read access to debugfs files <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39901 Out-of-bounds Read 20412-17084 20613-17084 20725-17084 17087-17086 20788-17084 20823-17084 20925-17086 20956-17084 21094-17084 21248-17084 21308-17084 20553-17084 20860-17084 21093-17086 21332-17084 21344-17084 20412-17084 20613-17084 20725-17084 17087-17086 20788-17084 20823-17084 20925-17086 20956-17084 21094-17084 21248-17084 21308-17084 20553-17084 20860-17084 21093-17086 21332-17084 21344-17084 Important 20412-17084 Important 20613-17084 Important 20725-17084 Important 17087-17086 Important 20788-17084 Important 20823-17084 Important 20925-17086 Important 20956-17084 Important 21094-17084 Important 21248-17084 Important 21308-17084 Important 20553-17084 Important 20860-17084 Important 21093-17086 Important 21332-17084 Important 21344-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20613-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20725-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20788-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20823-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20925-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20956-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21094-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21248-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21308-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20860-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21093-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21332-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21344-17084 1.0 2025-10-02T01:06:42 <p>Information published.</p> 2.0 2025-12-07T01:36:49 <p>Information published.</p> 5.0 2026-01-08T14:48:31 <p>Information published.</p> 6.0 2026-01-20T14:43:41 <p>Information published.</p> 8.0 2026-03-03T14:42:04 <p>Information published.</p> 10.0 2026-03-31T15:16:28 <p>Information published.</p> 11.0 2026-04-29T14:44:28 <p>Information published.</p> 13.0 2026-05-11T01:39:28 <p>Information published.</p> 3.0 2025-12-14T14:02:40 <p>Information published.</p> 4.0 2025-12-15T14:36:28 <p>Information published.</p> 7.0 2026-02-21T03:40:03 <p>Information published.</p> 9.0 2026-03-04T14:39:41 <p>Information published.</p> 12.0 2026-05-06T14:39:23 <p>Information published.</p> 14.0 2026-05-17T14:40:14 <p>Information published.</p> mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39909 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-02T01:06:47 <p>Information published.</p> mm/vmalloc, mm/kasan: respect gfp mask in kasan_populate_vmalloc() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39910 Improper Locking 20412-17084 20412-17084 Critical 20412-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20412-17084 1.0 2025-10-02T01:06:52 <p>Information published.</p> mm/slub: avoid accessing metadata when pointer is invalid in object_err() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39902 20553-17084 20412-17084 17087-17086 20553-17084 20412-17084 17087-17086 Moderate 20553-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-02T01:06:58 <p>Information published.</p> 2.0 2026-01-18T01:04:13 <p>Information published.</p> 3.0 2026-01-19T14:38:42 <p>Information published.</p> 4.0 2026-02-21T03:42:40 <p>Information published.</p> mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39916 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-02T01:07:03 <p>Information published.</p> dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39923 20412-17084 20553-17084 17087-17086 20412-17084 20553-17084 17087-17086 Moderate 20412-17084 Moderate 20553-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-10-02T01:07:11 <p>Information published.</p> 2.0 2026-01-21T01:04:32 <p>Information published.</p> 3.0 2026-02-24T14:42:37 <p>Information published.</p> can: j1939: implement NETDEV_UNREGISTER notification handler <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39925 20412-17084 17087-17086 20412-17084 17087-17086 Critical 20412-17084 Moderate 17087-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 3.0 2025-12-16T01:37:16 <p>Information published.</p> 1.0 2025-10-02T01:07:16 <p>Information published.</p> 2.0 2025-12-13T01:01:44 <p>Information published.</p> e1000e: fix heap overflow in e1000_set_eeprom <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39898 20412-17084 20553-17084 20412-17084 20553-17084 Critical 20412-17084 Critical 20553-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20412-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-02T01:07:22 <p>Information published.</p> tracing: Silence warning when chunk allocation fails in trace_pid_write <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39914 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-02T01:07:27 <p>Information published.</p> af_unix: Fix null-ptr-deref in unix_stream_sendpage(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-53469 20412-17084 20412-17084 Important 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20412-17084 1.0 2025-10-02T01:07:32 <p>Information published.</p> net: phylink: add lock for serializing concurrent pl->phydev writes with resolver <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39905 20412-17084 20613-17084 20725-17084 21094-17084 21093-17086 21332-17084 20553-17084 17087-17086 20788-17084 20823-17084 20860-17084 20925-17086 20956-17084 21248-17084 21308-17084 21344-17084 20412-17084 20613-17084 20725-17084 21094-17084 21093-17086 21332-17084 20553-17084 17087-17086 20788-17084 20823-17084 20860-17084 20925-17086 20956-17084 21248-17084 21308-17084 21344-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 21094-17084 Important 21093-17086 Moderate 21332-17084 Moderate 20553-17084 Important 17087-17086 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Important 20925-17086 Moderate 20956-17084 Moderate 21248-17084 Moderate 21308-17084 Moderate 21344-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 20412-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 20613-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 20725-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 21094-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 21332-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 20553-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 20788-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 20823-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 20860-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 20956-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 21248-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 21308-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 21344-17084 2.0 2025-12-07T01:36:59 <p>Information published.</p> 5.0 2026-01-08T14:48:40 <p>Information published.</p> 7.0 2026-02-19T01:35:58 <p>Information published.</p> 8.0 2026-03-03T14:42:22 <p>Information published.</p> 9.0 2026-03-04T14:39:48 <p>Information published.</p> 10.0 2026-03-31T15:16:52 <p>Information published.</p> 13.0 2026-05-11T01:39:37 <p>Information published.</p> 1.0 2025-10-02T01:07:39 <p>Information published.</p> 3.0 2025-12-14T14:02:45 <p>Information published.</p> 4.0 2025-12-15T14:36:33 <p>Information published.</p> 6.0 2026-01-20T14:43:51 <p>Information published.</p> 11.0 2026-04-29T14:44:41 <p>Information published.</p> 12.0 2026-05-06T14:39:32 <p>Information published.</p> 14.0 2026-05-17T14:40:24 <p>Information published.</p> i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39911 20553-17084 20412-17084 17087-17086 20553-17084 20412-17084 17087-17086 Low 20553-17084 Low 20412-17084 Important 17087-17086 3.3 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U 20553-17084 3.3 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-10-02T01:07:45 <p>Information published.</p> 4.0 2026-02-24T14:41:30 <p>Information published.</p> 2.0 2026-01-18T01:04:23 <p>Information published.</p> 3.0 2026-01-19T14:38:47 <p>Information published.</p> pcmcia: Add error handling for add_interval() in do_validate_mem() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39920 NULL Pointer Dereference 20412-17084 20553-17084 17087-17086 20412-17084 20553-17084 17087-17086 Moderate 20412-17084 Moderate 20553-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-02T01:07:50 <p>Information published.</p> 3.0 2026-01-20T14:48:07 <p>Information published.</p> 4.0 2026-02-19T01:36:19 <p>Information published.</p> 2.0 2026-01-18T01:04:33 <p>Information published.</p> tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39913 20412-17084 20553-17084 17087-17086 20412-17084 20553-17084 17087-17086 Moderate 20412-17084 Moderate 20553-17084 Moderate 17087-17086 6.6 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 20412-17084 6.6 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 20553-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 17087-17086 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-10-02T01:07:55 <p>Information published.</p> 3.0 2026-01-19T14:38:51 <p>Information published.</p> 4.0 2026-02-24T14:41:37 <p>Information published.</p> 2.0 2026-01-18T01:04:28 <p>Information published.</p> mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39907 20412-17084 17087-17086 20412-17084 17087-17086 Critical 20412-17084 Moderate 17087-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 3.0 2026-01-20T14:47:57 <p>Information published.</p> 4.0 2026-02-19T01:36:38 <p>Information published.</p> 1.0 2025-10-02T01:08:00 <p>Information published.</p> 2.0 2026-01-18T01:04:18 <p>Information published.</p> wifi: wilc1000: avoid buffer overflow in WID string configuration <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39952 20412-17084 20412-17084 Important 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 1.0 2025-10-05T01:02:53 <p>Information published.</p> cgroup: split cgroup_destroy_wq into 3 workqueues <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39953 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20412-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-05T01:03:03 <p>Information published.</p> dm-stripe: fix a possible integer overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39940 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20956-17084 21308-17084 20860-17084 21094-17084 21248-17084 21332-17084 21344-17084 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20956-17084 21308-17084 20860-17084 21094-17084 21248-17084 21332-17084 21344-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20956-17084 Moderate 21308-17084 Moderate 20860-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 21332-17084 Moderate 21344-17084 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U 20412-17084 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U 20553-17084 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U 20613-17084 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U 20725-17084 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U 20788-17084 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U 20823-17084 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U 20956-17084 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U 21308-17084 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U 20860-17084 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U 21094-17084 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U 21248-17084 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U 21332-17084 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U 21344-17084 2.0 2025-12-07T01:38:08 <p>Information published.</p> 4.0 2026-01-20T14:44:11 <p>Information published.</p> 5.0 2026-02-19T01:39:05 <p>Information published.</p> 7.0 2026-03-31T15:18:42 <p>Information published.</p> 10.0 2026-05-11T01:39:54 <p>Information published.</p> 1.0 2025-10-05T01:03:14 <p>Information published.</p> 3.0 2026-01-08T14:49:12 <p>Information published.</p> 6.0 2026-03-04T14:40:17 <p>Information published.</p> 8.0 2026-04-29T14:45:37 <p>Information published.</p> 9.0 2026-05-06T14:39:50 <p>Information published.</p> 11.0 2026-05-17T14:40:44 <p>Information published.</p> octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39944 Use After Free 20412-17084 20412-17084 Important 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 1.0 2025-10-05T01:03:24 <p>Information published.</p> mm: /proc/pid/smaps_rollup: fix no vma's null-deref <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2022-50502 20412-17084 20412-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 1.0 2025-10-06T01:38:02 <p>Information published.</p> Qemu-kvm: vnc websocket handshake use-after-free <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-11234 Use After Free 20413-17084 17093-17086 20559-17084 20615-17084 20602-17086 20413-17084 17093-17086 20559-17084 20615-17084 20602-17086 Moderate 20413-17084 Moderate 17093-17086 Moderate 20559-17084 Moderate 20615-17084 Moderate 20602-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20413-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 17093-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20559-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20615-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20602-17086 CBL-Mariner Releases 17093-17086 20602-17086 No Security Update 6.2.0-25 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17093-17086 20602-17086 CBL-Mariner Releases CBL-Mariner Releases 20559-17084 20615-17084 No Security Update 8.2.0-23 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20559-17084 20615-17084 CBL-Mariner Releases 1.0 2025-10-07T01:01:16 <p>Information published.</p> Use-after-free vulnerability in Qt SVG qsvghandler.cpp allows denial of service via crafted SVG <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner TQtC Yes CVE-2025-10729 Use After Free 20512-17084 19089-17086 20512-17084 19089-17086 Important 20512-17084 Important 19089-17086 9.3 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U 20512-17084 9.3 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U 19089-17086 CBL-Mariner Releases 20512-17084 No Security Update 6.6.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20512-17084 CBL-Mariner Releases CBL-Mariner Releases 19089-17086 No Security Update 5.12.11-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19089-17086 CBL-Mariner Releases 1.0 2025-10-07T01:01:34 <p>Information published.</p> Redis Lua Use-After-Free may lead to remote code execution <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-49844 Use After Free 20345-17086 19593-17084 19540-17086 19531-17084 20345-17086 19593-17084 19540-17086 19531-17084 Critical 20345-17086 Critical 19593-17084 Critical 19540-17086 Critical 19531-17084 9.9 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 20345-17086 9.9 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 19593-17084 9.9 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 19540-17086 9.9 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 19531-17084 CBL-Mariner Releases 20345-17086 No Security Update 6.2.20-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20345-17086 CBL-Mariner Releases 1.0 2025-10-08T01:01:53 <p>Information published.</p> ZIP64 End of Central Directory (EOCD) Locator record offset not checked <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner PSF Yes CVE-2025-8291 20557-17084 20603-17086 19968-17084 19533-17086 17667-17084 20528-17086 20557-17084 20603-17086 19968-17084 19533-17086 17667-17084 20528-17086 Moderate 20557-17084 Moderate 20603-17086 Moderate 19968-17084 Moderate 19533-17086 Moderate 17667-17084 Moderate 20528-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 20557-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 20603-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 19968-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 19533-17086 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U 17667-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 20528-17086 CBL-Mariner Releases 20557-17084 19968-17084 No Security Update 3.12.9-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20557-17084 19968-17084 CBL-Mariner Releases CBL-Mariner Releases 20603-17086 20528-17086 No Security Update 3.9.19-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20603-17086 20528-17086 CBL-Mariner Releases 1.0 2025-10-10T01:02:05 <p>Information published.</p> iommu/s390: Make attach succeed when the device was surprise removed <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39958 20412-17084 20412-17084 Low 20412-17084 4.0 3.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20412-17084 1.0 2025-10-10T01:02:11 <p>Information published.</p> wifi: mac80211: increase scan_ies_len for S1G <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39957 20412-17084 20553-17084 20412-17084 20553-17084 Low 20412-17084 Low 20553-17084 4.0 3.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20412-17084 4.0 3.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-10T01:02:23 <p>Information published.</p> Lua library commands may lead to integer overflow and potential RCE <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-46817 Integer Overflow or Wraparound 19593-17084 20345-17086 20527-17086 19540-17086 20564-17084 19593-17084 20345-17086 20527-17086 19540-17086 20564-17084 Important 19593-17084 Important 20345-17086 Important 20527-17086 Important 19540-17086 Important 20564-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19593-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20345-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20527-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19540-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20564-17084 CBL-Mariner Releases 19593-17084 No Security Update 8.0.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19593-17084 CBL-Mariner Releases 1.0 2025-10-10T01:36:56 <p>Information published.</p> Redis: Authenticated users can execute LUA scripts as a different user <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-46818 Improper Control of Generation of Code (&#39;Code Injection&#39;) 19593-17084 20527-17086 19593-17084 20527-17086 Moderate 19593-17084 Moderate 20527-17086 6.0 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N 19593-17084 6.0 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N 20527-17086 CBL-Mariner Releases 19593-17084 No Security Update 8.0.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19593-17084 CBL-Mariner Releases 2.0 2025-12-11T01:38:13 <p>Information published.</p> 1.0 2025-10-10T01:37:03 <p>Information published.</p> iommu/amd/pgtbl: Fix possible race while increase page table level <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39961 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.8 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H 20412-17084 5.8 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-11T01:01:50 <p>Information published.</p> GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-11495 Heap-based Buffer Overflow 20524-17086 20376-17086 20100-17086 20203-17086 19634-17084 18844-17084 20525-17086 20524-17086 20376-17086 20100-17086 20203-17086 19634-17084 18844-17084 20525-17086 Moderate 20524-17086 Moderate 20376-17086 Low 20100-17086 Moderate 20203-17086 Moderate 19634-17084 Moderate 18844-17084 Moderate 20525-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20524-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20376-17086 3.3 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U 20100-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20203-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 19634-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 18844-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20525-17086 1.0 2025-10-11T01:02:13 <p>Information published.</p> GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-11413 Out-of-bounds Read 20376-17086 20525-17086 20524-17086 20203-17086 19634-17084 20376-17086 20525-17086 20524-17086 20203-17086 19634-17084 Moderate 20376-17086 Moderate 20525-17086 Moderate 20524-17086 Moderate 20203-17086 Moderate 19634-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20376-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20525-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20524-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20203-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 19634-17084 1.0 2025-10-11T01:02:24 <p>Information published.</p> GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-11414 Out-of-bounds Read 20525-17086 20599-17086 20618-17084 20376-17086 20203-17086 19634-17084 20524-17086 20568-17084 20598-17086 20525-17086 20599-17086 20618-17084 20376-17086 20203-17086 19634-17084 20524-17086 20568-17084 20598-17086 Moderate 20525-17086 Moderate 20599-17086 Low 20618-17084 Moderate 20376-17086 Moderate 20203-17086 Low 19634-17084 Moderate 20524-17086 Low 20568-17084 Moderate 20598-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20525-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20599-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20618-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20376-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20203-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 19634-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20524-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20568-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20598-17086 CBL-Mariner Releases 20525-17086 No Security Update 2.37-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20525-17086 CBL-Mariner Releases CBL-Mariner Releases 20599-17086 No Security Update 2.37-19 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20599-17086 CBL-Mariner Releases CBL-Mariner Releases 20618-17084 20568-17084 No Security Update 2.41-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20618-17084 20568-17084 CBL-Mariner Releases CBL-Mariner Releases 20524-17086 20598-17086 No Security Update 11.2-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20524-17086 20598-17086 CBL-Mariner Releases 1.0 2025-10-11T01:02:35 <p>Information published.</p> xfrm: xfrm_alloc_spi shouldn't use 0 as SPI <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39965 20551-17084 20553-17084 20551-17084 20553-17084 Moderate 20551-17084 Moderate 20553-17084 5.6 5.6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H 20551-17084 5.6 5.6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-15T01:01:28 <p>Information published.</p> crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39964 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-15T01:01:33 <p>Information published.</p> fbcon: fix integer overflow in fbcon_do_set_font <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39967 20412-17084 20553-17084 20412-17084 20553-17084 Critical 20412-17084 Critical 20553-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20412-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-16T01:01:26 <p>Information published.</p> i40e: fix input validation logic for action_meta <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39970 20412-17084 20553-17084 20412-17084 20553-17084 Critical 20412-17084 Critical 20553-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20412-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-16T01:01:31 <p>Information published.</p> can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39985 20412-17084 20553-17084 20412-17084 20553-17084 Critical 20412-17084 Critical 20553-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20412-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-16T01:01:37 <p>Information published.</p> i40e: add validation for ring_len param <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39973 20412-17084 20553-17084 20412-17084 20553-17084 Critical 20412-17084 Critical 20553-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20412-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-16T01:02:16 <p>Information published.</p> media: rc: fix races with imon_disconnect() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39993 20412-17084 20412-17084 Important 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20412-17084 1.0 2025-10-16T01:02:22 <p>Information published.</p> bpf: Check the helper function is valid in get_helper_proto <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39990 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 21094-17084 21248-17084 21332-17084 20553-17084 20956-17084 21308-17084 21344-17084 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 21094-17084 21248-17084 21332-17084 20553-17084 20956-17084 21308-17084 21344-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 21332-17084 Moderate 20553-17084 Moderate 20956-17084 Moderate 21308-17084 Moderate 21344-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20412-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20613-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20725-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20788-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20823-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20860-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 21094-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 21248-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 21332-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20553-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20956-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 21308-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 21344-17084 2.0 2025-12-07T01:38:28 <p>Information published.</p> 3.0 2026-01-08T14:49:29 <p>Information published.</p> 4.0 2026-01-20T14:44:31 <p>Information published.</p> 5.0 2026-02-18T15:01:37 <p>Information published.</p> 6.0 2026-03-04T14:40:30 <p>Information published.</p> 7.0 2026-03-31T14:40:34 <p>Information published.</p> 8.0 2026-04-29T14:46:03 <p>Information published.</p> 1.0 2025-10-16T01:03:00 <p>Information published.</p> 9.0 2026-05-06T14:41:18 <p>Information published.</p> 10.0 2026-05-11T01:40:13 <p>Information published.</p> 11.0 2026-05-17T14:41:05 <p>Information published.</p> Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39982 20412-17084 20553-17084 20412-17084 20553-17084 Important 20412-17084 Important 20553-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-16T01:03:06 <p>Information published.</p> Squid vulnerable to information disclosure via authentication credential leakage in error handling <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-62168 Generation of Error Message Containing Sensitive Information 20164-17084 20565-17084 20164-17084 20565-17084 Critical 20164-17084 Critical 20565-17084 10.0 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N 20164-17084 10.0 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N 20565-17084 CBL-Mariner Releases 20164-17084 20565-17084 No Security Update 6.13-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20164-17084 20565-17084 CBL-Mariner Releases 1.0 2025-10-19T01:01:13 <p>Information published.</p> XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-31573 Incorrect Resource Transfer Between Spheres 20189-17086 19822-17084 20189-17086 19822-17084 Moderate 20189-17086 Moderate 19822-17084 4.0 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 20189-17086 4.0 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 19822-17084 1.0 2025-10-19T01:01:21 <p>Information published.</p> net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40003 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20860-17084 20956-17084 21094-17084 20823-17084 21248-17084 21308-17084 21332-17084 21344-17084 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20860-17084 20956-17084 21094-17084 20823-17084 21248-17084 21308-17084 21332-17084 21344-17084 Important 20412-17084 Important 20553-17084 Important 20613-17084 Important 20725-17084 Important 20788-17084 Important 20860-17084 Important 20956-17084 Important 21094-17084 Important 20823-17084 Important 21248-17084 Important 21308-17084 Important 21332-17084 Important 21344-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20553-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20613-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20725-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20788-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20860-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20956-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21094-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20823-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21248-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21308-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21332-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21344-17084 1.0 2025-10-19T01:01:44 <p>Information published.</p> 2.0 2025-12-07T01:38:38 <p>Information published.</p> 3.0 2026-01-08T14:49:37 <p>Information published.</p> 4.0 2026-01-20T14:44:42 <p>Information published.</p> 6.0 2026-03-04T14:40:38 <p>Information published.</p> 7.0 2026-03-31T14:43:30 <p>Information published.</p> 8.0 2026-04-29T14:46:17 <p>Information published.</p> 5.0 2026-02-18T15:04:08 <p>Information published.</p> 9.0 2026-05-06T14:41:27 <p>Information published.</p> 10.0 2026-05-11T01:40:22 <p>Information published.</p> 11.0 2026-05-17T14:41:16 <p>Information published.</p> scsi: mvsas: Fix use-after-free bugs in mvs_work_queue <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40001 20412-17084 20553-17084 20613-17084 20412-17084 20553-17084 20613-17084 Important 20412-17084 Important 20553-17084 Important 20613-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20553-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-10-19T01:01:49 <p>Information published.</p> 2.0 2025-12-07T01:38:50 <p>Information published.</p> spi: cadence-quadspi: Implement refcount to handle unbind during busy <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40005 20613-17084 20823-17084 20860-17084 20925-17086 21093-17086 20412-17084 20553-17084 20725-17084 20788-17084 17087-17086 20613-17084 20823-17084 20860-17084 20925-17086 21093-17086 20412-17084 20553-17084 20725-17084 20788-17084 17087-17086 Moderate 20613-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 21093-17086 Moderate 20412-17084 Moderate 20553-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 17087-17086 6.6 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 20613-17084 6.6 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 20823-17084 6.6 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 6.6 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 20412-17084 6.6 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 20553-17084 6.6 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 20725-17084 6.6 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20860-17084 No Security Update 6.6.126.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20860-17084 CBL-Mariner Releases 2.0 2025-12-07T01:39:00 <p>Information published.</p> 5.0 2026-02-18T15:04:55 <p>Information published.</p> 6.0 2026-02-27T14:36:16 <p>Information published.</p> 7.0 2026-02-28T01:01:27 <p>Information published.</p> 9.0 2026-03-02T14:36:31 <p>Information published.</p> 10.0 2026-03-03T14:56:59 <p>Information published.</p> 1.0 2025-10-22T01:01:31 <p>Information published.</p> 3.0 2026-01-08T14:49:45 <p>Information published.</p> 4.0 2026-01-20T14:44:52 <p>Information published.</p> 8.0 2026-02-28T01:36:48 <p>Information published.</p> 11.0 2026-03-31T15:16:12 <p>Information published.</p> afs: Fix potential null pointer dereference in afs_put_server <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40010 20553-17084 20412-17084 20553-17084 20412-17084 Moderate 20553-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 1.0 2025-10-22T01:01:41 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-53042 Uncontrolled Resource Consumption 19570-17086 20440-17084 19570-17086 20440-17084 Moderate 19570-17086 Moderate 20440-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19570-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20440-17084 CBL-Mariner Releases 19570-17086 20440-17084 No Security Update 8.0.44-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19570-17086 20440-17084 CBL-Mariner Releases 1.0 2025-10-23T01:05:53 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-53040 Uncontrolled Resource Consumption 20440-17084 19570-17086 20440-17084 19570-17086 Moderate 20440-17084 Moderate 19570-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20440-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19570-17086 CBL-Mariner Releases 20440-17084 19570-17086 No Security Update 8.0.44-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20440-17084 19570-17086 CBL-Mariner Releases 1.0 2025-10-23T01:06:07 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-53062 Uncontrolled Resource Consumption 20440-17084 19570-17086 20440-17084 19570-17086 Moderate 20440-17084 Moderate 19570-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20440-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19570-17086 CBL-Mariner Releases 20440-17084 No Security Update 8.0.44-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20440-17084 CBL-Mariner Releases 1.0 2025-10-23T01:06:15 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-53053 Uncontrolled Resource Consumption 20440-17084 19570-17086 20440-17084 19570-17086 Moderate 20440-17084 Moderate 19570-17086 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 20440-17084 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 19570-17086 CBL-Mariner Releases 20440-17084 No Security Update 8.0.44-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20440-17084 CBL-Mariner Releases 1.0 2025-10-23T01:06:22 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-53069 Allocation of Resources Without Limits or Throttling 20440-17084 19570-17086 20440-17084 19570-17086 Moderate 20440-17084 Moderate 19570-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20440-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19570-17086 CBL-Mariner Releases 20440-17084 No Security Update 8.0.44-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20440-17084 CBL-Mariner Releases 1.0 2025-10-23T01:06:30 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-53045 Uncontrolled Resource Consumption 20440-17084 19570-17086 20440-17084 19570-17086 Moderate 20440-17084 Moderate 19570-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20440-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19570-17086 CBL-Mariner Releases 20440-17084 19570-17086 No Security Update 8.0.44-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20440-17084 19570-17086 CBL-Mariner Releases 1.0 2025-10-23T01:06:38 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-53054 Uncontrolled Resource Consumption 20440-17084 19570-17086 20440-17084 19570-17086 Moderate 20440-17084 Moderate 19570-17086 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 20440-17084 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 19570-17086 CBL-Mariner Releases 20440-17084 No Security Update 8.0.44-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20440-17084 CBL-Mariner Releases 1.0 2025-10-23T01:06:45 <p>Information published.</p> LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-62813 Improper Neutralization of Null Byte or NUL Character 20592-17086 20610-17086 20619-17084 20620-17084 20744-17084 20586-17084 20440-17084 19570-17086 20609-17086 20822-17084 20592-17086 20610-17086 20619-17084 20620-17084 20744-17084 20586-17084 20440-17084 19570-17086 20609-17086 20822-17084 Moderate 20592-17086 Moderate 20610-17086 Moderate 20619-17084 Moderate 20620-17084 Moderate 20744-17084 Moderate 20586-17084 Moderate 20440-17084 Moderate 19570-17086 Moderate 20609-17086 Moderate 20822-17084 5.9 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H 20592-17086 5.9 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H 20610-17086 5.9 5.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U 20619-17084 5.9 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H 20620-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20744-17084 5.9 5.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U 20586-17084 5.9 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H 20440-17084 5.9 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H 19570-17086 5.9 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H 20609-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20822-17084 CBL-Mariner Releases 20592-17086 20619-17084 20586-17084 20609-17086 No Security Update 1.9.4-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20592-17086 20619-17084 20586-17084 20609-17086 CBL-Mariner Releases CBL-Mariner Releases 20610-17086 20620-17084 20440-17084 19570-17086 No Security Update 8.0.44-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20610-17086 20620-17084 20440-17084 19570-17086 CBL-Mariner Releases 2.0 2026-01-20T01:01:40 <p>Information published.</p> 3.0 2026-01-21T01:43:26 <p>Information published.</p> 1.0 2025-10-24T01:02:42 <p>Information published.</p> Cache poisoning attacks with unsolicited RRs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner isc Yes CVE-2025-40778 Acceptance of Extraneous Untrusted Data With Trusted Data 20621-17084 20589-17086 20336-17084 20621-17084 20589-17086 20336-17084 Important 20621-17084 Important 20589-17086 Important 20336-17084 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N 20621-17084 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N 20589-17086 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N 20336-17084 CBL-Mariner Releases 20589-17086 No Security Update 9.16.50-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20589-17086 CBL-Mariner Releases 2.0 2025-11-25T01:38:19 <p>Information published.</p> 1.0 2025-10-25T01:01:20 <p>Information published.</p> Resource exhaustion via malformed DNSKEY handling <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner isc Yes CVE-2025-8677 Asymmetric Resource Consumption (Amplification) 20621-17084 20589-17086 20336-17084 20621-17084 20589-17086 20336-17084 Important 20621-17084 Important 20589-17086 Important 20336-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20621-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20589-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20336-17084 CBL-Mariner Releases 20589-17086 No Security Update 9.16.50-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20589-17086 CBL-Mariner Releases 2.0 2025-11-25T01:38:30 <p>Information published.</p> 1.0 2025-10-25T01:01:37 <p>Information published.</p> crypto: essiv - Check ssize for decryption and in-place encryption <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40019 20613-17084 20553-17084 20613-17084 20553-17084 Moderate 20613-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 2.0 2025-12-07T01:39:24 <p>Information published.</p> 1.0 2025-10-25T14:01:24 <p>Information published.</p> GNU Binutils prdbg.c tg_tag_type return value <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-11839 Unchecked Return Value 20568-17084 20618-17084 20525-17086 20599-17086 20936-17086 21200-17084 20568-17084 20618-17084 20525-17086 20599-17086 20936-17086 21200-17084 Low 20568-17084 Low 20618-17084 Low 20525-17086 Low 20599-17086 Low 20936-17086 Low 21200-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 20568-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 20618-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 20525-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 20599-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 20936-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 21200-17084 CBL-Mariner Releases 20618-17084 21200-17084 No Security Update 2.41-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20618-17084 21200-17084 CBL-Mariner Releases CBL-Mariner Releases 20599-17086 20936-17086 No Security Update 2.37-20 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20599-17086 20936-17086 CBL-Mariner Releases 2.0 2026-02-19T01:41:34 <p>Information published.</p> 3.0 2026-03-03T14:40:04 <p>Information published.</p> 4.0 2026-04-14T01:37:48 <p>Information published.</p> 1.0 2025-10-25T14:01:37 <p>Information published.</p> 5.0 2026-04-14T14:38:38 <p>Information published.</p> quic-go has Client Crash Due to Premature HANDSHAKE_DONE Frame <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-59530 Reachable Assertion 20590-17084 20591-17086 20590-17084 20591-17086 Important 20590-17084 Important 20591-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20590-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20591-17086 CBL-Mariner Releases 20590-17084 No Security Update 1.11.4-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20590-17084 CBL-Mariner Releases CBL-Mariner Releases 20591-17086 No Security Update 1.11.1-24 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20591-17086 CBL-Mariner Releases 1.0 2025-10-25T14:01:47 <p>Information published.</p> vhost: Take a reference on the task in struct vhost_task. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40024 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-26T01:01:14 <p>Information published.</p> can: peak_usb: fix shift-out-of-bounds issue <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40020 20553-17084 20553-17084 Important 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-26T01:01:30 <p>Information published.</p> tracing: dynevent: Add a missing lockdown check on dynevent <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40021 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-26T01:01:36 <p>Information published.</p> KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40038 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20553-17084 1.0 2025-10-29T01:01:49 <p>Information published.</p> tracing: Fix race condition in kprobe initialization causing NULL pointer dereference <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40042 20613-17084 20553-17084 20613-17084 20553-17084 Moderate 20613-17084 Moderate 20553-17084 4.7 4.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20613-17084 4.7 4.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20553-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-10-29T01:01:54 <p>Information published.</p> 2.0 2025-12-07T01:39:37 <p>Information published.</p> bus: fsl-mc: Check return value of platform_get_resource() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40029 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-29T01:02:00 <p>Information published.</p> RDMA/rxe: Fix race in do_task() when draining <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40061 20553-17084 20553-17084 Moderate 20553-17084 6.6 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-29T01:02:05 <p>Information published.</p> bpf: Explicitly check accesses to bpf_sock_addr <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40078 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-29T01:02:11 <p>Information published.</p> fs: udf: fix OOB read in lengthAllocDescs handling <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40044 20553-17084 20553-17084 Moderate 20553-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-29T01:02:16 <p>Information published.</p> smb: client: fix crypto buffers in non-linear memory <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40052 20553-17084 20553-17084 Moderate 20553-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-29T01:02:22 <p>Information published.</p> pinctrl: check the return value of pinmux_ops::get_function_name() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40030 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-29T01:02:27 <p>Information published.</p> Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40035 20553-17084 20553-17084 Moderate 20553-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-29T01:02:33 <p>Information published.</p> net: dlink: handle copy_thresh allocation failure <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40053 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-29T01:02:38 <p>Information published.</p> ocfs2: fix double free in user_cluster_connect() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40055 20553-17084 20553-17084 Important 20553-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 1.0 2025-10-29T01:02:49 <p>Information published.</p> vhost: vringh: Fix copy_to_iter return value check <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40056 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-29T01:02:59 <p>Information published.</p> mm/ksm: fix flag-dropping behavior in ksm_madvise <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40040 20613-17084 17087-17086 20553-17084 20613-17084 17087-17086 20553-17084 Moderate 20613-17084 Moderate 17087-17086 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 2.0 2025-12-07T01:39:48 <p>Information published.</p> 5.0 2026-03-03T14:57:39 <p>Information published.</p> 1.0 2025-10-29T01:03:05 <p>Information published.</p> 3.0 2026-02-28T01:01:37 <p>Information published.</p> 4.0 2026-03-02T14:36:41 <p>Information published.</p> KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40026 20553-17084 20553-17084 Low 20553-17084 3.6 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U 20553-17084 1.0 2025-10-29T01:03:10 <p>Information published.</p> coresight: trbe: Return NULL pointer for allocation failures <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40060 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 1.0 2025-10-29T01:03:16 <p>Information published.</p> nbd: restrict sockets to TCP and UDP <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40080 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-29T01:03:21 <p>Information published.</p> PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40032 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 1.0 2025-10-29T01:03:26 <p>Information published.</p> remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40033 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 1.0 2025-10-29T01:03:37 <p>Information published.</p> ipv4: start using dst_dev_rcu() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40074 20613-17084 20725-17084 20823-17084 21094-17084 21248-17084 21332-17084 20553-17084 20788-17084 20860-17084 20956-17084 21308-17084 21344-17084 20613-17084 20725-17084 20823-17084 21094-17084 21248-17084 21332-17084 20553-17084 20788-17084 20860-17084 20956-17084 21308-17084 21344-17084 Important 20613-17084 Important 20725-17084 Important 20823-17084 Important 21094-17084 Important 21248-17084 Important 21332-17084 Important 20553-17084 Important 20788-17084 Important 20860-17084 Important 20956-17084 Important 21308-17084 Important 21344-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20613-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20725-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20823-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21094-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21248-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21332-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20788-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20860-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20956-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21308-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21344-17084 2.0 2025-12-07T01:39:59 <p>Information published.</p> 4.0 2026-01-20T14:45:13 <p>Information published.</p> 5.0 2026-02-19T01:44:09 <p>Information published.</p> 6.0 2026-03-04T14:40:44 <p>Information published.</p> 7.0 2026-03-31T14:50:15 <p>Information published.</p> 8.0 2026-04-29T14:46:30 <p>Information published.</p> 10.0 2026-05-11T01:40:31 <p>Information published.</p> 1.0 2025-10-29T01:03:43 <p>Information published.</p> 3.0 2026-01-08T14:49:54 <p>Information published.</p> 9.0 2026-05-06T14:41:35 <p>Information published.</p> 11.0 2026-05-17T14:41:26 <p>Information published.</p> net: nfc: nci: Add parameter validation for packet data <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40043 20553-17084 20553-17084 Moderate 20553-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 20553-17084 1.0 2025-10-29T01:03:54 <p>Information published.</p> ksmbd: Fix race condition in RPC handle list access <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40039 20925-17086 21093-17086 20553-17084 17087-17086 20925-17086 21093-17086 20553-17084 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Important 20553-17084 Moderate 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 4.0 2026-03-03T14:57:16 <p>Information published.</p> 5.0 2026-03-31T15:16:27 <p>Information published.</p> 1.0 2025-10-29T01:03:59 <p>Information published.</p> 2.0 2026-02-28T01:01:32 <p>Information published.</p> 3.0 2026-03-02T14:36:36 <p>Information published.</p> misc: fastrpc: fix possible map leak in fastrpc_put_args <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40036 20553-17084 20553-17084 Important 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20553-17084 1.0 2025-10-29T01:04:04 <p>Information published.</p> uio_hv_generic: Let userspace take care of interrupt mask <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40048 20553-17084 20553-17084 Important 20553-17084 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-29T01:04:10 <p>Information published.</p> perf: arm_spe: Prevent overflow in PERF_IDX2OFF() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40081 20553-17084 20553-17084 Important 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-29T01:04:15 <p>Information published.</p> Squashfs: fix uninit-value in squashfs_get_parent <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40049 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-29T01:04:20 <p>Information published.</p> GNU Binutils ldmisc.c vfinfo out-of-bounds <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-11840 Out-of-bounds Read 20525-17086 20568-17084 20599-17086 20525-17086 20568-17084 20599-17086 Low 20525-17086 Low 20568-17084 Low 20599-17086 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 20525-17086 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 20568-17084 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 20599-17086 1.0 2025-10-29T01:04:28 <p>Information published.</p> net/9p: fix double req put in p9_fd_cancelled <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40027 20553-17084 20553-17084 Low 20553-17084 2.5 2.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-29T01:04:34 <p>Information published.</p> RISC-V: KVM: Write hgatp register with valid mode bits <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40065 20725-17084 20956-17084 21094-17084 21248-17084 20553-17084 20613-17084 20788-17084 20823-17084 20860-17084 21308-17084 21332-17084 21344-17084 20725-17084 20956-17084 21094-17084 21248-17084 20553-17084 20613-17084 20788-17084 20823-17084 20860-17084 21308-17084 21332-17084 21344-17084 Important 20725-17084 Important 20956-17084 Important 21094-17084 Important 21248-17084 Important 20553-17084 Important 20613-17084 Important 20788-17084 Important 20823-17084 Important 20860-17084 Important 21308-17084 Important 21332-17084 Important 21344-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20725-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20956-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21094-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21248-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20613-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20788-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20823-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20860-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21308-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21332-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21344-17084 2.0 2025-12-07T01:40:20 <p>Information published.</p> 4.0 2026-01-20T14:45:33 <p>Information published.</p> 8.0 2026-04-29T14:46:59 <p>Information published.</p> 1.0 2025-10-29T01:04:39 <p>Information published.</p> 3.0 2026-01-08T14:50:12 <p>Information published.</p> 5.0 2026-02-19T01:44:58 <p>Information published.</p> 6.0 2026-03-04T14:40:58 <p>Information published.</p> 7.0 2026-03-31T14:51:00 <p>Information published.</p> 9.0 2026-05-06T14:41:54 <p>Information published.</p> 10.0 2026-05-11T01:40:48 <p>Information published.</p> 11.0 2026-05-17T14:41:47 <p>Information published.</p> tcp_metrics: use dst_dev_net_rcu() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40075 20613-17084 20725-17084 20823-17084 20956-17084 21248-17084 21308-17084 20553-17084 20788-17084 20860-17084 21094-17084 21332-17084 21344-17084 20613-17084 20725-17084 20823-17084 20956-17084 21248-17084 21308-17084 20553-17084 20788-17084 20860-17084 21094-17084 21332-17084 21344-17084 Important 20613-17084 Important 20725-17084 Important 20823-17084 Important 20956-17084 Important 21248-17084 Important 21308-17084 Important 20553-17084 Important 20788-17084 Important 20860-17084 Important 21094-17084 Important 21332-17084 Important 21344-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20613-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20725-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20823-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20956-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21248-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21308-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20788-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20860-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21094-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21332-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21344-17084 3.0 2026-01-08T14:50:20 <p>Information published.</p> 4.0 2026-01-20T14:45:44 <p>Information published.</p> 7.0 2026-03-31T14:51:25 <p>Information published.</p> 8.0 2026-04-29T14:47:12 <p>Information published.</p> 1.0 2025-10-29T01:04:44 <p>Information published.</p> 2.0 2025-12-07T01:40:31 <p>Information published.</p> 5.0 2026-02-21T03:27:52 <p>Information published.</p> 6.0 2026-03-04T14:41:05 <p>Information published.</p> 9.0 2026-05-06T14:42:02 <p>Information published.</p> 10.0 2026-05-11T01:40:57 <p>Information published.</p> 11.0 2026-05-17T14:41:57 <p>Information published.</p> ptp: Add a upper bound on max_vclocks <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40057 20613-17084 20725-17084 20788-17084 20823-17084 20956-17084 21094-17084 21248-17084 20553-17084 20860-17084 21308-17084 21332-17084 21344-17084 20613-17084 20725-17084 20788-17084 20823-17084 20956-17084 21094-17084 21248-17084 20553-17084 20860-17084 21308-17084 21332-17084 21344-17084 Important 20613-17084 Important 20725-17084 Important 20788-17084 Important 20823-17084 Important 20956-17084 Important 21094-17084 Important 21248-17084 Important 20553-17084 Important 20860-17084 Important 21308-17084 Important 21332-17084 Important 21344-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20613-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20725-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20788-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20823-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20956-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21094-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21248-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20860-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21308-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21332-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21344-17084 2.0 2025-12-07T01:40:40 <p>Information published.</p> 3.0 2026-01-08T14:50:28 <p>Information published.</p> 4.0 2026-01-20T14:45:54 <p>Information published.</p> 7.0 2026-03-31T14:51:50 <p>Information published.</p> 8.0 2026-04-29T14:47:25 <p>Information published.</p> 10.0 2026-05-11T01:41:05 <p>Information published.</p> 1.0 2025-10-29T01:04:50 <p>Information published.</p> 5.0 2026-02-21T03:28:47 <p>Information published.</p> 6.0 2026-03-04T14:41:12 <p>Information published.</p> 9.0 2026-05-06T14:42:12 <p>Information published.</p> 11.0 2026-05-17T14:42:08 <p>Information published.</p> fs: ntfs3: Fix integer overflow in run_unpack() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40068 20553-17084 20553-17084 Important 20553-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-29T01:04:55 <p>Information published.</p> riscv, bpf: Sign extend struct ops return values properly <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40079 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 1.0 2025-10-29T01:05:01 <p>Information published.</p> tty: n_gsm: Don't block input queue by waiting MSC <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40071 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-10-29T01:05:06 <p>Information published.</p> Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2025-12058 Deserialization of Untrusted Data 20630-17084 20859-17084 21265-17084 20558-17084 20026-17086 20630-17084 20859-17084 21265-17084 20558-17084 20026-17086 Moderate 20630-17084 Moderate 20859-17084 Moderate 21265-17084 Moderate 20558-17084 Moderate 20026-17086 1.0 2025-10-31T01:03:15 <p>Information published.</p> 3.0 2026-04-29T14:47:39 <p>Information published.</p> 2.0 2026-02-18T01:52:30 <p>Information published.</p> ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40085 20553-17084 20613-17084 20553-17084 20613-17084 Moderate 20553-17084 Moderate 20613-17084 5.8 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H 20553-17084 5.8 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-10-31T01:03:31 <p>Information published.</p> 2.0 2025-12-07T01:41:15 <p>Information published.</p> Unbounded allocation when parsing GNU sparse map in archive/tar <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2025-58183 20522-17086 19792-17086 20581-17084 20523-17086 19712-17086 17793-17084 20539-17086 19693-17084 17667-17084 20597-17086 20709-17084 20738-17084 20707-17084 20740-17084 20742-17084 20863-17084 20973-17084 21051-17084 21113-17084 20536-17086 18447-17086 20519-17086 20387-17086 20595-17086 18315-17084 19613-17084 20074-17084 20596-17084 19729-17084 19668-17086 20583-17084 20699-17086 20700-17086 20701-17086 20702-17086 21203-17084 20522-17086 19792-17086 20581-17084 20523-17086 19712-17086 17793-17084 20539-17086 19693-17084 17667-17084 20597-17086 20709-17084 20738-17084 20707-17084 20740-17084 20742-17084 20863-17084 20973-17084 21051-17084 21113-17084 20536-17086 18447-17086 20519-17086 20387-17086 20595-17086 18315-17084 19613-17084 20074-17084 20596-17084 19729-17084 19668-17086 20583-17084 20699-17086 20700-17086 20701-17086 20702-17086 21203-17084 Moderate 20522-17086 Moderate 19792-17086 Moderate 20581-17084 Moderate 20523-17086 Moderate 19712-17086 Moderate 17793-17084 Moderate 20539-17086 Moderate 19693-17084 Moderate 17667-17084 Moderate 20597-17086 Moderate 20709-17084 Moderate 20738-17084 Moderate 20707-17084 Moderate 20740-17084 Moderate 20742-17084 Moderate 20863-17084 Moderate 20973-17084 Moderate 21051-17084 Moderate 21113-17084 Moderate 20536-17086 Moderate 18447-17086 Moderate 20519-17086 Moderate 20387-17086 Moderate 20595-17086 Moderate 18315-17084 Moderate 19613-17084 Moderate 20074-17084 Moderate 20596-17084 Moderate 19729-17084 Moderate 19668-17086 Moderate 20583-17084 Moderate 20699-17086 Moderate 20700-17086 Moderate 20701-17086 Moderate 20702-17086 Moderate 21203-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20522-17086 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H 19792-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20581-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H 20523-17086 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H 19712-17086 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H 17793-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20539-17086 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H 19693-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H 17667-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H 20597-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20709-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20738-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 20707-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20740-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20742-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 20863-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 20973-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 21051-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 21113-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20536-17086 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H 18447-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20519-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20387-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20595-17086 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18315-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20074-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H 20596-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 19729-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H 19668-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20583-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20699-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20700-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20701-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20702-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 21203-17084 CBL-Mariner Releases 20522-17086 20700-17086 No Security Update 1.22.3-17 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20522-17086 20700-17086 CBL-Mariner Releases CBL-Mariner Releases 20581-17084 20709-17084 No Security Update 1.57.0-17 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20581-17084 20709-17084 CBL-Mariner Releases CBL-Mariner Releases 20539-17086 20702-17086 No Security Update 1.14.2-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20539-17086 20702-17086 CBL-Mariner Releases CBL-Mariner Releases 20738-17084 19613-17084 No Security Update 2.62.0-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20738-17084 19613-17084 CBL-Mariner Releases CBL-Mariner Releases 20740-17084 19729-17084 No Security Update 25.0.3-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20740-17084 19729-17084 CBL-Mariner Releases CBL-Mariner Releases 20742-17084 20583-17084 No Security Update 1.14.4-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20742-17084 20583-17084 CBL-Mariner Releases CBL-Mariner Releases 20536-17086 20699-17086 No Security Update 1.55.0-26 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20536-17086 20699-17086 CBL-Mariner Releases CBL-Mariner Releases 20595-17086 20701-17086 No Security Update 24.0.9-19 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20595-17086 20701-17086 CBL-Mariner Releases 1.0 2025-10-31T01:04:32 <p>Information published.</p> 2.0 2025-11-25T01:39:20 <p>Information published.</p> 3.0 2025-12-01T01:38:01 <p>Information published.</p> 4.0 2025-12-03T01:36:14 <p>Information published.</p> 6.0 2025-12-07T01:41:55 <p>Information published.</p> 8.0 2025-12-13T01:37:17 <p>Information published.</p> 9.0 2026-02-18T02:03:01 <p>Information published.</p> 11.0 2026-03-12T01:36:32 <p>Information published.</p> 5.0 2025-12-06T14:38:33 <p>Information published.</p> 7.0 2025-12-12T01:36:52 <p>Information published.</p> 10.0 2026-03-04T14:41:19 <p>Information published.</p> 12.0 2026-03-31T14:57:11 <p>Information published.</p> 13.0 2026-04-14T14:38:44 <p>Information published.</p> Excessive CPU consumption in ParseAddress in net/mail <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2025-61725 20387-17086 18315-17084 19712-17086 20596-17084 19668-17086 17667-17084 20597-17086 20707-17084 20863-17084 20973-17084 21051-17084 21113-17084 18447-17086 20519-17086 20523-17086 20074-17084 19693-17084 21203-17084 20387-17086 18315-17084 19712-17086 20596-17084 19668-17086 17667-17084 20597-17086 20707-17084 20863-17084 20973-17084 21051-17084 21113-17084 18447-17086 20519-17086 20523-17086 20074-17084 19693-17084 21203-17084 Moderate 20387-17086 Moderate 18315-17084 Moderate 19712-17086 Moderate 20596-17084 Moderate 19668-17086 Moderate 17667-17084 Moderate 20597-17086 Important 20707-17084 Important 20863-17084 Important 20973-17084 Important 21051-17084 Important 21113-17084 Moderate 18447-17086 Moderate 20519-17086 Moderate 20523-17086 Moderate 20074-17084 Moderate 19693-17084 Important 21203-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20387-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18315-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19712-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20596-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19668-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17667-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20597-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20707-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20863-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20973-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21051-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21113-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18447-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20519-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20523-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20074-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21203-17084 3.0 2025-12-12T01:37:32 <p>Information published.</p> 6.0 2026-03-04T14:41:48 <p>Information published.</p> 7.0 2026-03-12T01:36:48 <p>Information published.</p> 8.0 2026-03-31T14:57:32 <p>Information published.</p> 1.0 2025-10-31T01:05:04 <p>Information published.</p> 2.0 2025-12-07T01:43:44 <p>Information published.</p> 4.0 2025-12-13T01:37:56 <p>Information published.</p> 5.0 2026-02-18T02:06:29 <p>Information published.</p> 9.0 2026-04-14T14:39:06 <p>Information published.</p> Insufficient validation of bracketed IPv6 hostnames in net/url <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2025-47912 20519-17086 20387-17086 20523-17086 18315-17084 20074-17084 19693-17084 20687-17086 20707-17084 20867-17086 20863-17084 18447-17086 19712-17086 20596-17084 19668-17086 17667-17084 20597-17086 20519-17086 20387-17086 20523-17086 18315-17084 20074-17084 19693-17084 20687-17086 20707-17084 20867-17086 20863-17084 18447-17086 19712-17086 20596-17084 19668-17086 17667-17084 20597-17086 Important 20519-17086 Important 20387-17086 Important 20523-17086 Important 18315-17084 Important 20074-17084 Important 19693-17084 Important 20687-17086 Moderate 20707-17084 Important 20867-17086 Moderate 20863-17084 Important 18447-17086 Important 19712-17086 Important 20596-17084 Important 19668-17086 Important 17667-17084 Important 20597-17086 7.7 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L 20519-17086 7.7 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L 20387-17086 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 20523-17086 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 18315-17084 7.7 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L 20074-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 19693-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 20687-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 20707-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 20867-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 20863-17084 7.7 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L 18447-17086 7.7 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L 19712-17086 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 20596-17084 7.7 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L 19668-17086 7.7 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L 17667-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 20597-17086 1.0 2025-10-31T01:05:35 <p>Information published.</p> 2.0 2025-12-06T14:38:54 <p>Information published.</p> 3.0 2025-12-07T01:42:53 <p>Information published.</p> 4.0 2025-12-12T01:37:27 <p>Information published.</p> 5.0 2025-12-13T01:37:52 <p>Information published.</p> 6.0 2026-02-18T02:10:50 <p>Information published.</p> Lack of limit when parsing cookies can cause memory exhaustion in net/http <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2025-58186 18447-17086 20519-17086 18315-17084 20074-17084 19668-17086 17667-17084 20597-17086 20687-17086 20707-17084 20973-17084 21051-17084 21117-17086 20387-17086 20523-17086 20596-17084 19712-17086 19693-17084 20867-17086 20863-17084 20942-17086 21113-17084 21203-17084 18447-17086 20519-17086 18315-17084 20074-17084 19668-17086 17667-17084 20597-17086 20687-17086 20707-17084 20973-17084 21051-17084 21117-17086 20387-17086 20523-17086 20596-17084 19712-17086 19693-17084 20867-17086 20863-17084 20942-17086 21113-17084 21203-17084 Moderate 18447-17086 Moderate 20519-17086 Moderate 18315-17084 Moderate 20074-17084 Moderate 19668-17086 Moderate 17667-17084 Moderate 20597-17086 Moderate 20687-17086 Moderate 20707-17084 Moderate 20973-17084 Moderate 21051-17084 Moderate 21117-17086 Moderate 20387-17086 Moderate 20523-17086 Moderate 20596-17084 Moderate 19712-17086 Moderate 19693-17084 Moderate 20867-17086 Moderate 20863-17084 Moderate 20942-17086 Moderate 21113-17084 Moderate 21203-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 18447-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20519-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 18315-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20074-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19668-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17667-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20597-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20687-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20707-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20973-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 21051-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 21117-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20387-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20523-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20596-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19712-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19693-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20867-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20863-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20942-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 21113-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 21203-17084 3.0 2025-12-07T01:42:10 <p>Information published.</p> 5.0 2025-12-13T01:37:22 <p>Information published.</p> 6.0 2026-02-18T02:17:59 <p>Information published.</p> 7.0 2026-03-03T14:44:58 <p>Information published.</p> 8.0 2026-03-04T14:41:26 <p>Information published.</p> 9.0 2026-03-12T01:36:37 <p>Information published.</p> 10.0 2026-03-31T14:55:35 <p>Information published.</p> 11.0 2026-04-14T14:38:50 <p>Information published.</p> 1.0 2025-10-31T01:06:39 <p>Information published.</p> 2.0 2025-12-06T14:38:38 <p>Information published.</p> 4.0 2025-12-12T01:36:57 <p>Information published.</p> Excessive CPU consumption in Reader.ReadResponse in net/textproto <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2025-61724 20523-17086 19712-17086 19668-17086 19693-17084 17667-17084 20597-17086 20687-17086 20707-17084 20973-17084 21051-17084 21117-17086 21113-17084 18447-17086 20519-17086 20387-17086 18315-17084 20074-17084 20596-17084 20867-17086 20863-17084 20942-17086 21203-17084 20523-17086 19712-17086 19668-17086 19693-17084 17667-17084 20597-17086 20687-17086 20707-17084 20973-17084 21051-17084 21117-17086 21113-17084 18447-17086 20519-17086 20387-17086 18315-17084 20074-17084 20596-17084 20867-17086 20863-17084 20942-17086 21203-17084 Moderate 20523-17086 Moderate 19712-17086 Moderate 19668-17086 Moderate 19693-17084 Moderate 17667-17084 Moderate 20597-17086 Low 20687-17086 Moderate 20707-17084 Low 20973-17084 Low 21051-17084 Low 21117-17086 Low 21113-17084 Moderate 18447-17086 Moderate 20519-17086 Moderate 20387-17086 Moderate 18315-17084 Moderate 20074-17084 Moderate 20596-17084 Low 20867-17086 Low 20863-17084 Low 20942-17086 Low 21203-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20523-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19712-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19668-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19693-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 17667-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20597-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20687-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20707-17084 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20973-17084 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 21051-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 21117-17086 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 21113-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 18447-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20519-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20387-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 18315-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20074-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20596-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20867-17086 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20863-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20942-17086 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 21203-17084 2.0 2025-12-06T14:39:04 <p>Information published.</p> 3.0 2025-12-07T01:43:23 <p>Information published.</p> 3.1 2025-12-08T14:35:10 <p>Information published.</p> 7.0 2026-03-03T14:45:34 <p>Information published.</p> 9.0 2026-03-12T01:36:43 <p>Information published.</p> 1.0 2025-10-31T01:07:11 <p>Information published.</p> 4.0 2025-12-12T01:37:01 <p>Information published.</p> 5.0 2025-12-13T01:37:27 <p>Information published.</p> 6.0 2026-02-18T02:21:43 <p>Information published.</p> 8.0 2026-03-04T14:41:33 <p>Information published.</p> 10.0 2026-03-31T14:56:46 <p>Information published.</p> 11.0 2026-04-14T14:38:55 <p>Information published.</p> Quadratic complexity when parsing some invalid inputs in encoding/pem <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2025-61723 18447-17086 20523-17086 18315-17084 19712-17086 19668-17086 17667-17084 20597-17086 20707-17084 20519-17086 20387-17086 20074-17084 20596-17084 19693-17084 20687-17086 20867-17086 20863-17084 18447-17086 20523-17086 18315-17084 19712-17086 19668-17086 17667-17084 20597-17086 20707-17084 20519-17086 20387-17086 20074-17084 20596-17084 19693-17084 20687-17086 20867-17086 20863-17084 Important 18447-17086 Important 20523-17086 Important 18315-17084 Important 19712-17086 Important 19668-17086 Important 17667-17084 Important 20597-17086 Important 20707-17084 Important 20519-17086 Important 20387-17086 Important 20074-17084 Important 20596-17084 Important 19693-17084 Important 20687-17086 Important 20867-17086 Important 20863-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18447-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20523-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18315-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19712-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19668-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17667-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20597-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20707-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20519-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20387-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20074-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20596-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20687-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20867-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20863-17084 1.0 2025-10-31T01:07:43 <p>Information published.</p> 2.0 2025-12-06T14:38:49 <p>Information published.</p> 3.0 2025-12-07T01:42:39 <p>Information published.</p> 6.0 2026-02-18T02:25:18 <p>Information published.</p> 4.0 2025-12-12T01:37:12 <p>Information published.</p> 5.0 2025-12-13T01:37:37 <p>Information published.</p> Quadratic complexity when checking name constraints in crypto/x509 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2025-58187 18447-17086 19712-17086 17667-17084 20597-17086 20707-17084 20519-17086 20387-17086 20523-17086 18315-17084 20074-17084 20596-17084 19668-17086 19693-17084 20863-17084 18447-17086 19712-17086 17667-17084 20597-17086 20707-17084 20519-17086 20387-17086 20523-17086 18315-17084 20074-17084 20596-17084 19668-17086 19693-17084 20863-17084 Moderate 18447-17086 Moderate 19712-17086 Important 17667-17084 Moderate 20597-17086 Important 20707-17084 Moderate 20519-17086 Moderate 20387-17086 Moderate 20523-17086 Important 18315-17084 Moderate 20074-17084 Moderate 20596-17084 Moderate 19668-17086 Important 19693-17084 Important 20863-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 18447-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19712-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17667-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20597-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20707-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20519-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20387-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20523-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18315-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20074-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20596-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19668-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20863-17084 1.0 2025-10-31T01:08:15 <p>Information published.</p> 2.0 2025-12-07T01:43:33 <p>Information published.</p> 3.0 2025-12-12T01:37:06 <p>Information published.</p> 4.0 2025-12-13T01:37:32 <p>Information published.</p> 5.0 2026-02-18T02:28:39 <p>Information published.</p> ALPN negotiation error contains attacker controlled information in crypto/tls <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2025-58189 20519-17086 20387-17086 20074-17084 19693-17084 17667-17084 18447-17086 20523-17086 18315-17084 19712-17086 20596-17084 19668-17086 20597-17086 20519-17086 20387-17086 20074-17084 19693-17084 17667-17084 18447-17086 20523-17086 18315-17084 19712-17086 20596-17084 19668-17086 20597-17086 Moderate 20519-17086 Moderate 20387-17086 Moderate 20074-17084 Moderate 19693-17084 Moderate 17667-17084 Moderate 18447-17086 Moderate 20523-17086 Moderate 18315-17084 Moderate 19712-17086 Moderate 20596-17084 Moderate 19668-17086 Moderate 20597-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U 20519-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U 20387-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U 20074-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U 19693-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U 17667-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U 18447-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U 20523-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U 18315-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U 19712-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U 20596-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U 19668-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U 20597-17086 1.0 2025-10-31T01:09:20 <p>Information published.</p> usb: gadget: f_rndis: Refactor bind path to use __free() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40095 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 1.0 2025-10-31T01:09:26 <p>Information published.</p> ALSA: hda: Fix missing pointer check in hda_component_manager_init function <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40097 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 1.0 2025-10-31T01:09:31 <p>Information published.</p> smb: client: Fix refcount leak for cifs_sb_tlink <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40103 20613-17084 20553-17084 20613-17084 20553-17084 Important 20613-17084 Important 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20613-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20553-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 2.0 2025-12-07T01:44:07 <p>Information published.</p> 1.0 2025-10-31T01:09:42 <p>Information published.</p> NFSD: Define a proc_layoutcommit for the FlexFiles layout type <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40087 20553-17084 20613-17084 20553-17084 20613-17084 Moderate 20553-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-10-31T01:09:47 <p>Information published.</p> 2.0 2025-12-07T01:44:18 <p>Information published.</p> drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40096 20553-17084 20613-17084 20553-17084 20613-17084 Important 20553-17084 Important 20613-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 2.0 2025-12-07T01:44:30 <p>Information published.</p> 1.0 2025-10-31T01:09:53 <p>Information published.</p> KVM: arm64: Prevent access to vCPU events before init <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40102 20553-17084 20613-17084 20725-17084 20956-17084 21094-17084 21248-17084 20788-17084 20823-17084 20860-17084 21308-17084 21332-17084 21344-17084 20553-17084 20613-17084 20725-17084 20956-17084 21094-17084 21248-17084 20788-17084 20823-17084 20860-17084 21308-17084 21332-17084 21344-17084 Important 20553-17084 Important 20613-17084 Important 20725-17084 Important 20956-17084 Important 21094-17084 Important 21248-17084 Important 20788-17084 Important 20823-17084 Important 20860-17084 Important 21308-17084 Important 21332-17084 Important 21344-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20613-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20725-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20956-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21094-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21248-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20788-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20823-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20860-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21308-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21332-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21344-17084 4.0 2026-01-20T14:46:04 <p>Information published.</p> 5.0 2026-02-18T02:36:46 <p>Information published.</p> 6.0 2026-03-04T14:41:55 <p>Information published.</p> 7.0 2026-03-31T14:57:55 <p>Information published.</p> 8.0 2026-04-29T14:47:52 <p>Information published.</p> 9.0 2026-05-06T14:42:21 <p>Information published.</p> 10.0 2026-05-11T01:41:15 <p>Information published.</p> 1.0 2025-10-31T01:09:59 <p>Information published.</p> 2.0 2025-12-07T01:44:40 <p>Information published.</p> 3.0 2026-01-08T14:50:36 <p>Information published.</p> 11.0 2026-05-17T14:42:20 <p>Information published.</p> btrfs: do not assert we found block group item when creating free space tree <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40100 20553-17084 20613-17084 20553-17084 20613-17084 Moderate 20553-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 2.0 2025-12-07T01:44:51 <p>Information published.</p> 1.0 2025-10-31T01:10:04 <p>Information published.</p> ksmbd: fix recursive locking in RPC handle list access <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40090 20553-17084 20553-17084 Important 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20553-17084 1.0 2025-10-31T01:10:10 <p>Information published.</p> vfs: Don't leak disconnected dentries on umount <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40105 20613-17084 20553-17084 20613-17084 20553-17084 Important 20613-17084 Important 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20613-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20553-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 2.0 2025-12-07T01:45:03 <p>Information published.</p> 1.0 2025-10-31T01:10:15 <p>Information published.</p> usb: gadget: f_ecm: Refactor bind path to use __free() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40093 20553-17084 20553-17084 Important 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20553-17084 1.0 2025-10-31T01:10:21 <p>Information published.</p> usb: gadget: f_ncm: Refactor bind path to use __free() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40092 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 1.0 2025-10-31T01:10:32 <p>Information published.</p> usb: gadget: f_acm: Refactor bind path to use __free() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40094 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 1.0 2025-10-31T01:10:37 <p>Information published.</p> cifs: parse_dfs_referrals: prevent oob on malformed input <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40099 20613-17084 20553-17084 20613-17084 20553-17084 Moderate 20613-17084 Moderate 20553-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 20613-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 20553-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 2.0 2025-12-07T01:45:14 <p>Information published.</p> 1.0 2025-10-31T01:10:42 <p>Information published.</p> FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-61106 NULL Pointer Dereference 20784-17086 20789-17084 20873-17086 20875-17084 19931-17086 19585-17084 20784-17086 20789-17084 20873-17086 20875-17084 19931-17086 19585-17084 Moderate 20784-17086 Moderate 20789-17084 Moderate 20873-17086 Moderate 20875-17084 Moderate 19931-17086 Moderate 19585-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20784-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20789-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20873-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20875-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19931-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19585-17084 CBL-Mariner Releases 20873-17086 No Security Update 8.5.5-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20873-17086 CBL-Mariner Releases CBL-Mariner Releases 20875-17084 No Security Update 9.1.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20875-17084 CBL-Mariner Releases 1.0 2025-10-31T01:10:59 <p>Information published.</p> 2.0 2026-01-03T01:38:02 <p>Information published.</p> 4.0 2026-02-18T02:40:55 <p>Information published.</p> 3.0 2026-01-08T14:35:31 <p>Information published.</p> FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-61105 NULL Pointer Dereference 20789-17084 20875-17084 19585-17084 20789-17084 20875-17084 19585-17084 Moderate 20789-17084 Moderate 20875-17084 Moderate 19585-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20789-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20875-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19585-17084 CBL-Mariner Releases 20875-17084 No Security Update 9.1.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20875-17084 CBL-Mariner Releases 3.0 2026-02-18T02:43:12 <p>Information published.</p> 1.0 2025-10-31T01:11:21 <p>Information published.</p> 2.0 2026-01-08T14:50:56 <p>Information published.</p> FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-61101 NULL Pointer Dereference 19931-17086 19585-17084 20784-17086 20873-17086 20789-17084 20875-17084 19931-17086 19585-17084 20784-17086 20873-17086 20789-17084 20875-17084 Important 19931-17086 Important 19585-17084 Important 20784-17086 Important 20873-17086 Important 20789-17084 Important 20875-17084 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 19931-17086 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 19585-17084 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 20784-17086 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 20873-17086 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 20789-17084 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 20875-17084 CBL-Mariner Releases 20873-17086 No Security Update 8.5.5-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20873-17086 CBL-Mariner Releases CBL-Mariner Releases 20875-17084 No Security Update 9.1.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20875-17084 CBL-Mariner Releases 1.0 2025-11-02T02:02:28 <p>Information published.</p> 2.0 2026-01-03T01:38:18 <p>Information published.</p> 3.0 2026-01-08T14:36:22 <p>Information published.</p> 4.0 2026-02-18T02:48:59 <p>Information published.</p> FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-61104 NULL Pointer Dereference 19931-17086 19585-17084 20784-17086 20873-17086 20875-17084 20789-17084 19931-17086 19585-17084 20784-17086 20873-17086 20875-17084 20789-17084 Important 19931-17086 Important 19585-17084 Important 20784-17086 Important 20873-17086 Important 20875-17084 Important 20789-17084 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 19931-17086 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 19585-17084 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 20784-17086 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 20873-17086 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 20875-17084 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 20789-17084 CBL-Mariner Releases 20873-17086 No Security Update 8.5.5-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20873-17086 CBL-Mariner Releases CBL-Mariner Releases 20875-17084 No Security Update 9.1.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20875-17084 CBL-Mariner Releases 1.0 2025-11-02T02:02:44 <p>Information published.</p> 2.0 2026-01-03T01:38:28 <p>Information published.</p> 3.0 2026-01-08T14:36:01 <p>Information published.</p> 4.0 2026-02-18T02:50:40 <p>Information published.</p> Xorg: xwayland: use-after-free in xkb client resource removal <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-62230 Use After Free 19615-17084 20749-17084 19615-17084 20749-17084 Important 19615-17084 Important 20749-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H 19615-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H 20749-17084 CBL-Mariner Releases 19615-17084 No Security Update 24.1.6-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19615-17084 CBL-Mariner Releases 1.0 2025-11-02T02:02:49 <p>Information published.</p> 2.0 2025-12-24T01:02:33 <p>Information published.</p> FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-61099 NULL Pointer Dereference 20784-17086 20789-17084 20873-17086 19931-17086 19585-17084 20875-17084 20784-17086 20789-17084 20873-17086 19931-17086 19585-17084 20875-17084 Important 20784-17086 Important 20789-17084 Important 20873-17086 Important 19931-17086 Important 19585-17084 Important 20875-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20784-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20789-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20873-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19931-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19585-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20875-17084 CBL-Mariner Releases 20873-17086 No Security Update 8.5.5-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20873-17086 CBL-Mariner Releases CBL-Mariner Releases 20875-17084 No Security Update 9.1.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20875-17084 CBL-Mariner Releases 1.0 2025-11-05T01:01:58 <p>Information published.</p> 2.0 2026-01-03T01:38:33 <p>Information published.</p> 3.0 2026-01-08T14:36:42 <p>Information published.</p> 4.0 2026-02-18T02:52:47 <p>Information published.</p> Libxslt: type confusion in exsltfuncresultcompfunction of libxslt Mariner redhat Yes CVE-2025-11731 Access of Resource Using Incompatible Type (&#39;Type Confusion&#39;) 20191-17086 17469-17084 20693-17086 20726-17084 20191-17086 17469-17084 20693-17086 20726-17084 Low 20191-17086 Low 17469-17084 Low 20693-17086 Low 20726-17084 3.1 2.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 20191-17086 3.1 2.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 17469-17084 3.1 2.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 20693-17086 3.1 2.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 20726-17084 CBL-Mariner Releases 20191-17086 20693-17086 No Security Update 1.1.34-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20191-17086 20693-17086 CBL-Mariner Releases CBL-Mariner Releases 17469-17084 No Security Update 1.1.43-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17469-17084 CBL-Mariner Releases CBL-Mariner Releases 20726-17084 No Security Update 1.1.43-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20726-17084 CBL-Mariner Releases 1.0 2025-11-21T01:04:16 <p>Information published.</p> 2.0 2025-12-05T01:36:30 <p>Information published.</p> 3.0 2025-12-06T14:40:19 <p>Information published.</p> 4.0 2025-12-07T01:38:20 <p>Information published.</p> net: ethernet: ti: am65-cpsw: Fix PM runtime leakage in am65_cpsw_nuss_ndo_slave_open() Mariner Linux Yes CVE-2022-50461 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 2.0 2026-01-20T14:46:01 <p>Information published.</p> 3.0 2026-02-18T14:51:22 <p>Information published.</p> 1.0 2026-01-18T01:01:29 <p>Information published.</p> scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID Mariner Linux Yes CVE-2022-50467 NULL Pointer Dereference 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 3.0 2026-03-03T14:54:03 <p>Information published.</p> 4.0 2026-03-31T15:11:04 <p>Information published.</p> 1.0 2026-01-18T01:01:39 <p>Information published.</p> 2.0 2026-01-19T14:36:50 <p>Information published.</p> wifi: rtw88: fix memory leak in rtw_usb_probe() Mariner Linux Yes CVE-2023-53460 Missing Release of Memory after Effective Lifetime 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 3.0 2026-02-18T14:52:29 <p>Information published.</p> 1.0 2026-01-18T01:01:44 <p>Information published.</p> 2.0 2026-01-19T14:36:55 <p>Information published.</p> netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm Mariner Linux Yes CVE-2025-39894 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 2.0 2026-01-20T14:47:46 <p>Information published.</p> 1.0 2026-01-18T01:04:08 <p>Information published.</p> 3.0 2026-02-24T14:41:23 <p>Information published.</p> wifi: mt76: mt7915: fix memory leak in mt7915_mcu_exit Mariner Linux Yes CVE-2023-53466 Missing Release of Memory after Effective Lifetime 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2026-01-21T01:03:15 <p>Information published.</p> 2.0 2026-02-18T15:01:35 <p>Information published.</p> vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check Mariner Linux Yes CVE-2023-53543 Out-of-bounds Write 21093-17086 20925-17086 21093-17086 20925-17086 Important 21093-17086 Important 20925-17086 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21093-17086 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20925-17086 2.0 2026-03-31T15:15:22 <p>Information published.</p> 1.0 2026-02-25T01:03:25 <p>Information published.</p> Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability <p>Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could an attacker gain with successful exploitation?</strong></p> <p>An attacker who successfully exploited the vulnerability could elevate their privileges as ‘NT AUTHORITY\SYSTEM’ user and perform arbitrary code execution.</p> <p><strong>What actions do customers need to take to protect themselves from this vulnerability?</strong></p> <p>Customers should update their Azure Connected Machine Agent to the latest version. For more information, see <a href="https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-release-notes">What's new with Azure Connected Machine agent</a>.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L) and privileges required is low (PR:L). What does this mean in the context of this elevation of privilege vulnerability?</strong></p> <p>An attacker needs to be authorized as a standard user on the localhost to execute this attack. They could then elevate their privileges to perform unauthorized operations.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected.</p> Azure Connected Machine Agent Microsoft Yes CVE-2025-47989 Improper Access Control 20516 Elevation of Privilege 20516 Important 20516 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20516 Release Notes https://gbl.his.arc.azure.com/azcmagent/1.57/AzureConnectedMachineAgent.msi 20516 No Security Update 1.57 https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-release-notes#version-157---october-2025 20516 Release Notes Release Notes https://learn.microsoft.com/en-us/azure/azure-arc/servers/manage-agent#install-a-specific-version-of-the-agent 20516 No Security Update 1.57 https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-release-notes#version-157---october-2025 20516 Release Notes Sharan Patil with <a href="https://consulting.withsecure.com/">WithSecure Consulting</a> 1.1 2025-10-15T07:00:00 <p>Affected software updated with new package information.</p> 1.0 2025-10-14T07:00:00 <p>Information published.</p> AMD CVE-2025-0033: RMP Corruption During SNP Initialization <p>Microsoft is aware of <a href="http://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3020.html">AMD-SB-3020 | CVE-2025-0033</a> disclosed by AMD on October 13, 2025.</p> <p>CVE-2025-0033 is a vulnerability in AMD EPYC processors using Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP). It involves a race condition during Reverse Map Table (RMP) initialization that could allow a malicious or compromised hypervisor to modify RMP entries before they are locked, potentially impacting the integrity of SEV-SNP guest memory. This issue does not expose plaintext data or secrets and requires privileged control of the hypervisor to exploit.</p> <p>Across Azure Confidential Computing products, multiple security guardrails are in place to prevent host compromise, combining isolation, integrity verification and continuous monitoring. All host operations follow audited and approved management pathways, with administrative access strictly controlled, limited and logged. Together, these protections reduce the risk of host compromise or unauthorized memory manipulation, helping ensure that confidential workloads and customer VMs maintain their confidentiality and integrity on Azure hosts.</p> <p><strong>When will an update be available to address this vulnerability?</strong></p> <p>Updates to mitigate this vulnerability in Azure Confidential Computing's (ACC) AMD-based clusters are being developed but are not yet complete. Once complete, the updates with be deployed across all AMD-based infrastructure and customers will be notified via <a href="http://https://docs.azure.cn/en-us/service-health/service-health-portal-update">Azure Service Health Alerts </a> if they are required to reboot their ACC resources. The Security Updates table for this CVE will be updated immediately upon availability of the mitigated versions for any affected ACC product SKUs.</p> <p>Additionally, customers who have <a href="http://https://www.microsoft.com/en-us/msrc/technical-security-notifications?rtc=1">subscribed</a> to the Security Update Guide will be notified when this CVE is revised to indicate updates are available. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE.</p> AMD Restricted Memory Page AMD Yes CVE-2025-0033 20548 20546 20549 20550 20552 Remote Code Execution 20548 Remote Code Execution 20546 Remote Code Execution 20549 Remote Code Execution 20550 Remote Code Execution 20552 Critical 20548 Critical 20546 Critical 20549 Critical 20550 Critical 20552 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20548 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20546 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20549 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20550 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20552 Benedict Schlueter, Supraja Sridhara, and Shweta Shinde from ETH Zurich 1.0 2025-10-13T07:00:00 <p>Information published.</p> 1.1 2025-10-15T07:00:00 <p>Corrected security updates table. This is an informational change only.</p> Microsoft Brokering File System Elevation of Privilege Vulnerability <p>Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Brokering File System Microsoft Yes CVE-2025-48004 Use After Free 20438 20437 12085 12086 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 12085 Important 12086 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 hazard Bryan Gonzalez, Ocelot Team @ Metabase Q 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Device Association Broker Service Elevation of Privilege Vulnerability <p>Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to Local Service.</p> Windows Device Association Broker service Microsoft Yes CVE-2025-50174 Use After Free 20437 20438 12437 12389 12390 12436 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12437 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20437 Important 20438 Important 12437 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066835 https://support.microsoft.com/help/5066835 20437 20438 12437 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37)</a> with <a href="https://www.enki.co.kr/">Ajou University, and working at ENKI WhiteHat</a> <a href="https://linkedin.com/in/kdj-abysslab">Dongjun Kim (smlijun)</a> with <a href="https://www.enki.co.kr/">Ajou University, and working at ENKI WhiteHat</a> Anonymous 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Exchange Server Elevation of Privilege Vulnerability <p>Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>The attacker would be able to take over the mailboxes of all Exchange users, read emails, download attachments.</p> Microsoft Exchange Server Microsoft Yes CVE-2025-53782 Incorrect Implementation of Authentication Algorithm 12502 12293 16792 12039 Elevation of Privilege 12502 Elevation of Privilege 12293 Elevation of Privilege 16792 Elevation of Privilege 12039 Important 12502 Important 12293 Important 16792 Important 12039 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12502 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12293 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16792 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 5066367 https://www.microsoft.com/en-us/download/details.aspx?id=108419 5063221 12502 Yes Security Update 15.02.1748.039 https://support.microsoft.com/help/5066367 12502 5066367 5066368 https://www.microsoft.com/en-us/download/details.aspx?id=108421 5063222 12293 Yes Security Update 15.02.1544.036 https://support.microsoft.com/help/5066368 12293 5066368 5066366 https://www.microsoft.com/en-us/download/details.aspx?id=108422 5063224 16792 Yes Security Update 15.02.2562.029 https://support.microsoft.com/help/5066366 16792 5066366 5066369 https://www.microsoft.com/en-us/download/details.aspx?id=108420 5063223 12039 Yes Security Update 15.01.2507.061 https://support.microsoft.com/help/5066369 12039 5066369 <a href="https://github.com/zcgonvh">zcgonvh&#39;s cat Vanilla</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> .NET Elevation of Privilege Vulnerability <p>Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain the privileges of the authenticated user.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker could place a malicious file in the core project path and then wait for a user with admin privileges to create or build a .NET project to gain elevated privileges.</p> .NET Microsoft Yes CVE-2025-55247 Improper Link Resolution Before File Access ('Link Following') 12415 12432 Elevation of Privilege 12415 Elevation of Privilege 12432 Important 12415 Important 12432 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12415 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12432 5068331 https://dotnet.microsoft.com/en-us/download/dotnet/8.0 12415 Maybe Security Update 8.0.21 https://support.microsoft.com/help/5068331 12415 5068331 5068332 https://dotnet.microsoft.com/en-us/download/dotnet/9.0 12432 Maybe Security Update 9.0.10 https://support.microsoft.com/help/5068332 12432 5068332 1.0 2025-10-14T07:00:00 <p>Information published.</p> ASP.NET Security Feature Bypass Vulnerability <p>Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An authenticated attacker could exploit the vulnerability by sending a malicious http request to the web server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view sensitive information such as other user's credentials (Confidentiality) and make changes to file contents on the target server (Integrity), and they might be able to force a crash within the server (Availability).</p> <p><strong>What should I do to make sure my ASP.NET Core application is protected?</strong></p> <ul> <li><p>If you are running .NET 8 or later install the .NET update from Microsoft Update, then restart your application or reboot the machine.</p> </li> <li><p>If you are running .NET 2.3 you must update the package reference for Microsoft.AspNet.Server.Kestrel.Core to 2.3.6, then recompile your application and redeploy.</p> </li> <li><p>If you are running a self-contained/single-file application, install the .NET update, recompile your application and redeploy.</p> </li> </ul> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could smuggle another HTTP request and bypass front-end security controls or hijack other users' credentials.</p> <p><strong>This vulnerability is rated as an Important, Security Feature Bypass that is less likely to be exploited. Why is the CVSS score 9.9 out of 10?</strong></p> <p>ASP.NET Core is a framework. CVSS scores applications. This mismatch makes scoring ASP.NET challenging. In situations like this, it is Microsoft's standard practice to score the worst possible case scenario for any application written using ASP.NET Core. &quot;Exploitation less likely&quot; refers to a more typical application which doesn't go outside the typical ASP.NET Core uses.</p> <p>The vulnerability in ASP.NET Core allows HTTP request smuggling. This is a security feature bypass that can affect how your application enforces authentication, authorization, and other critical security checks. The vulnerability allows attackers to craft a request that hides another request inside it. Depending on how your app processes requests, this could lead to:</p> <ul> <li>Elevation of privilege (EOP) — impersonating another user</li> <li>Server-side request forgery (SSRF) — making internal requests</li> <li>Cross-site request forgery (CSRF) bypass</li> <li>Injection attacks — bypassing input validation</li> </ul> <p>These are serious risks, especially for applications handling sensitive data or operating in regulated environments.</p> <p>While not every app is vulnerable, the scoring reflects the worst-case scenario—a standard practice in CVSS to ensure customers take action.</p> ASP.NET Core Microsoft Yes CVE-2025-55315 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') 12256 12507 20518 12459 12322 16767 Security Feature Bypass 12256 Security Feature Bypass 12507 Security Feature Bypass 20518 Security Feature Bypass 12459 Security Feature Bypass 12322 Security Feature Bypass 16767 Important 12256 Important 12507 Important 20518 Important 12459 Important 12322 Important 16767 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C 12256 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C 12507 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C 20518 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C 12459 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C 12322 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C 16767 5068331 https://dotnet.microsoft.com/en-us/download/dotnet/8.0 12256 Maybe Security Update 8.0.21 https://support.microsoft.com/help/5068331 12256 5068331 5068332 https://dotnet.microsoft.com/en-us/download/dotnet/9.0 12507 Maybe Security Update 9.0.10 https://support.microsoft.com/help/5068332 12507 5068332 Release Notes https://github.com/dotnet/aspnetcore/issues/64033 20518 Maybe Security Update 2.3.6 https://github.com/dotnet/aspnetcore/issues/64033 20518 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 12459 Maybe Security Update 17.12.13 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12459 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.20 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.14 16767 Maybe Security Update 17.14.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 16767 Release Notes Sid 1.0 2025-10-14T07:00:00 <p>Information published.</p> 1.1 2025-10-22T07:00:00 <p>Added an FAQ to explain the disparity between the Important severity, the exploitability assessment of &quot;less likely to be exploited&quot;, and the high CVSS3.1 score of 9.9 out of 10.</p> Windows Agere Modem Driver Elevation of Privilege Vulnerability <p>Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.</p> <p><strong>Fax modem hardware dependent on this specific driver will no longer work on Windows.</strong></p> <p>Microsoft recommends removing any existing dependencies on this hardware.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>Is the vulnerability only exploitable if the Agere Modem is actively being used?</strong></p> <p>No. All supported versions of Windows can be affected by a successful exploitation of this vulnerability, even if the modem is not actively being used.</p> Agere Windows Modem Driver Microsoft Yes CVE-2025-24990 Untrusted Pointer Dereference 20438 11569 11571 11572 11923 11924 11931 12086 12097 12437 12243 12244 12390 12436 10735 10853 10816 10855 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 20438 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11931 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12437 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10735 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 20438 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11931 Important 12086 Important 12097 Important 12437 Important 12243 Important 12244 Important 12390 Important 12436 Important 10735 Important 10853 Important 10816 Important 10855 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 20438 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11569 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11571 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11572 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11923 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11924 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11931 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12086 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12097 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12437 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12243 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12244 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12390 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12436 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10735 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10853 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10816 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10855 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9318 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9344 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10051 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10049 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10378 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10379 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10483 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 5066835 5066835 https://support.microsoft.com/help/5066835 20438 12437 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11931 12097 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 <a href="https://x.com/shitsecure">Fabian Mosch</a> with <a href="https://www.r-tec.net/">r-tec IT Security GmbH</a> <a href="https://x.com/0xLegacyy">Jordan Jay </a> Anonymous MSTIC MSTIC <a href="https://x.com/shitsecure">Fabian Mosch</a> with <a href="https://www.r-tec.net/">r-tec IT Security GmbH</a> <a href="https://x.com/0xLegacyy">Jordan Jay </a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Agere Modem Driver Elevation of Privilege Vulnerability <p>Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.</p> <p><strong>Fax modem hardware dependent on this specific driver will no longer work on Windows.</strong></p> <p>Microsoft recommends removing any existing dependencies on this hardware.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>Is the vulnerability only exploitable if the Agere Modem is actively being used?</strong></p> <p>No. All supported versions of Windows can be affected by a successful exploitation of this vulnerability, even if the modem is not actively being used.</p> Agere Windows Modem Driver Microsoft Yes CVE-2025-24052 Stack-based Buffer Overflow 20438 11569 11571 11572 11923 11924 11931 12086 12097 12437 12243 12244 12390 12436 10735 10853 10816 10855 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 20438 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11931 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12437 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10735 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 20438 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11931 Important 12086 Important 12097 Important 12437 Important 12243 Important 12244 Important 12390 Important 12436 Important 10735 Important 10853 Important 10816 Important 10855 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 20438 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11923 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11924 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11931 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12086 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12097 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12437 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12243 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12244 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12390 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12436 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 5066835 5066835 https://support.microsoft.com/help/5066835 20438 12437 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11931 12097 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Anonymous 1.0 2025-10-14T07:00:00 <p>Information published.</p> Configuration Manager Elevation of Privilege Vulnerability <p>Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain sysadmin privileges.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by injecting malicious SQL into the SyncToken method, allowing execution of arbitrary queries as the SMS service.</p> <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p> Microsoft Configuration Manager Microsoft Yes CVE-2025-55320 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 16788 12402 20545 Elevation of Privilege 16788 Elevation of Privilege 12402 Elevation of Privilege 20545 Important 16788 Important 12402 Important 20545 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16788 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12402 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20545 Release Notes https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2503/32480179 16788 Maybe Security Update 5.00.9135.1008 https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2503/34503790 16788 Release Notes Release Notes https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2403/28204160 12402 Maybe Security Update 5.00.9128.1035 https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2503/34503790 12402 Release Notes Release Notes https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2409/30385346 20545 Maybe Security Update 5.00.9132.1029 https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2503/34503790 20545 Release Notes <a href="https://x.com/kalimer0x00">Mehdi Elyassa</a> with <a href="https://www.synacktiv.com/">Synacktiv</a> <a href="https://x.com/kalimer0x00">Mehdi Elyassa</a> with <a href="https://www.synacktiv.com/">Synacktiv</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> 1.1 2025-10-17T07:00:00 <p>The score for this vulnerability has been updated to reflect a change in score in the** Attack Vector **metric from <strong>Local</strong> to <strong>Adjacent</strong>.</p> Windows Storage Management Provider Information Disclosure Vulnerability <p>Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows Storage Management Provider Microsoft Yes CVE-2025-55325 Buffer Over-read 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Information Disclosure 20438 Information Disclosure 20437 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 nerty_nerty(Ingyu Yang), Mukyoung Kwak, Seongheun Hong, Jaeseok Bae, Jiwon Jang, Seoyun Cho with Best of the Best 13th Team MSRC Gasan <a href="https://x.com/hpy_insu">insu</a> with Theori Anonymous 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows BitLocker Security Feature Bypass Vulnerability <p>Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p> Windows BitLocker Microsoft Yes CVE-2025-55333 Incomplete Comparison with Missing Factors 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Security Feature Bypass 20438 Security Feature Bypass 20437 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20438 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20437 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12085 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12086 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12244 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10729 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10735 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM) <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM) 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows NTFS Elevation of Privilege Vulnerability <p>Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows NTFS Microsoft Yes CVE-2025-55335 Use After Free Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 20438 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 20438 Elevation of Privilege 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 20438 Important 20437 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 20438 20437 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 Bruno Botelho 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> Windows Cloud Files Mini Filter Driver Microsoft Yes CVE-2025-55336 Exposure of Sensitive Information to an Unauthorized Actor 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Information Disclosure 20438 Information Disclosure 20437 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 <a href="https://x.com/cplearns2h4ck">Chen Le Qi (@cplearns2h4ck)</a> with <a href="https://starlabs.sg/">STAR Labs SG Pte. Ltd.</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows BitLocker Security Feature Bypass Vulnerability <p>Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p> Windows BitLocker Microsoft Yes CVE-2025-55338 Missing Ability to Patch ROM Code 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Security Feature Bypass 20438 Security Feature Bypass 20437 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20438 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20437 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12085 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12086 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12244 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10729 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10735 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 Netanel Ben Simon with Microsoft (STORM) <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM) 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Network Driver Interface Specification (NDIS) Driver Elevation of Privilege Vulnerability <p>Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows NDIS Microsoft Yes CVE-2025-55339 Out-of-bounds Read 20438 20437 11923 11924 12085 12086 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 11923 Important 11924 Important 12085 Important 12086 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Remote Desktop Protocol Security Feature Bypass <p>Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires multiple conditions to be met. The attacker must have access to a user's machine and the user must have initiated an RDP session. The attack must also be carried out within a certain amount of time from the initiation of the RDP session.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to bypass RDP authentication.</p> Windows Remote Desktop Protocol Microsoft Yes CVE-2025-55340 Improper Authentication 20438 20437 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Security Feature Bypass 20438 Security Feature Bypass 20437 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Important 20438 Important 20437 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 Toaster 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows USB Video Class System Driver Information Disclosure Vulnerability <p>Generation of error message containing sensitive information in Windows USB Video Driver allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> Windows USB Video Driver Microsoft Yes CVE-2025-55676 Generation of Error Message Containing Sensitive Information 20438 20437 12437 12389 12390 12436 Information Disclosure 20438 Information Disclosure 20437 Information Disclosure 12437 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Important 20438 Important 20437 Important 12437 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 <a href="https://twitter.com/lewislee53">Lewis Lee</a>, <a href="https://twitter.com/ver0759">Chunyang Han</a>, and <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> with HUST 1.0 2025-10-14T07:00:00 <p>Information published.</p> 1.1 2025-10-23T07:00:00 <p>Updated acknowledgment. This is an informational change only.</p> Windows Device Association Broker Service Elevation of Privilege Vulnerability <p>Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to Local Service.</p> Windows Device Association Broker service Microsoft Yes CVE-2025-55677 Untrusted Pointer Dereference 20438 20437 12437 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 12437 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 12437 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 Hwiwon Lee (hwiwonl), SEC-agent team <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37), SEC-agent team</a> with <a href="https://www.enki.co.kr/">ENKI WhiteHat</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Desktop Window Manager Elevation of Privilege Vulnerability <p>Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to manipulate system operations in a specific manner.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Microsoft Yes CVE-2025-55681 Out-of-bounds Read Untrusted Pointer Dereference 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 <a href="https://twitter.com/securiteam_ssd">TyphoonPWN Windows PE Winner</a> with <a href="https://ssd-disclosure.com/">SSD Secure Disclosure</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability <p>Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows PrintWorkflowUserSvc Microsoft Yes CVE-2025-55685 Use After Free 20438 20437 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37), SEC-agent team</a> with <a href="https://www.enki.co.kr/">ENKI WhiteHat</a> Hwiwon Lee (hwiwonl), SEC-agent team 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability <p>Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows PrintWorkflowUserSvc Microsoft Yes CVE-2025-55686 Use After Free 20438 20437 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37), SEC-agent team</a> with <a href="https://www.enki.co.kr/">ENKI WhiteHat</a> Hwiwon Lee (hwiwonl), SEC-agent team 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Resilient File System (ReFS) Microsoft Yes CVE-2025-55687 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 20438 20437 11568 11569 11572 11571 11923 11924 11929 11931 11930 12085 12086 12097 12099 12098 12437 12242 12243 12244 12389 12390 12436 10816 10853 10735 10855 10729 10852 10378 10379 10483 10543 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11572 Elevation of Privilege 11571 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11931 Elevation of Privilege 11930 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12099 Elevation of Privilege 12098 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10816 Elevation of Privilege 10853 Elevation of Privilege 10735 Elevation of Privilege 10855 Elevation of Privilege 10729 Elevation of Privilege 10852 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11572 Important 11571 Important 11923 Important 11924 Important 11929 Important 11931 Important 11930 Important 12085 Important 12086 Important 12097 Important 12099 Important 12098 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10816 Important 10853 Important 10735 Important 10855 Important 10729 Important 10852 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11572 11571 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11572 11571 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11931 11930 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11931 11930 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11931 11930 12097 12099 12098 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12099 12098 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12099 12098 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10816 10853 10855 10852 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10816 10853 10855 10852 5066836 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10735 10729 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10735 10729 5066837 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability <p>Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows PrintWorkflowUserSvc Microsoft Yes CVE-2025-55689 Use After Free 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 20438 20437 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 20438 Important 20437 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 20438 20437 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37), SEC-agent team</a> with <a href="https://www.enki.co.kr/">ENKI WhiteHat</a> Hwiwon Lee (hwiwonl), SEC-agent&#160;team 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-55700 Out-of-bounds Read 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 20438 Information Disclosure 20437 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Anonymous 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Authentication Elevation of Privilege Vulnerability <p>Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> Microsoft Windows Microsoft Yes CVE-2025-55701 Improper Validation of Specified Type of Input 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Speech Runtime Elevation of Privilege Vulnerability <p>Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p> Microsoft Windows Speech Microsoft Yes CVE-2025-58715 Integer Overflow or Wraparound 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 Anonymous 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Speech Runtime Elevation of Privilege Vulnerability <p>Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p> Microsoft Windows Speech Microsoft Yes CVE-2025-58716 Improper Input Validation 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 Anonymous 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-58717 Out-of-bounds Read 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 20438 Information Disclosure 20437 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Anonymous 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Connected Devices Platform Service Elevation of Privilege Vulnerability <p>Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) and integrity (I:N), but could lead to major loss of availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability cannot access or modify any sensitive user data but can cause user data to become unavailable.</p> Connected Devices Platform Service (Cdpsvc) Microsoft Yes CVE-2025-58719 Use After Free 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20438 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20437 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 <a href="https://twitter.com/hillstone_lab">Zhang WangJunJie, He YiSheng</a> with <a href="https://www.hillstonenet.com/">Hillstone Networks Security Research Institute</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft DWM Core Library Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Microsoft Yes CVE-2025-58722 Heap-based Buffer Overflow 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 Varun Goel Samuel Pope with MSRC 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Bluetooth Service Elevation of Privilege Vulnerability <p>Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Bluetooth Service Microsoft Yes CVE-2025-58728 Use After Free 20438 20437 11568 11569 11571 11572 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 Zhiniang Peng with HUST & R4nger with CyberKunLun 1.0 2025-10-14T07:00:00 <p>Information published.</p> Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability <p>Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> Inbox COM Objects Microsoft Yes CVE-2025-58732 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 20438 20437 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Remote Code Execution 20438 Remote Code Execution 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 20438 Important 20437 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 20438 20437 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 Zhiniang Peng with HUST &amp; R4nger with CyberKunLun 1.0 2025-10-14T07:00:00 <p>Information published.</p> Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability <p>Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Inbox COM Objects Microsoft Yes CVE-2025-58735 Use After Free 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 20438 Remote Code Execution 20437 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Zhiniang Peng with HUST &amp; R4nger with CyberKunLun 1.0 2025-10-14T07:00:00 <p>Information published.</p> NTLM Hash Disclosure Spoofing Vulnerability <p>External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user interacting with the file in multiple ways will cause the NTLM hash to be leaked. A few interactions which trigger this leak include:</p> <ul> <li>Opening the parent folder in Explorer</li> <li>Clicking the file (any mouse button)</li> <li>Dragging the file</li> <li>Deleting the file</li> </ul> Windows Core Shell Microsoft Yes CVE-2025-59185 External Control of File Name or Path 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10483 10543 Spoofing 20438 Spoofing 20437 Spoofing 11568 Spoofing 11569 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12437 Spoofing 12242 Spoofing 12243 Spoofing 12244 Spoofing 12389 Spoofing 12390 Spoofing 12436 Spoofing 10729 Spoofing 10735 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 10855 Spoofing 10483 Spoofing 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Nacl 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> Windows Kernel Microsoft Yes CVE-2025-59186 Exposure of Sensitive Information to an Unauthorized Actor 11571 11572 11923 11924 12437 12244 12436 10816 10855 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12436 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10816 10855 5066836 <a href="https://twitter.com/lewislee53">Lewis Lee</a>, <a href="https://twitter.com/ver0759">Ver</a> and <a href="https://twitter.com/edwardzpeng">Zhiniang Peng of HUST</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Graphics Component Denial of Service Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Microsoft Graphics Component Microsoft Yes CVE-2025-59195 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Denial of Service 20438 Denial of Service 20437 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 cyanbamboo 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows SSDP Service Microsoft Yes CVE-2025-59196 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Software Protection Platform (SPP) Elevation of Privilege Vulnerability <p>Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level.</p> Software Protection Platform (SPP) Microsoft Yes CVE-2025-59199 Improper Access Control 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 Yarin Aharoni with SafeBreach 1.0 2025-10-14T07:00:00 <p>Information published.</p> Data Sharing Service Spoofing Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click a specially crafted button for the attacker to successfully exploit the vulnerability.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) and availability (A:L), and major loss of integrity (I:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability enables an attacker to access data and disrupt services at a medium integrity level, resulting in some loss of confidentiality and availability. However, because the attacker can execute arbitrary code at that level, the vulnerability poses a total loss of integrity, allowing for potentially significant data manipulation.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> Data Sharing Service Client Microsoft Yes CVE-2025-59200 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') External Control of File Name or Path 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Spoofing 20438 Spoofing 20437 Spoofing 11568 Spoofing 11569 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12437 Spoofing 12242 Spoofing 12243 Spoofing 12244 Spoofing 12389 Spoofing 12390 Spoofing 12436 Spoofing 10729 Spoofing 10735 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 10855 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 20438 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 20437 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 11568 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 11569 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 11571 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 11572 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 11923 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 11924 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 11929 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 11930 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 11931 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 12085 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 12086 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 12097 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 12098 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 12099 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 12437 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 12242 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 12243 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 12244 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 12389 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 12390 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 12436 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 10729 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 10735 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 10852 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 10853 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 10816 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C 10855 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 Ron Benyizhak with Safebreach 1.0 2025-10-14T07:00:00 <p>Information published.</p> Network Connection Status Indicator (NCSI) Elevation of Privilege Vulnerability <p>Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could execute code in the security context of the “NT AUTHORITY\Network Service” account.</p> Network Connection Status Indicator (NCSI) Microsoft Yes CVE-2025-59201 Improper Access Control 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 <a href="https://x.com/t0zhang">T0</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Remote Desktop Services Elevation of Privilege Vulnerability <p>Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Remote Desktop Services Microsoft Yes CVE-2025-59202 Use After Free 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Management Services Information Disclosure Vulnerability <p>Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p> Windows Management Services Microsoft Yes CVE-2025-59204 Use of Uninitialized Resource 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Information Disclosure 20438 Information Disclosure 20437 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 Taewoo (Tae_ω02) 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Resilient File System (ReFS) Deduplication Service Microsoft Yes CVE-2025-59206 Use After Free 20438 20437 12437 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 12437 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 12437 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 Taewoo (Tae_ω02) 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p>Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2025-59207 Untrusted Pointer Dereference Improper Input Validation 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 ChenJian with <a href="https://www.sea.com/security">Sea Security Orca Team</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Push Notification Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> Windows Push Notification Core Microsoft Yes CVE-2025-59211 Exposure of Sensitive Information to an Unauthorized Actor 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 20438 Information Disclosure 20437 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Anonymous 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft SharePoint Remote Code Execution Vulnerability <p>Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?</strong></p> <p>The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server.</p> Microsoft Office SharePoint Microsoft Yes CVE-2025-59228 Improper Input Validation 10950 11585 11961 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 5002788 https://www.microsoft.com/en-us/download/details.aspx?id=108403 5002778 10950 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002788 10950 5002788 5002796 https://www.microsoft.com/en-us/download/details.aspx?id=108409 5002775 11585 Maybe Security Update 16.0.10417.20059 https://support.microsoft.com/help/5002796 11585 5002796 5002786 https://www.microsoft.com/en-us/download/details.aspx?id=108404 5002784 11961 Maybe Security Update 16.0.19127.20262 https://support.microsoft.com/help/5002786 11961 5002786 MEOW 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> Microsoft Office Excel Microsoft Yes CVE-2025-59231 Access of Resource Using Incompatible Type ('Type Confusion') 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002797 https://www.microsoft.com/en-us/download/details.aspx?id=108411 5002776 10836 Maybe Security Update 16.0.10417.20059 https://support.microsoft.com/help/5002797 10836 5002797 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.102.25101223 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002794 https://www.microsoft.com/en-us/download/details.aspx?id=108415 5002782 10739 10740 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002794 10739 10740 5002794  Anonymous   Anonymous  1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> Microsoft Office Excel Microsoft Yes CVE-2025-59233 Access of Resource Using Incompatible Type ('Type Confusion') 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002797 https://www.microsoft.com/en-us/download/details.aspx?id=108411 5002776 10836 Maybe Security Update 16.0.10417.20059 https://support.microsoft.com/help/5002797 10836 5002797 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.102.25101223 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002794 https://www.microsoft.com/en-us/download/details.aspx?id=108415 5002782 10739 10740 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002794 10739 10740 5002794 Anonymous 1.0 2025-10-14T07:00:00 <p>Information published.</p> 1.1 2025-10-15T07:00:00 <p>Updated acknowledgment. This is an informational change only.</p> Microsoft Office Remote Code Execution Vulnerability <p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> Microsoft Office Microsoft Yes CVE-2025-59234 Use After Free 10753 10754 11573 11574 11762 11763 11953 11952 12420 12421 11951 12155 12440 Remote Code Execution 10753 Remote Code Execution 10754 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11953 Remote Code Execution 11952 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 11951 Remote Code Execution 12155 Remote Code Execution 12440 Critical 10753 Critical 10754 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11953 Critical 11952 Critical 12420 Critical 12421 Critical 11951 Critical 12155 Critical 12440 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12155 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 5002792 https://www.microsoft.com/en-us/download/details.aspx?id=108412 5002781 10753 10754 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002792 10753 10754 5002792 Click to Run 11573 11574 11762 11763 11953 11952 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11953 11952 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.102.25101223 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes Release Notes https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow 12155 Maybe Security Update 16.0.19328.20000 https://support.google.com/googleplay/answer/113412?hl=en 12155 Release Notes 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Excel Information Disclosure Vulnerability <p>Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> Microsoft Office Excel Microsoft Yes CVE-2025-59235 Out-of-bounds Read 10836 10950 11585 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 10751 10752 Information Disclosure 10836 Information Disclosure 10950 Information Disclosure 11585 Information Disclosure 11573 Information Disclosure 11574 Information Disclosure 11762 Information Disclosure 11763 Information Disclosure 11951 Information Disclosure 11952 Information Disclosure 11953 Information Disclosure 12420 Information Disclosure 12421 Information Disclosure 12440 Information Disclosure 10739 Information Disclosure 10740 Information Disclosure 10751 Information Disclosure 10752 Important 10836 Important 10950 Important 11585 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Important 10751 Important 10752 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 10836 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 10950 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11585 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11573 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11574 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11762 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11763 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11951 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11952 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11953 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 12420 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 12421 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 12440 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 10739 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 10740 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 10751 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 10752 5002797 https://www.microsoft.com/en-us/download/details.aspx?id=108411 5002776 10836 Maybe Security Update 16.0.10417.20059 https://support.microsoft.com/help/5002797 10836 5002797 5002788 https://www.microsoft.com/en-us/download/details.aspx?id=108403 5002778 10950 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002788 10950 5002788 5002796 https://www.microsoft.com/en-us/download/details.aspx?id=108409 5002775 11585 Maybe Security Update 16.0.10417.20059 https://support.microsoft.com/help/5002796 11585 5002796 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.102.25101223 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002794 https://www.microsoft.com/en-us/download/details.aspx?id=108415 5002782 10739 10740 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002794 10739 10740 5002794 5002719 https://www.microsoft.com/en-us/download/details.aspx?id=108413 5002588 10739 10740 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002719 10739 10740 5002719 5002757 https://www.microsoft.com/en-us/download/details.aspx?id=108406 5002734 10739 10740 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002757 10739 10740 5002757 5002341 https://www.microsoft.com/en-us/download/details.aspx?id=108405 5002052 10739 10740 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002341 10739 10740 5002341 5002720 https://www.microsoft.com/en-us/download/details.aspx?id=108414 5002701 10751 10752 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/kb/5002720 10751 10752 5002720 Nathan Shomber of Microsoft Nathan Shomber of Microsoft 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2025-59236 Use After Free 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Critical 10836 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12420 Critical 12421 Critical 12440 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 5002797 https://www.microsoft.com/en-us/download/details.aspx?id=108411 5002776 10836 Maybe Security Update 16.0.10417.20059 https://support.microsoft.com/help/5002797 10836 5002797 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.102.25101223 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes Nathan Shomber of Microsoft 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft SharePoint Remote Code Execution Vulnerability <p>Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>In a network-based attack, an attacker authenticated as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Microsoft Office SharePoint Microsoft Yes CVE-2025-59237 Deserialization of Untrusted Data 10950 11585 11961 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 5002788 https://www.microsoft.com/en-us/download/details.aspx?id=108403 5002778 10950 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002788 10950 5002788 5002796 https://www.microsoft.com/en-us/download/details.aspx?id=108409 5002775 11585 Maybe Security Update 16.0.10417.20059 https://support.microsoft.com/help/5002796 11585 5002796 5002786 https://www.microsoft.com/en-us/download/details.aspx?id=108404 5002784 11961 Maybe Security Update 16.0.19127.20262 https://support.microsoft.com/help/5002786 11961 5002786 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2025-59242 Heap-based Buffer Overflow Integer Underflow (Wrap or Wraparound) 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 20437 20438 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Graphics Component Elevation of Privilege Vulnerability <p>Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker can exploit this vulnerability by getting access to the local guest VM so they can attack the Host OS.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>Compromising the host enables an attacker to impact other virtual machines running on the same host, even if those VMs are not directly vulnerable to this issue.</p> Microsoft Graphics Component Microsoft Yes CVE-2025-49708 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 20437 Critical 20438 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 20437 20438 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 cyanbamboo and b2ahex 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> Microsoft Office Excel Microsoft Yes CVE-2025-59243 Use After Free 11762 11763 11952 11953 12420 12421 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Important 11762 Important 11763 Important 11952 Important 11953 Important 12420 Important 12421 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 Click to Run 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates 11762 11763 11952 11953 12420 12421 Click to Run <a href="https://www.linkedin.com/in/4n0nym4u5">4n0nym4u5</a> with <a href="https://www.zscaler.com/">Zscaler</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Exchange Server Elevation of Privilege Vulnerability <p>Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>The attacker would be able to take over the mailboxes of all Exchange users, attackers can send emails, read emails, download attachments.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker would first have to compromise with a user account who is member of an admin group to run the required code.</p> Microsoft Exchange Server Microsoft Yes CVE-2025-59249 Weak Authentication 12039 12293 12502 16792 Elevation of Privilege 12039 Elevation of Privilege 12293 Elevation of Privilege 12502 Elevation of Privilege 16792 Important 12039 Important 12293 Important 12502 Important 16792 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12293 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12502 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16792 5066369 https://www.microsoft.com/en-us/download/details.aspx?id=108420 5063223 12039 Yes Security Update 15.01.2507.061 https://support.microsoft.com/help/5066369 12039 5066369 5066368 https://www.microsoft.com/en-us/download/details.aspx?id=108421 5063222 12293 Yes Security Update 15.02.1544.036 https://support.microsoft.com/help/5066368 12293 5066368 5066367 https://www.microsoft.com/en-us/download/details.aspx?id=108419 5063221 12502 Yes Security Update 15.02.1748.039 https://support.microsoft.com/help/5066367 12502 5066367 5066366 https://www.microsoft.com/en-us/download/details.aspx?id=108422 5063224 16792 Yes Security Update 15.02.2562.029 https://support.microsoft.com/help/5066366 16792 5066366 Justin Hendricks 1.0 2025-10-14T07:00:00 <p>Information published.</p> JDBC Driver for SQL Server Spoofing Vulnerability <p>Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking a victim into connecting to a malicious server using techniques like DNS poisoning or phishing. Once connected, the attacker presents a legitimate TLS certificate with a spoofed Common Name (CN) in the Organizational Unit (OU) field. The JDBC driver mistakenly trusts this certificate, allowing the attacker to intercept SQL credentials and perform a machine-in-the-middle attack on encrypted database traffic.</p> JDBC Driver for SQL Server Microsoft Yes CVE-2025-59250 Improper Input Validation 20457 20458 20455 20460 20459 20456 20453 20454 Spoofing 20457 Spoofing 20458 Spoofing 20455 Spoofing 20460 Spoofing 20459 Spoofing 20456 Spoofing 20453 Spoofing 20454 Important 20457 Important 20458 Important 20455 Important 20460 Important 20459 Important 20456 Important 20453 Important 20454 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20457 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20458 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20455 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20460 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20459 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20456 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20453 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20454 Release Notes https://learn.microsoft.com/sql/connect/jdbc/release-notes-for-the-jdbc-driver#124 20457 No Security Update 12.4.3 https://learn.microsoft.com/en-us/sql/connect/jdbc/release-notes-for-the-jdbc-driver?view=sql-server-ver16 20457 Release Notes Release Notes https://learn.microsoft.com/sql/connect/jdbc/release-notes-for-the-jdbc-driver#122 20458 No Security Update 12.2.1 https://learn.microsoft.com/en-us/sql/connect/jdbc/release-notes-for-the-jdbc-driver?view=sql-server-ver16 20458 Release Notes Release Notes https://learn.microsoft.com/sql/connect/jdbc/release-notes-for-the-jdbc-driver#128 20455 No Security Update 12.8.2 https://learn.microsoft.com/en-us/sql/connect/jdbc/release-notes-for-the-jdbc-driver?view=sql-server-ver16 20455 Release Notes Release Notes https://learn.microsoft.com/sql/connect/jdbc/release-notes-for-the-jdbc-driver#102 20460 No Security Update 10.2.4 https://learn.microsoft.com/en-us/sql/connect/jdbc/release-notes-for-the-jdbc-driver?view=sql-server-ver16 20460 Release Notes Release Notes https://learn.microsoft.com/sql/connect/jdbc/release-notes-for-the-jdbc-driver#112 20459 No Security Update 11.2.4 https://learn.microsoft.com/en-us/sql/connect/jdbc/release-notes-for-the-jdbc-driver?view=sql-server-ver16 20459 Release Notes Release Notes https://learn.microsoft.com/sql/connect/jdbc/release-notes-for-the-jdbc-driver#126 20456 No Security Update 12.6.5 https://learn.microsoft.com/en-us/sql/connect/jdbc/release-notes-for-the-jdbc-driver?view=sql-server-ver16 20456 Release Notes Release Notes https://learn.microsoft.com/sql/connect/jdbc/release-notes-for-the-jdbc-driver#132 20453 No Security Update 13.2.1 https://learn.microsoft.com/en-us/sql/connect/jdbc/release-notes-for-the-jdbc-driver?view=sql-server-ver16 20453 Release Notes Release Notes https://learn.microsoft.com/sql/connect/jdbc/release-notes-for-the-jdbc-driver#1210 20454 No Security Update 12.10.2 https://learn.microsoft.com/en-us/sql/connect/jdbc/release-notes-for-the-jdbc-driver?view=sql-server-ver16 20454 Release Notes <a href="https://www.linkedin.com/in/nikita-markevich/">Nikita Markevich</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft DWM Core Library Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Core Library Microsoft Yes CVE-2025-59254 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 20437 20438 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 namnp with <a href="https://x.com/vcslab">Viettel Cyber Security</a> namnp with <a href="https://x.com/vcslab">Viettel Cyber Security</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows DWM Core Library Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Core Library Microsoft Yes CVE-2025-59255 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 20437 20438 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 namnp with <a href="https://x.com/vcslab">Viettel Cyber Security</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> MITRE CVE-2025-54957: Integer overflow in Dolby Digital Plus audio decoder <p>Deserialization of untrusted data in Microsoft Windows Codecs Library allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> Microsoft Windows Codecs Library MITRE Yes CVE-2025-54957 Deserialization of Untrusted Data Integer Overflow or Wraparound 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 20437 20438 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 Dolby Laboratories working with the original identifiers Ivan Fratric and Natalie Silvanovich of Google Project Zero 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Local Session Manager (LSM) Denial of Service Vulnerability <p>Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.</p> Windows Local Session Manager (LSM) Microsoft Yes CVE-2025-59257 Improper Validation of Specified Type of Input 12437 20437 20438 12244 12389 12390 12436 Denial of Service 12437 Denial of Service 20437 Denial of Service 20438 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Important 12437 Important 20437 Important 20438 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20438 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 20437 20438 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 Hussein Alrubaye with Microsoft 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability <p>Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could obtain Single Sign-On (SSO) cookies in ADFS logs.</p> Active Directory Federation Services Microsoft Yes CVE-2025-59258 Insertion of Sensitive Information into Log File 11571 11572 11923 11924 12437 12244 12436 10816 10855 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12436 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10816 10855 5066836 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Anonymous Anonymous 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Local Session Manager (LSM) Denial of Service Vulnerability <p>Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.</p> Windows Local Session Manager (LSM) Microsoft Yes CVE-2025-59259 Improper Validation of Specified Type of Input 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 20437 Denial of Service 20438 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20438 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 20437 20438 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Hussein Alrubaye with Microsoft Hussein Alrubaye with Microsoft 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Authentication Elevation of Privilege Vulnerability <p>Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> Windows Authentication Methods Microsoft Yes CVE-2025-59277 Improper Validation of Specified Type of Input 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows SMB Client Tampering Vulnerability <p>Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) and integrity (I:N), but could lead to some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>Data Tampering when connecting to a SMB2 Server which doesn't support SMB Multi-protocol negotiate.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.</p> Windows SMB Client Microsoft Yes CVE-2025-59280 Improper Authentication 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Tampering 11568 Tampering 11569 Tampering 11571 Tampering 11572 Tampering 11923 Tampering 11924 Tampering 11929 Tampering 11930 Tampering 11931 Tampering 12085 Tampering 12086 Tampering 12097 Tampering 12098 Tampering 12099 Tampering 12437 Tampering 12242 Tampering 12243 Tampering 12244 Tampering 12389 Tampering 12390 Tampering 12436 Tampering 10729 Tampering 10735 Tampering 10852 Tampering 10853 Tampering 10816 Tampering 10855 Tampering 9312 Tampering 10287 Tampering 9318 Tampering 9344 Tampering 10051 Tampering 10049 Tampering 10378 Tampering 10379 Tampering 10483 Tampering 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11568 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11569 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11571 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11572 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11923 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11924 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11929 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11930 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11931 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12085 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12086 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12097 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12098 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12099 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12437 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12242 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12243 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12244 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12389 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12390 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12436 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 10729 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 10735 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 10852 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 10853 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 10816 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 10855 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 9312 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 10287 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 9318 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 9344 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 10051 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 10049 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 10378 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 10379 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 10483 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 10543 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Anonymous 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Failover Cluster Information Disclosure Vulnerability <p>Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker that successfully exploited this vulnerability could recover any data that is put in the system logs on the Compute Instance including cleartext passwords.</p> <p><strong>What further actions should I take to protect my environment after applying the fix?</strong></p> <p>Even after applying the security update, residual sensitive information may still exist in system logs. We strongly recommend that administrator users <strong>change their passwords</strong> to mitigate any potential risk from previously exposed credentials.</p> Windows Failover Cluster Microsoft Yes CVE-2025-47979 Insertion of Sensitive Information into Log File 12437 12244 12436 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Important 12437 Important 12244 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12436 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 Anonymous 1.0 2025-10-14T07:00:00 <p>Information published.</p> GitHub CVE-2025-54132: Arbitrary Image Fetch in Mermaid Diagram Tool <p>Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render diagrams) allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled server through an image fetch after successfully performing a prompt injection. A malicious model (or hallucination/backdoor) might also trigger this exploit at will. This issue requires prompt injection from malicious data (web, image upload, source code) to be exploited. In that case, it can send sensitive information to an attacker-controlled external server.</p> <p>GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in Mermaid which address this vulnerability. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> Visual Studio GitHub Yes CVE-2025-54132 Improper Neutralization of Special Elements used in a Command ('Command Injection') 16767 Information Disclosure 16767 Important 16767 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.4 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 16767 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.14 16767 Maybe Security Update 17.14.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 16767 Release Notes 1.0 2025-10-14T07:00:00 <p>Information published.</p> Xbox Gaming Services Elevation of Privilege Vulnerability <p>Improper link resolution before file access ('link following') in XBox Gaming Services allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker would be able to delete targeted files on a system.</p> XBox Gaming Services Microsoft Yes CVE-2025-59281 Improper Link Resolution Before File Access ('Link Following') 12316 Elevation of Privilege 12316 Important 12316 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12316 Store https://apps.microsoft.com/detail/9mwpm2cqnlhn?hl=en-us&gl=US&ocid=pdpshare 12316 Maybe Security Update 31.105.17001.0 https://apps.microsoft.com/detail/9mwpm2cqnlhn?hl=en-us&gl=US&ocid=pdpshare 12316 Store Dominic Littlewood Dominic Littlewood Dominic Littlewood 1.0 2025-10-14T07:00:00 <p>Information published.</p> Internet Information Services (IIS) Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Inbox COM Objects Microsoft Yes CVE-2025-59282 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 20437 20438 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Remote Code Execution 20437 Remote Code Execution 20438 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 20437 Important 20438 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 20437 20438 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 <p><a href="https://www.microsoft.com/en-us/msrc/glossary#Mitigation">Mitigation</a> refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability.</p> <p><strong>The following mitigating factors might be helpful in your situation:</strong></p> <p>Customers who have not enabled [Internet Information Services (IIS)]((<a href="https://www.microsoft.com/en-us/msrc/glossary#IIS">https://www.microsoft.com/en-us/msrc/glossary#IIS</a>) are not vulnerable to this attack.</p> Zhiniang Peng with HUST &amp; R4nger with CyberKunLun 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows NTLM Spoofing Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally.</p> Windows NTLM Microsoft Yes CVE-2025-59284 Exposure of Sensitive Information to an Unauthorized Actor 12085 12086 12437 20437 20438 12242 12243 12389 12390 12436 Spoofing 12085 Spoofing 12086 Spoofing 12437 Spoofing 20437 Spoofing 20438 Spoofing 12242 Spoofing 12243 Spoofing 12389 Spoofing 12390 Spoofing 12436 Important 12085 Important 12086 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12085 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12086 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12437 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 20437 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 20438 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12242 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12243 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12389 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12390 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12436 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 20437 20438 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 Len Sadowski and Oguz Bektas working with Trend Zero Day initiative 1.0 2025-10-14T07:00:00 <p>Information published.</p> Chromium: CVE-2025-11212 Inappropriate implementation in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>141.0.3537.57</td> <td>10/2/2025</td> <td>141.0.7390.55</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-11212 11655 11655 11655 Release Notes 11655 No Security Update 141.0.3537.57 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-02T20:48:03 <p>Information published.</p> Chromium: CVE-2025-11211 Out of bounds read in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>141.0.3537.57</td> <td>10/2/2025</td> <td>141.0.7390.55</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-11211 11655 11655 11655 Release Notes 11655 No Security Update 141.0.3537.57 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-02T20:48:02 <p>Information published.</p> Chromium: CVE-2025-11209 Inappropriate implementation in Omnibox <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>141.0.3537.57</td> <td>10/2/2025</td> <td>141.0.7390.55</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-11209 11655 11655 11655 Release Notes 11655 No Security Update 141.0.3537.57 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-02T20:48:00 <p>Information published.</p> Chromium: CVE-2025-11205 Heap buffer overflow in WebGPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>141.0.3537.57</td> <td>10/2/2025</td> <td>141.0.7390.55</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-11205 11655 11655 11655 Release Notes 11655 No Security Update 141.0.3537.57 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-02T20:47:54 <p>Information published.</p> Playwright Spoofing Vulnerability <p>Improper verification of cryptographic signature in Github: Playwright allows an unauthorized attacker to perform spoofing over an adjacent network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.</p> <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p> Github: Playwright Microsoft Yes CVE-2025-59288 Improper Verification of Cryptographic Signature 20514 Spoofing 20514 Moderate 20514 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.3 4.9 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RC:C 20514 Repo https://github.com/microsoft/playwright/releases/tag/v1.55.1 20514 Maybe Security Update 1.55.1 https://github.com/microsoft/playwright 20514 Repo <a href="https://www.linkedin.com/in/jonathan-leitschuh/">Jonathan Leitschuh</a> with <a href="https://socket.dev/">Socket</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Bluetooth Service Elevation of Privilege Vulnerability <p>Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Bluetooth Service Microsoft Yes CVE-2025-59290 Use After Free 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 12097 12098 12099 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 Zhiniang Peng with HUST &amp; R4nger with CyberKunLun 1.0 2025-10-14T07:00:00 <p>Information published. This CVE was addressed by updates that were released in September 2025, but the CVE was inadvertently omitted from the September 2025 Security Updates. This is an informational change only. Customers who have already installed the September 2025 updates do not need to take any further action.</p> Confidential Azure Container Instances Elevation of Privilege Vulnerability <p>External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could trick the system into mounting a malicious file share to a sensitive location, allowing them to run harmful code.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>The attacker could gain code execution within the confidential ACI sidecar container, escalating from host control to confidential containers.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A successful attack allows the container host to execute code in the targeted guest environment.</p> <p><strong>What actions need to be taken to mitigate this vulnerability?</strong></p> <p>To ensure secure and compliant use of Confidential virtual nodes on Azure Container Instances, customers must take the following actions:</p> <h3 id="update-helm-charts"><strong>1. Update Helm Charts</strong></h3> <ul> <li>If you are using Confidential virtual nodes, update to Helm chart version 1.3012.25080101 or later.</li> <li>Follow the deployment instructions provided in the <a href="https://github.com/microsoft/virtualnodesOnAzureContainerInstances">https://github.com/microsoft/virtualnodesOnAzureContainerInstances</a> repository.</li> </ul> <h3 id="regenerate-cce-policy"><strong>2. Regenerate CCE Policy</strong></h3> <p>If you are using Confidential ACI or Confidential virtual nodes, you must regenerate your Confidential Compute Environment (CCE) policy with a minimum infrastructure fragment SVN of 4.</p> <p>To do this:</p> <p><strong>1. Update the Azure CLI confcom extension to version 1.2.8 or later:</strong></p> <ul> <li> <pre><code> *az extension update --name confcomShow more lines* </code></pre> </li> </ul> <p>Alternatively, you can manually set the infrastructure SVN using:</p> <ul> <li> <pre><code> *--infrastructure-svn 4* </code></pre> </li> </ul> <p><strong>2. Regenerate the CCE policy using either an ARM template or YAML file, depending on your deployment method.</strong></p> <p><strong>3. Update any dependent key release policies, such as those using x-ms-sevsnpvm-hostdata claim checks in a Managed HSM (mHSM) key release policy.</strong></p> <p><strong>4. Re-deploy your workload to apply the updated policy and configuration.</strong></p> Confidential Azure Container Instances Microsoft Yes CVE-2025-59291 External Control of File Name or Path 12304 Elevation of Privilege 12304 Critical 12304 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12304 Microsoft Offensive Research &amp; Security Engineering Microsoft Offensive Research &amp; Security Engineering 1.0 2025-10-14T07:00:00 <p>Information published.</p> Azure Compute Gallery Elevation of Privilege Vulnerability <p>External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>The attacker could gain code execution within the confidential ACI sidecar container, escalating from host control to confidential containers.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could trick the system into mounting a malicious file share to a sensitive location, allowing them to run harmful code.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A successful attack allows the container host to execute code in the targeted guest environment.</p> <p><strong>What actions need to be taken to mitigate this vulnerability?</strong></p> <p>To ensure secure and compliant use of Confidential virtual nodes on Azure Container Instances, customers must take the following actions:</p> <h3 id="update-helm-charts"><strong>1. Update Helm Charts</strong></h3> <ul> <li>If you are using Confidential virtual nodes, update to Helm chart version 1.3012.25080101 or later.</li> <li>Follow the deployment instructions provided in the <a href="https://github.com/microsoft/virtualnodesOnAzureContainerInstances">https://github.com/microsoft/virtualnodesOnAzureContainerInstances</a> repository.</li> </ul> <h3 id="regenerate-cce-policy"><strong>2. Regenerate CCE Policy</strong></h3> <p>If you are using Confidential ACI or Confidential virtual nodes, you must regenerate your Confidential Compute Environment (CCE) policy with a minimum infrastructure fragment SVN of 4.</p> <p>To do this:</p> <p><strong>1. Update the Azure CLI confcom extension to version 1.2.8 or later:</strong></p> <ul> <li> <pre><code> *az extension update --name confcomShow more lines* </code></pre> </li> </ul> <p>Alternatively, you can manually set the infrastructure SVN using:</p> <ul> <li> <pre><code> *--infrastructure-svn 4* </code></pre> </li> </ul> <p><strong>2. Regenerate the CCE policy using either an ARM template or YAML file, depending on your deployment method.</strong></p> <p><strong>3. Update any dependent key release policies, such as those using x-ms-sevsnpvm-hostdata claim checks in a Managed HSM (mHSM) key release policy.</strong></p> <p><strong>4. Re-deploy your workload to apply the updated policy and configuration.</strong></p> Confidential Azure Container Instances Microsoft Yes CVE-2025-59292 External Control of File Name or Path 12304 Elevation of Privilege 12304 Critical 12304 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12304 Microsoft Offensive Research &amp; Security Engineering Microsoft Offensive Research &amp; Security Engineering 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Taskbar Live Preview Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is secrets or privileged information belonging to the user of the affected application.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user would need to physically access the device after the user has hovered over a taskbar preview and then locked the screen or put the device to sleep, potentially exposing the application window on the lock screen.</p> Windows Taskbar Live Microsoft Yes CVE-2025-59294 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 20437 Information Disclosure 20438 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11568 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11569 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11571 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11572 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11923 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11924 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11929 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11930 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11931 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12085 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12086 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12097 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12098 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12099 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12437 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 20437 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 20438 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12242 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12243 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12244 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12389 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12390 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12436 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10729 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10735 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10852 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10853 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10816 2.1 1.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10855 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 20437 20438 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 Ludwig Andrew Haigh with Aptean PeterAS17 with https://www.peteras17.me/ Andrew Haigh with Aptean Anthony Juanelli 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows URL Parsing Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click a specially crafted button for the attacker to successfully exploit the vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires a user to open a specially crafted file from the attacker to initiate remote code execution.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability within the Workstation Service component to cause arbitrary memory write or control flow hijacking, resulting in privilege escalation. This could potentially allow the attacker to execute code with elevated privileges, compromising the security of the system.</p> <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> Internet Explorer Microsoft Yes CVE-2025-59295 Heap-based Buffer Overflow 20437 20438 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 20437 Important 20438 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066835 https://support.microsoft.com/help/5066835 20437 20438 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066840 5065435 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Yes IE Cumulative 1.000 https://support.microsoft.com/help/5066840 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 5066840 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 <a href="https://twitter.com/j00sean">j00sean</a> <a href="https://x.com/h4urek">h4urek</a> <a href="https://twitter.com/j00sean">j00sean</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> 1.1 2025-10-23T07:00:00 <p>Added an acknowledgement. This is an informational change only.</p> Azure Monitor Agent Elevation of Privilege Vulnerability <p>Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>A successful exploitation of this vulnerability allows a regular user on an Arc-enabled VM to read any file on the system with NT SYSTEM privileges.</p> Azure Monitor Agent Microsoft Yes CVE-2025-59494 Improper Access Control 12331 Elevation of Privilege 12331 Important 12331 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12331 Release Notes https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal 12331 Maybe Security Update 1.38.1.0 https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal 12331 Release Notes Michal Kamensky with Microsoft 1.0 2025-10-14T07:00:00 <p>Information published.</p> MITRE CVE-2016-9535: LibTIFF Heap Buffer Overflow Vulnerability <p>tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka &quot;Predictor heap-buffer-overflow.&quot;</p> <p>MITRE created this CVE on their behalf. The documented Windows updates incorporate updates in LibTIFF which address this vulnerability. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> Microsoft Graphics Component MITRE Yes CVE-2016-9535 Dependency on Vulnerable Third-Party Component 12155 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 12155 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 12155 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 20437 Critical 20438 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 12155 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 11568 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 11569 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 11571 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 11572 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 11923 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 11924 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 11929 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 11930 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 11931 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 12085 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 12086 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 12097 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 12098 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 12099 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 12437 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20437 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20438 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 12242 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 12243 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 12244 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 12389 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 12390 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 12436 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 10729 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 10735 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 10852 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 10853 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 10816 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 10855 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 9312 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 10287 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 9318 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 9344 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 10051 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 10049 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 10378 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 10379 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 10483 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 10543 Release Notes https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow 12155 Maybe Security Update 16.0.19426.20044 https://support.google.com/googleplay/answer/113412?hl=en 12155 Release Notes 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 20437 20438 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Anonymous 1.0 2025-10-14T07:00:00 <p>Information published.</p> 2.0 2026-02-10T08:00:00 <p>Added Affected Software for Windows packages</p> Chromium: CVE-2025-11460 Use after free in Storage <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>141.0.3537.71</td> <td>10/9/2025</td> <td>141.0.7390.65/.66</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-11460 11655 11655 11655 Release Notes 11655 No Security Update 141.0.3537.71 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-09T16:08:32 <p>Information published.</p> Chromium: CVE-2025-11458 Heap buffer overflow in Sync <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>141.0.3537.71</td> <td>10/9/2025</td> <td>141.0.7390.65/.66</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-11458 11655 11655 11655 Release Notes 11655 No Security Update 141.0.3537.71 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-09T16:08:29 <p>Information published.</p> Remote Procedure Call Denial of Service Vulnerability <p>Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network.</p> Windows Remote Procedure Call Microsoft Yes CVE-2025-59502 Uncontrolled Resource Consumption 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Moderate 11568 Moderate 11569 Moderate 11571 Moderate 11572 Moderate 11923 Moderate 11924 Moderate 11929 Moderate 11930 Moderate 11931 Moderate 12085 Moderate 12086 Moderate 12097 Moderate 12098 Moderate 12099 Moderate 12437 Moderate 12242 Moderate 12243 Moderate 12244 Moderate 12389 Moderate 12390 Moderate 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 12097 12098 12099 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 <a href="https://www.linkedin.com/in/or-yair">Or Yair</a> with <a href="https://www.safebreach.com/">SafeBreach</a> 1.0 2025-10-14T07:00:00 <p>Information published. This CVE was addressed by updates that were released in September 2025, but the CVE was inadvertently omitted from the September 2025 Security Updates. This is an informational change only. Customers who have already installed the September 2025 updates do not need to take any further action.</p> Chromium: CVE-2025-12444 Incorrect security UI in Fullscreen UI <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>142.0.3595.53</td> <td>10/31/2025</td> <td>142.0.7445.59/.60</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-12444 11655 11655 11655 Release Notes 11655 No Security Update 142.0.3595.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-31T07:00:01 <p>Information published.</p> Chromium: CVE-2025-12447 Incorrect security UI in Omnibox <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>142.0.3595.53</td> <td>10/31/2025</td> <td>142.0.7445.59/.60</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-12447 11655 11655 11655 Release Notes 11655 No Security Update 142.0.3595.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-31T07:00:03 <p>Information published.</p> Chromium: CVE-2025-12446 Incorrect security UI in SplitView <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>142.0.3595.53</td> <td>10/31/2025</td> <td>142.0.7445.59/.60</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-12446 11655 11655 11655 Release Notes 11655 No Security Update 142.0.3595.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-31T07:00:02 <p>Information published.</p> Chromium: CVE-2025-12445 Policy bypass in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>142.0.3595.53</td> <td>10/31/2025</td> <td>142.0.7445.59/.60</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-12445 11655 11655 11655 Release Notes 11655 No Security Update 142.0.3595.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-31T07:00:01 <p>Information published.</p> Chromium: CVE-2025-12433 Inappropriate implementation in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>142.0.3595.53</td> <td>10/31/2025</td> <td>142.0.7445.59/.60</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-12443 11655 11655 11655 Release Notes 11655 No Security Update 142.0.3595.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-31T07:00:00 <p>Information published.</p> Chromium: CVE-2025-12441 Out of bounds read in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>142.0.3595.53</td> <td>10/31/2025</td> <td>142.0.7445.59/.60</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-12441 11655 11655 11655 Release Notes 11655 No Security Update 142.0.3595.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-31T07:00:59 <p>Information published.</p> Chromium: CVE-2025-12440 Inappropriate implementation in Autofill <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>142.0.3595.53</td> <td>10/31/2025</td> <td>142.0.7445.59/.60</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-12440 11655 11655 11655 Release Notes 11655 No Security Update 142.0.3595.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-31T07:00:58 <p>Information published.</p> Chromium: CVE-2025-12439 Inappropriate implementation in App-Bound Encryption <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>142.0.3595.53</td> <td>10/31/2025</td> <td>142.0.7445.59/.60</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-12439 11655 11655 11655 Release Notes 11655 No Security Update 142.0.3595.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-31T07:00:57 <p>Information published.</p> Chromium: CVE-2025-12434 Race in Storage <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>142.0.3595.53</td> <td>10/31/2025</td> <td>142.0.7445.59/.60</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-12434 11655 11655 11655 Release Notes 11655 No Security Update 142.0.3595.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-31T07:00:52 <p>Information published.</p> Chromium: CVE-2025-12435 Incorrect security UI in Omnibox <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>142.0.3595.53</td> <td>10/31/2025</td> <td>142.0.7445.59/.60</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-12435 11655 11655 11655 Release Notes 11655 No Security Update 142.0.3595.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-31T07:00:53 <p>Information published.</p> Chromium: CVE-2025-12436 Policy bypass in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>142.0.3595.53</td> <td>10/31/2025</td> <td>142.0.7445.59/.60</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-12436 11655 11655 11655 Release Notes 11655 No Security Update 142.0.3595.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-31T07:00:54 <p>Information published.</p> Chromium: CVE-2025-12437 Use after free in PageInfo <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>142.0.3595.53</td> <td>10/31/2025</td> <td>142.0.7445.59/.60</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-12437 11655 11655 11655 Release Notes 11655 No Security Update 142.0.3595.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-31T07:00:55 <p>Information published.</p> Chromium: CVE-2025-12438 Use after free in Ozone <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>142.0.3595.53</td> <td>10/31/2025</td> <td>142.0.7445.59/.60</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-12438 11655 11655 11655 Release Notes 11655 No Security Update 142.0.3595.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-31T07:00:56 <p>Information published.</p> Chromium: CVE-2025-12433 Inappropriate implementation in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>142.0.3595.53</td> <td>10/31/2025</td> <td>142.0.7445.59/.60</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-12433 11655 11655 11655 Release Notes 11655 No Security Update 142.0.3595.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-31T07:00:51 <p>Information published.</p> Chromium: CVE-2025-12431 Inappropriate implementation in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>142.0.3595.53</td> <td>10/31/2025</td> <td>142.0.7445.59/.60</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-12431 11655 11655 11655 Release Notes 11655 No Security Update 142.0.3595.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-31T07:00:49 <p>Information published.</p> Chromium: CVE-2025-12430 Object lifecycle issue in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>142.0.3595.53</td> <td>10/31/2025</td> <td>142.0.7445.59/.60</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-12430 11655 11655 11655 Release Notes 11655 No Security Update 142.0.3595.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-31T07:00:48 <p>Information published.</p> Chromium: CVE-2025-12432 Race in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>142.0.3595.53</td> <td>10/31/2025</td> <td>142.0.7445.59/.60</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-12432 11655 11655 11655 Release Notes 11655 No Security Update 142.0.3595.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-31T07:00:50 <p>Information published.</p> Chromium: CVE-2025-12429 Inappropriate implementation in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>142.0.3595.53</td> <td>10/31/2025</td> <td>142.0.7445.59/.60</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-12429 11655 11655 11655 Release Notes 11655 No Security Update 142.0.3595.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-31T07:00:47 <p>Information published.</p> Chromium: CVE-2025-12428 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>142.0.3595.53</td> <td>10/31/2025</td> <td>142.0.7445.59/.60</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-12428 11655 11655 11655 Release Notes 11655 No Security Update 142.0.3595.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-31T07:00:43 <p>Information published.</p> Virtual Secure Mode Spoofing Vulnerability <p>Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> Virtual Secure Mode Microsoft Yes CVE-2025-48813 Use of a Key Past its Expiration Date 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Spoofing 20438 Spoofing 20437 Spoofing 11568 Spoofing 11569 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12437 Spoofing 12242 Spoofing 12243 Spoofing 12244 Spoofing 12389 Spoofing 12390 Spoofing 12436 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20438 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20437 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12085 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12086 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12244 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 1.0 2025-10-14T07:00:00 <p>Information published.</p> PowerShell Elevation of Privilege Vulnerability <p>Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could create, modify, or delete files in the security context of the &quot;NT AUTHORITY\SYSTEM&quot; account.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker could place a malicious file in a specified custom module path and then wait for a user to run a privileged .NET application that starts a PowerShell session under <code>NT AUTHORITY\SYSTEM</code> privileges</p> Microsoft PowerShell Microsoft Yes CVE-2025-25004 Improper Access Control 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 12262 16787 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 12262 Elevation of Privilege 16787 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 12262 Important 16787 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12262 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16787 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 20437 20438 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Release Notes https://github.com/PowerShell/Announcements/issues/81 12262 Maybe Security Update 7.4.13 https://github.com/PowerShell/Announcements/issues/81 12262 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/81 16787 Maybe Security Update 7.5.4 https://github.com/PowerShell/Announcements/issues/81 16787 Release Notes Casper tsuki tsuki 1.0 2025-10-14T07:00:00 <p>Information published.</p> 2.0 2025-10-21T07:00:00 <p>In the Security Updates table, updated Download and Article links for PowerShell 7.4 and PowerShell 7.5. See <a href="https://github.com/PowerShell/Announcements/issues/81">https://github.com/PowerShell/Announcements/issues/81</a> for more information.</p> Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability <p>Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges would an attacker gain by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially leak data from the target enclave or execute code within the context of the target enclave.</p> <p><strong>Are there any additional steps that I need to follow to be protected from this vulnerability?</strong></p> <p>The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in <a href="https://support.microsoft.com/help/5042562">Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates</a> has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> Windows Virtualization-Based Security (VBS) Enclave Microsoft Yes CVE-2025-53717 Reliance on Untrusted Inputs in a Security Decision 20438 20437 12085 12086 12242 12243 12389 12390 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Important 20438 Important 20437 Important 12085 Important 12086 Important 12242 Important 12243 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12389 12390 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12389 12390 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12389 12390 5066835 Microsoft Offensive Research &amp; Security Engineering 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p>Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2025-50152 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 20438 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 20438 Elevation of Privilege 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 20438 Important 20437 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 20438 20437 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 Anonymous 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Digital Media Elevation of Privilege Vulnerability <p>Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level.</p> Windows Digital Media Microsoft Yes CVE-2025-53150 Use After Free Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 20438 20437 11568 11569 11571 11572 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37)</a> with <a href="https://www.enki.co.kr/">Ajou University, and working at ENKI WhiteHat</a> <a href="https://linkedin.com/in/kdj-abysslab">Dongjun Kim (smlijun)</a> with <a href="https://www.enki.co.kr/">Ajou University, and working at ENKI WhiteHat</a> <a href="https://www.linkedin.com/in/seongheunh">Seongheun Hong (seongheunh)</a> with <a href="https://security.ajou.ac.kr/security/index.do">Ajou University</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Digital Media Elevation of Privilege Vulnerability <p>Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level.</p> Windows Digital Media Microsoft Yes CVE-2025-50175 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 20438 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 20438 Important 20437 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 20438 20437 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 vipinkumar 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Hello Security Feature Bypass Vulnerability <p>Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass the Windows Hello Facial and Fingerprint Recognition security feature.</p> <p><strong>Where can I find more information about Windows Hello Face Authentication?</strong></p> <p>Please see <a href="https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-face-authentication">Windows Hello Face Authentication</a> and/or <a href="https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-fingerprint-authentication">Windows Hello Fingerprint Authentication</a> for updated details.</p> Windows Hello Microsoft Yes CVE-2025-53139 Cleartext Transmission of Sensitive Information 20438 20437 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12389 12390 12436 Security Feature Bypass 20438 Security Feature Bypass 20437 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Important 20438 Important 20437 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20438 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20437 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12085 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12086 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 7.7 6.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 <a href="https://www.linkedin.com/in/paragmali/">Parag Mali</a> with <a href="http://www.microsoft.com/">Microsoft</a> <a href="https://www.linkedin.com/in/paragmali/">Parag Mali</a> with <a href="http://www.microsoft.com/">Microsoft</a> <a href="https://x.com/_ethicalchaos_">Ceri Coburn</a> with <a href="https://www.netspi.com/">NetSPI</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Xbox IStorageService Elevation of Privilege Vulnerability <p>Use after free in Xbox allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Xbox Microsoft Yes CVE-2025-53768 Use After Free Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11929 11930 11931 12085 12086 12097 12098 12099 20437 20438 12242 12243 12389 12390 10729 10735 10852 10853 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Important 11568 Important 11569 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 10729 Important 10735 Important 10852 Important 10853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 5066586 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066835 https://support.microsoft.com/help/5066835 20437 20438 12389 12390 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12389 12390 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12389 12390 5066835 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 5066836 R4nger with CyberKunLun &amp; Zhiniang Peng with HUST 1.0 2025-10-14T07:00:00 <p>Information published.</p> Visual Studio Elevation of Privilege Vulnerability <p>Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker could place a malicious file on the path to the project directory and then wait for a user with admin privileges to create a Visual Studio project to gain elevated privileges.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> Visual Studio Microsoft Yes CVE-2025-55240 Improper Access Control 11600 11935 12322 12459 16767 Elevation of Privilege 11600 Elevation of Privilege 11935 Elevation of Privilege 12322 Elevation of Privilege 12459 Elevation of Privilege 16767 Important 11600 Important 11935 Important 12322 Important 12459 Important 16767 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11600 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12322 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12459 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16767 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.77 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.52 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.20 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 12459 Maybe Security Update 17.12.13 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12459 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.14 16767 Maybe Security Update 17.14.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 16767 Release Notes Polar Penguin <a href="https://github.com/ycdxsb">ycdxsb</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability <p>Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Personally Identifiable Information (PII).</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker with read/write privileges must send a victim a malicious email, or share the link to a malicious email, and convince them to open it.</p> .NET, .NET Framework, Visual Studio Microsoft Yes CVE-2025-55248 Inadequate Encryption Strength 12415 12416 12432 12433 12434 12414 12459 12322 16767 11650-10852 11650-10853 11650-10816 11650-10855 11650-10051 11650-10049 11650-10378 11650-10379 11650-10483 11650-10543 11676-11568 11676-11569 11676-11571 11676-11572 11676-11923 11676-11924 11676-11929 11676-11930 11676-11931 11676-12097 11676-12098 11676-12099 11677-11568 11677-11569 11677-11571 11677-11572 11677-10852 11677-10853 11677-10816 11677-10855 11863-10051 11863-10049 11863-10378 11863-10379 11863-10483 11863-10543 12079-11923 12079-11924 12079-11929 12079-11930 12079-11931 12079-12085 12079-12086 12079-12097 12079-12098 12079-12099 12079-12242 12079-12243 12079-12244 12079-12389 12079-12390 12115-9312 12115-10287 12115-9318 12115-9344 9292-9312 9292-9318 9195-9312 9195-9318 2472-9312 2472-9318 2472-10378 2472-10379 2472-10483 2472-10543 9495-10051 9495-10049 12079-20437 12079-20438 Information Disclosure 12415 Information Disclosure 12416 Information Disclosure 12432 Information Disclosure 12433 Information Disclosure 12434 Information Disclosure 12414 Information Disclosure 12459 Information Disclosure 12322 Information Disclosure 16767 Information Disclosure 11650-10852 Information Disclosure 11650-10853 Information Disclosure 11650-10816 Information Disclosure 11650-10855 Information Disclosure 11650-10051 Information Disclosure 11650-10049 Information Disclosure 11650-10378 Information Disclosure 11650-10379 Information Disclosure 11650-10483 Information Disclosure 11650-10543 Information Disclosure 11676-11568 Information Disclosure 11676-11569 Information Disclosure 11676-11571 Information Disclosure 11676-11572 Information Disclosure 11676-11923 Information Disclosure 11676-11924 Information Disclosure 11676-11929 Information Disclosure 11676-11930 Information Disclosure 11676-11931 Information Disclosure 11676-12097 Information Disclosure 11676-12098 Information Disclosure 11676-12099 Information Disclosure 11677-11568 Information Disclosure 11677-11569 Information Disclosure 11677-11571 Information Disclosure 11677-11572 Information Disclosure 11677-10852 Information Disclosure 11677-10853 Information Disclosure 11677-10816 Information Disclosure 11677-10855 Information Disclosure 11863-10051 Information Disclosure 11863-10049 Information Disclosure 11863-10378 Information Disclosure 11863-10379 Information Disclosure 11863-10483 Information Disclosure 11863-10543 Information Disclosure 12079-11923 Information Disclosure 12079-11924 Information Disclosure 12079-11929 Information Disclosure 12079-11930 Information Disclosure 12079-11931 Information Disclosure 12079-12085 Information Disclosure 12079-12086 Information Disclosure 12079-12097 Information Disclosure 12079-12098 Information Disclosure 12079-12099 Information Disclosure 12079-12242 Information Disclosure 12079-12243 Information Disclosure 12079-12244 Information Disclosure 12079-12389 Information Disclosure 12079-12390 Information Disclosure 12115-9312 Information Disclosure 12115-10287 Information Disclosure 12115-9318 Information Disclosure 12115-9344 Information Disclosure 9292-9312 Information Disclosure 9292-9318 Information Disclosure 9195-9312 Information Disclosure 9195-9318 Information Disclosure 2472-9312 Information Disclosure 2472-9318 Information Disclosure 2472-10378 Information Disclosure 2472-10379 Information Disclosure 2472-10483 Information Disclosure 2472-10543 Information Disclosure 9495-10051 Information Disclosure 9495-10049 Information Disclosure 12079-20437 Information Disclosure 12079-20438 Important 12415 Important 12416 Important 12432 Important 12433 Important 12434 Important 12414 Important 12459 Important 12322 Important 16767 Important 11650-10852 Important 11650-10853 Important 11650-10816 Important 11650-10855 Important 11650-10051 Important 11650-10049 Important 11650-10378 Important 11650-10379 Important 11650-10483 Important 11650-10543 Important 11676-11568 Important 11676-11569 Important 11676-11571 Important 11676-11572 Important 11676-11923 Important 11676-11924 Important 11676-11929 Important 11676-11930 Important 11676-11931 Important 11676-12097 Important 11676-12098 Important 11676-12099 Important 11677-11568 Important 11677-11569 Important 11677-11571 Important 11677-11572 Important 11677-10852 Important 11677-10853 Important 11677-10816 Important 11677-10855 Important 11863-10051 Important 11863-10049 Important 11863-10378 Important 11863-10379 Important 11863-10483 Important 11863-10543 Important 12079-11923 Important 12079-11924 Important 12079-11929 Important 12079-11930 Important 12079-11931 Important 12079-12085 Important 12079-12086 Important 12079-12097 Important 12079-12098 Important 12079-12099 Important 12079-12242 Important 12079-12243 Important 12079-12244 Important 12079-12389 Important 12079-12390 Important 12115-9312 Important 12115-10287 Important 12115-9318 Important 12115-9344 Important 9292-9312 Important 9292-9318 Important 9195-9312 Important 9195-9318 Important 2472-9312 Important 2472-9318 Important 2472-10378 Important 2472-10379 Important 2472-10483 Important 2472-10543 Important 9495-10051 Important 9495-10049 Important 12079-20437 Important 12079-20438 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12415 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12416 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12432 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12433 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12434 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12414 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12459 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12322 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 16767 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10852 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10853 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10816 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10855 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10051 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10049 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10378 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10379 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10483 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10543 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-11568 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-11569 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-11571 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-11572 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-11923 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-11924 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-11929 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-11930 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-11931 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-12097 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-12098 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-12099 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11677-11568 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11677-11569 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11677-11571 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11677-11572 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11677-10852 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11677-10853 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11677-10816 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11677-10855 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10051 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10049 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10378 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10379 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10483 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10543 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-11923 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-11924 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-11929 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-11930 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-11931 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-12085 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-12086 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-12097 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-12098 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-12099 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-12242 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-12243 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-12244 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-12389 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-12390 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12115-9312 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12115-10287 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12115-9318 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12115-9344 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9292-9312 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9292-9318 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9195-9312 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9195-9318 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 2472-9312 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 2472-9318 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 2472-10378 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 2472-10379 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 2472-10483 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 2472-10543 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9495-10051 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9495-10049 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-20437 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-20438 5068331 https://dotnet.microsoft.com/en-us/download/dotnet/8.0 12415 12416 12414 Maybe Security Update 8.0.21 https://support.microsoft.com/help/5068331 12415 12416 12414 5068331 5068332 https://dotnet.microsoft.com/en-us/download/dotnet/9.0 12432 12433 12434 Maybe Security Update 9.0.10 https://support.microsoft.com/help/5068332 12432 12433 12434 5068332 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 12459 Maybe Security Update 17.12.13 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12459 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.20 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.14 16767 Maybe Security Update 17.14.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 16767 Release Notes 5066136 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066136 11650-10852 11650-10853 11650-10816 11650-10855 Maybe Security Update 4.8.04798.02 https://support.microsoft.com/help/5066136 11650-10852 11650-10853 11650-10816 11650-10855 5066136 5066739 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066141 11650-10051 11650-10049 Maybe Monthly Rollup 4.8.04798.02 https://support.microsoft.com/help/5066739 11650-10051 11650-10049 5066739 5066740 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066138 11650-10378 11650-10379 Maybe Monthly Rollup 4.8.04798.04 https://support.microsoft.com/help/5066740 11650-10378 11650-10379 5066740 5066741 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066140 11650-10483 11650-10543 Maybe Monthly Rollup 4.8.04798.04 https://support.microsoft.com/help/5066741 11650-10483 11650-10543 5066741 5066738 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066137 11676-11568 11676-11569 11676-11571 11676-11572 Maybe Security Update 4.8.04798.02 https://support.microsoft.com/help/5066738 11676-11568 11676-11569 11676-11571 11676-11572 5066738 5066743 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066139 11676-11923 11676-11924 Maybe Security Update 4.8.04798.04 https://support.microsoft.com/help/5066743 11676-11923 11676-11924 5066743 5066746 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066135 11676-11929 11676-11930 11676-11931 Maybe Security Update 4.8.04798.04 https://support.microsoft.com/help/5066746 11676-11929 11676-11930 11676-11931 5066746 5066747 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066135 11676-12097 11676-12098 11676-12099 Maybe Security Update 4.8.04798.04 https://support.microsoft.com/help/5066747 11676-12097 11676-12098 11676-12099 5066747 5066738 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066143 11677-11568 11677-11569 11677-11571 11677-11572 Maybe Security Update 4.7.04137.03 https://support.microsoft.com/help/5066738 11677-11568 11677-11569 11677-11571 11677-11572 5066738 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 11677-10852 11677-10853 11677-10816 11677-10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 11677-10852 11677-10853 11677-10816 11677-10855 5066836 5066742 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066146 11863-10051 11863-10049 12115-9312 12115-10287 12115-9318 12115-9344 Maybe Monthly Rollup 4.7.04137.03 https://support.microsoft.com/help/5066742 11863-10051 11863-10049 12115-9312 12115-10287 12115-9318 12115-9344 5066742 5066740 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066144 11863-10378 11863-10379 Maybe Monthly Rollup 4.7.04137.06 https://support.microsoft.com/help/5066740 11863-10378 11863-10379 5066740 5066741 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066145 11863-10483 11863-10543 Maybe Monthly Rollup 4.7.04137.03 https://support.microsoft.com/help/5066741 11863-10483 11863-10543 5066741 5066743 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066134 12079-11923 12079-11924 Maybe Security Update 4.8.1.09320.02 https://support.microsoft.com/help/5066743 12079-11923 12079-11924 5066743 5066746 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066130 12079-11929 12079-11930 12079-11931 Maybe Security Update 4.8.1.09320.02 https://support.microsoft.com/help/5066746 12079-11929 12079-11930 12079-11931 5066746 5066133 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066133 12079-12085 12079-12086 12079-12242 12079-12243 Maybe Security Update 4.8.1.09321.01 https://support.microsoft.com/help/5066133 12079-12085 12079-12086 12079-12242 12079-12243 5066133 5066747 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066130 12079-12097 12079-12098 12079-12099 Maybe Security Update 4.8.1.09320.02 https://support.microsoft.com/help/5066747 12079-12097 12079-12098 12079-12099 5066747 5066129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066129 12079-12244 Maybe Security Update 4.8.1.09321.01 https://support.microsoft.com/help/5066129 12079-12244 5066129 5066131 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066131 12079-12389 12079-12390 Maybe Security Update 4.8.1.09321.01 https://support.microsoft.com/help/5066131 12079-12389 12079-12390 5066131 5066742 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066149 9292-9312 9292-9318 9195-9312 9195-9318 Maybe Monthly Rollup 2.0.50727.8981 https://support.microsoft.com/help/5066742 9292-9312 9292-9318 9195-9312 9195-9318 5066742 5066742 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040673 2472-9312 2472-9318 Maybe Monthly Rollup 2.0.50727.8981 https://support.microsoft.com/help/5066742 2472-9312 2472-9318 5066742 5066740 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066148 2472-10378 2472-10379 Maybe Monthly Rollup 2.0.50727.8981 https://support.microsoft.com/help/5066740 2472-10378 2472-10379 5066740 5066741 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066151 2472-10483 2472-10543 Maybe Monthly Rollup 2.0.50727.8981 https://support.microsoft.com/help/5066741 2472-10483 2472-10543 5066741 5066739 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066150 9495-10051 9495-10049 Maybe Monthly Rollup 2.0.50727.8981 https://support.microsoft.com/help/5066739 9495-10051 9495-10049 5066739 5066128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066128 12079-20437 Maybe Security Update 4.8.1.09321.01 https://support.microsoft.com/help/5066128 12079-20437 5066128 5066128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066128 12079-20438 Maybe Monthly Rollup 4.8.1.09321.01 https://support.microsoft.com/help/5066128 12079-20438 5066128 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Connected Devices Platform Service (Cdpsvc) Remote Code Execution Vulnerability <p>Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, a remote unauthenticated attacker would need to send specially crafted traffic to a system with the &quot;Nearby Sharing&quot; feature enabled and to convince a user to take specific actions.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>In a web-based attack scenario, an attacker could host a website or server that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p> Connected Devices Platform Service (Cdpsvc) Microsoft Yes CVE-2025-55326 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Hyper-V Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Hyper-V Microsoft Yes CVE-2025-55328 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 20437 20438 11569 11571 11572 11923 11924 11931 12085 12086 12097 12437 12242 12243 12244 12389 12390 12436 10735 10853 10816 10855 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10735 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 20437 Important 20438 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11931 Important 12085 Important 12086 Important 12097 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10735 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066835 https://support.microsoft.com/help/5066835 20437 20438 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11931 12097 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10853 10816 10855 5066836 hazard 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows BitLocker Security Feature Bypass Vulnerability <p>Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p> Windows BitLocker Microsoft Yes CVE-2025-55330 Improper Enforcement of Behavioral Workflow 20438 20437 12085 12086 12437 12242 12243 12244 12389 12390 12436 Security Feature Bypass 20438 Security Feature Bypass 20437 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Important 20438 Important 20437 Important 12085 Important 12086 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20438 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20437 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12085 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12086 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12244 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM) <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM) 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability <p>Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows PrintWorkflowUserSvc Microsoft Yes CVE-2025-55331 Use After Free 20438 20437 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 Taewoo (Tae_ω02) 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows BitLocker Security Feature Bypass Vulnerability <p>Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p> Windows BitLocker Microsoft Yes CVE-2025-55332 Improper Enforcement of Behavioral Workflow 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Security Feature Bypass 20438 Security Feature Bypass 20437 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20438 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20437 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12085 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12086 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12244 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM) <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM) 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Kernel Security Feature Bypass Vulnerability <p>Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could decrypt the driver's settings.</p> Windows Kernel Microsoft Yes CVE-2025-55334 Cleartext Storage of Sensitive Information 20438 20437 12085 12086 12242 12243 12389 12390 Security Feature Bypass 20438 Security Feature Bypass 20437 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12389 Security Feature Bypass 12390 Important 20438 Important 20437 Important 12085 Important 12086 Important 12242 Important 12243 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12389 12390 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12389 12390 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12389 12390 5066835 Microsoft Offensive Research &amp; Security Engineering 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows BitLocker Security Feature Bypass Vulnerability <p>Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p> Windows BitLocker Microsoft Yes CVE-2025-55337 Improper Enforcement of Behavioral Workflow 20438 20437 12437 12389 12390 12436 Security Feature Bypass 20438 Security Feature Bypass 20437 Security Feature Bypass 12437 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Important 20438 Important 20437 Important 12437 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20438 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20437 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM) 1.0 2025-10-14T07:00:00 <p>Information published.</p> DirectX Graphics Kernel Elevation of Privilege Vulnerability <p>Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> Windows DirectX Microsoft Yes CVE-2025-55678 Use After Free 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Anonymous 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p>Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> Windows Kernel Microsoft Yes CVE-2025-55679 Improper Input Validation Exposure of Sensitive Information to an Unauthorized Actor 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Information Disclosure 20438 Information Disclosure 20437 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability <p>Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.</p> Windows Cloud Files Mini Filter Driver Microsoft Yes CVE-2025-55680 Time-of-check Time-of-use (TOCTOU) Race Condition 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 <a href="https://twitter.com/securiteam_ssd">TyphoonPWN Windows PE Winner</a> with <a href="https://ssd-disclosure.com/">SSD Secure Disclosure</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows BitLocker Security Feature Bypass Vulnerability <p>Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p> Windows BitLocker Microsoft Yes CVE-2025-55682 Improper Enforcement of Behavioral Workflow 20438 20437 12437 12389 12390 12436 Security Feature Bypass 20438 Security Feature Bypass 20437 Security Feature Bypass 12437 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Important 20438 Important 20437 Important 12437 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20438 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20437 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM) <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM) 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> Windows Kernel Microsoft Yes CVE-2025-55683 Exposure of Sensitive Information to an Unauthorized Actor 11571 11572 11923 11924 12437 12244 12436 10816 10855 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12436 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10816 10855 5066836 <a href="https://twitter.com/lewislee53">Lewis Lee</a> <a href="https://twitter.com/ver0759">Chunyang Han</a> <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> with HUST <a href="https://twitter.com/lewislee53">Lewis Lee</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> 1.1 2026-01-02T08:00:00 <p>Added acknowledgements. This is an informational change only.</p> Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability <p>Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows PrintWorkflowUserSvc Microsoft Yes CVE-2025-55684 Use After Free 20438 20437 12437 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 12437 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 12437 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37), SEC-agent team</a> with <a href="https://www.enki.co.kr/">ENKI WhiteHat</a> Hwiwon Lee (hwiwonl), SEC-agent team 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability <p>Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows PrintWorkflowUserSvc Microsoft Yes CVE-2025-55688 Use After Free 20438 20437 12437 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 12437 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 12437 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37), SEC-agent team</a> with <a href="https://www.enki.co.kr/">ENKI WhiteHat</a> Hwiwon Lee (hwiwonl), SEC-agent team 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability <p>Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows PrintWorkflowUserSvc Microsoft Yes CVE-2025-55690 Use After Free 20438 20437 12437 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 12437 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 12437 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37), SEC-agent team</a> with <a href="https://www.enki.co.kr/">ENKI WhiteHat</a> Hwiwon Lee (hwiwonl), SEC-agent&#160;team 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability <p>Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows PrintWorkflowUserSvc Microsoft Yes CVE-2025-55691 Use After Free 20438 20437 12437 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 12437 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 12437 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37), SEC-agent team</a> with <a href="https://www.enki.co.kr/">ENKI WhiteHat</a> Hwiwon Lee (hwiwonl), SEC-agent team 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Error Reporting Service Elevation of Privilege Vulnerability <p>Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> Windows Error Reporting Microsoft Yes CVE-2025-55692 Improper Input Validation 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10483 10543 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Denis Faiustov with <a href="https://gmo-cybersecurity.com/en/">GMO Cybersecurity by Ierae</a> Ruslan Sayfiev with <a href="https://gmo-cybersecurity.com/en/">GMO Cybersecurity by Ierae</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p>Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Kernel Microsoft Yes CVE-2025-55693 Use After Free 12437 20437 20438 12389 12390 12436 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 12437 Important 20437 Important 20438 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 20437 20438 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 Anonymous 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Error Reporting Service Elevation of Privilege Vulnerability <p>Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> Windows Error Reporting Microsoft Yes CVE-2025-55694 Improper Access Control 20438 20437 12437 12244 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 12437 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 12437 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 Denis Faiustov and Ruslan Sayfiev with <a href="https://gmo-cybersecurity.com/en/">GMO Cybersecurity by Ierae</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows WLAN AutoConfig Service Information Disclosure Vulnerability <p>Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> Windows WLAN Auto Config Service Microsoft Yes CVE-2025-55695 Out-of-bounds Read 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 20438 Information Disclosure 20437 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 <a href="https://x.com/y311owb0y">RuiLun Zou</a> with <a href="https://www.qianxin.com/product/detail/pid/372">Codesafe Team of Legendsec at Qi&#39;anxin Group</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability <p>Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> NtQueryInformation Token function (ntifs.h) Microsoft Yes CVE-2025-55696 Time-of-check Time-of-use (TOCTOU) Race Condition Untrusted Pointer Dereference 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 20438 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 20438 Important 20437 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 20438 20437 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 Microsoft Offensive Research & Security Engineering Microsoft Offensive Research & Security Engineering 1.0 2025-10-14T07:00:00 <p>Information published.</p> Azure Local Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Azure Local Microsoft Yes CVE-2025-55697 Heap-based Buffer Overflow 12437 12244 12436 Elevation of Privilege 12437 Elevation of Privilege 12244 Elevation of Privilege 12436 Important 12437 Important 12244 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12436 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 Microsoft Offensive Research &amp; Security Engineering (MORSE) 1.0 2025-10-14T07:00:00 <p>Information published.</p> DirectX Graphics Kernel Denial of Service Vulnerability <p>Null pointer dereference in Windows DirectX allows an authorized attacker to deny service over a network.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to cause denial of service on the Hyper-V host environment.</p> Windows DirectX Microsoft Yes CVE-2025-55698 NULL Pointer Dereference 20438 20437 12437 12389 12390 12436 Denial of Service 20438 Denial of Service 20437 Denial of Service 12437 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Important 20438 Important 20437 Important 12437 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.7 6.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 20438 7.7 6.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 20437 7.7 6.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.7 6.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.7 6.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.7 6.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 cyanbamboo 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> Windows Kernel Microsoft Yes CVE-2025-55699 Exposure of Sensitive Information to an Unauthorized Actor 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Information Disclosure 20438 Information Disclosure 20437 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 Maxime Villard 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p>Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2025-58714 Improper Access Control 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Remote Desktop Client Remote Code Execution Vulnerability <p>Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim's system in the context of the targeted user.</p> Remote Desktop Client Microsoft Yes CVE-2025-58718 Use After Free 12457 20438 20437 11568 11569 11571 11572 11849 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 12457 Remote Code Execution 20438 Remote Code Execution 20437 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11849 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 12457 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11849 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12457 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11849 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 Release Notes https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 Maybe Security Update 2.0.706.0 https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 Release Notes 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 Release Notes https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-1265990 11849 Maybe Security Update 1.2.6599.0 https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-1265990 11849 Release Notes 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:</p> <p>Port redirection must be enabled for this attack to be successful. This feature is disabled by default.</p> <a href="https://twitter.com/mas0nshi">YingQi Shi (@Mas0n)</a> with <a href="https://www.dbappsecurity.com.cn/product/cloud250.html">DBAPPSecurity WeBin Lab</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Cryptographic Services Information Disclosure Vulnerability <p>Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is secrets or privileged information belonging to the user of the affected application.</p> Windows Cryptographic Services Microsoft Yes CVE-2025-58720 Use of a Cryptographic Primitive with a Risky Implementation 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Information Disclosure 20438 Information Disclosure 20437 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 Mitch Lindgren with Microsoft 1.0 2025-10-14T07:00:00 <p>Information published.</p> Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability <p>Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Azure Connected Machine Agent Microsoft Yes CVE-2025-58724 Improper Access Control 20516 Elevation of Privilege 20516 Important 20516 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20516 Release Notes https://gbl.his.arc.azure.com/azcmagent/1.57/AzureConnectedMachineAgent.msi 20516 No Security Update 1.57 https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-release-notes#version-157---october-2025 20516 Release Notes Release Notes https://learn.microsoft.com/en-us/azure/azure-arc/servers/manage-agent#install-a-specific-version-of-the-agent 20516 No Security Update 1.57 https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-release-notes#version-157---october-2025 20516 Release Notes <a href="https://uk.linkedin.com/in/contact-sharan-p">Sharan Patil</a> with <a href="https://reversec.com/">REVERSEC</a> 1.1 2025-10-15T07:00:00 <p>Affected software updated with new package information.</p> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows COM+ Event System Service Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows COM Microsoft Yes CVE-2025-58725 Heap-based Buffer Overflow 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Anonymous 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows SMB Server Elevation of Privilege Vulnerability <p>Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker could execute a specially crafted script to coerce the victim machine to connect back to the attacker’s SMB Server using SMB and authenticate. This could result in elevation of privilege.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>The Attack requires an Service Principal Name (SPN) that is registered to an account that no longer exists or is not in use, to be on the target machine.</p> Windows SMB Server Microsoft Yes CVE-2025-58726 Improper Access Control 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 <a href="https://twitter.com/decoder_it">Andrea Pierini</a> with <a href="https://www.semperis.com/">Semperis</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Connected Devices Platform Service Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Connected Devices Platform Service Microsoft Yes CVE-2025-58727 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 20438 20437 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 <a href="https://twitter.com/hillstone_lab">Zhang WangJunJie, He YiSheng</a> with <a href="https://www.hillstonenet.com/">Hillstone Networks Security Research Institute</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Local Session Manager (LSM) Denial of Service Vulnerability <p>Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.</p> Windows Local Session Manager (LSM) Microsoft Yes CVE-2025-58729 Improper Validation of Specified Type of Input 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 20438 Denial of Service 20437 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20438 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Philemon Orphee Favrod 1.0 2025-10-14T07:00:00 <p>Information published.</p> Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability <p>Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Inbox COM Objects Microsoft Yes CVE-2025-58730 Use After Free 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 20438 Remote Code Execution 20437 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Zhiniang Peng with HUST &amp; R4nger with CyberKunLun 1.0 2025-10-14T07:00:00 <p>Information published.</p> Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability <p>Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> Inbox COM Objects Microsoft Yes CVE-2025-58731 Use After Free 20438 20437 11923 11924 12085 12086 12437 12242 12243 12244 12389 12390 12436 Remote Code Execution 20438 Remote Code Execution 20437 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Important 20438 Important 20437 Important 11923 Important 11924 Important 12085 Important 12086 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 Zhiniang Peng with HUST &amp; R4nger with CyberKunLun 1.0 2025-10-14T07:00:00 <p>Information published.</p> Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability <p>Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Inbox COM Objects Microsoft Yes CVE-2025-58733 Use After Free 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 20438 Remote Code Execution 20437 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Zhiniang Peng with HUST &amp; R4nger with CyberKunLun 1.0 2025-10-14T07:00:00 <p>Information published.</p> Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability <p>Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Inbox COM Objects Microsoft Yes CVE-2025-58734 Use After Free 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Remote Code Execution 20438 Remote Code Execution 20437 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 Zhiniang Peng with HUST &amp; R4nger with CyberKunLun 1.0 2025-10-14T07:00:00 <p>Information published.</p> Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability <p>Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Inbox COM Objects Microsoft Yes CVE-2025-58736 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 20438 20437 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Remote Code Execution 20438 Remote Code Execution 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 20438 Important 20437 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 20438 20437 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 Zhiniang Peng with HUST &amp; R4nger with CyberKunLun 1.0 2025-10-14T07:00:00 <p>Information published.</p> Remote Desktop Protocol Remote Code Execution Vulnerability <p>Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Windows Remote Desktop Microsoft Yes CVE-2025-58737 Use After Free 11571 11572 11923 11924 12437 12244 12436 10816 10855 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12436 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10816 10855 5066836 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Zhiniang Peng with HUST &amp; R4nger with CyberKunLun 1.0 2025-10-14T07:00:00 <p>Information published.</p> Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability <p>Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Inbox COM Objects Microsoft Yes CVE-2025-58738 Use After Free 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 Remote Code Execution 20438 Remote Code Execution 20437 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 Zhiniang Peng with HUST &amp; R4nger with CyberKunLun 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Windows File Explorer Spoofing Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Successful exploitation of this vulnerability requires the user to view a specially crafted file in the Windows File Explorer Preview Pane.</p> <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> Windows File Explorer Microsoft Yes CVE-2025-58739 Exposure of Sensitive Information to an Unauthorized Actor 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Spoofing 20438 Spoofing 20437 Spoofing 11568 Spoofing 11569 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12437 Spoofing 12242 Spoofing 12243 Spoofing 12244 Spoofing 12389 Spoofing 12390 Spoofing 12436 Spoofing 10729 Spoofing 10735 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 10855 Spoofing 9312 Spoofing 10287 Spoofing 9318 Spoofing 9344 Spoofing 10051 Spoofing 10049 Spoofing 10378 Spoofing 10379 Spoofing 10483 Spoofing 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066840 5065435 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Yes IE Cumulative 1.000 https://support.microsoft.com/help/5066840 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 5066840 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 01dGu0@whitecap100 Nacl Novy@whitecap100 1.0 2025-10-14T07:00:00 <p>Information published.</p> Storage Spaces Direct Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> Windows High Availability Services Microsoft Yes CVE-2025-59184 Exposure of Sensitive Information to an Unauthorized Actor 11571 11572 11923 11924 12437 12244 12436 10816 10855 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12436 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10816 10855 5066836 <a href="https://twitter.com/lewislee53">Lewis Lee</a> <a href="https://twitter.com/ver0759">Chunyang Han</a> <a href="https://twitter.com/edwardzpeng">Zhiniang Peng of HUST</a> 1.1 2026-01-02T08:00:00 <p>Added acknowledgements. This is an informational change only.</p> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p>Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2025-59187 Improper Input Validation Untrusted Pointer Dereference 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Anonymous 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Failover Cluster Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> Windows Failover Cluster Microsoft Yes CVE-2025-59188 Exposure of Sensitive Information to an Unauthorized Actor 11571 11572 11923 11924 12437 12244 12436 10816 10855 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12436 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10816 10855 5066836 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 <a href="https://twitter.com/lewislee53">Lewis Lee</a>, <a href="https://twitter.com/ver0759">Chunyang Han</a> and <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> with HUST 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Brokering File System Elevation of Privilege Vulnerability <p>Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to have a deep understanding of the system. Successful exploitation is not guaranteed and depends on a combination of factors that might include the environment, system configuration, and the presence of additional security measures.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Brokering File System Microsoft Yes CVE-2025-59189 Use After Free 20438 20437 12437 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 12437 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 12437 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 hazard 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Search Service Denial of Service Vulnerability <p>Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to access a malicious folder or directory. Users should never open anything that they do not know or trust to be safe.</p> Microsoft Windows Search Component Microsoft Yes CVE-2025-59190 Improper Input Validation 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 20438 Denial of Service 20437 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 <a href="https://x.com/nevul37">Jongseong Kim (nevul37), SEC-agent team</a> with <a href="https://www.enki.co.kr/">ENKI WhiteHat</a> Hwiwon Lee (hwiwonl), SEC-agent&#160;team 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Connected Devices Platform Service Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Connected Devices Platform Service (Cdpsvc) Microsoft Yes CVE-2025-59191 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 20438 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 20438 Important 20437 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 20438 20437 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 <a href="https://twitter.com/hillstone_lab">Zhang WangJunJie, He YiSheng</a> with <a href="https://www.hillstonenet.com/">Hillstone Networks Security Research Institute</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Storport.sys Driver Elevation of Privilege Vulnerability <p>Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Storport.sys Driver Microsoft Yes CVE-2025-59192 Buffer Over-read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 20438 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 20438 Elevation of Privilege 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 20438 Important 20437 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 20438 20437 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 <a href="https://www.zoemurmure.top/">zoemurmure</a> with <a href="https://qingteng.cn/">Qingteng</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Management Services Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Management Services Microsoft Yes CVE-2025-59193 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 Zhiniang Peng with HUST & R4nger with CyberKunLun 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p>Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user.</p> Windows Kernel Microsoft Yes CVE-2025-59194 Use of Uninitialized Resource 12085 12086 12437 12242 12243 12244 12389 12390 12436 20438 20437 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Important 12085 Important 12086 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 20438 Important 20437 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 20438 20437 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 Muhammad Faathin Abdurrahman 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows ETL Channel Information Disclosure Vulnerability <p>Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the local memory address.</p> Windows ETL Channel Microsoft Yes CVE-2025-59197 Insertion of Sensitive Information into Log File 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Information Disclosure 20438 Information Disclosure 20437 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 <a href="https://x.com/M4x_1997">Aobo Wang</a> <a href="https://x.com/M4x_1997">Aobo Wang</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Search Service Denial of Service Vulnerability <p>Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The vulnerability can be exploited by a regular user without admin rights, as long as they interact with a malicious file—such as running an executable. No elevated privileges are needed to trigger the issue.</p> Microsoft Windows Search Component Microsoft Yes CVE-2025-59198 Improper Input Validation 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 20438 Denial of Service 20437 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20438 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20437 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37), SEC-agent team</a> with <a href="https://www.enki.co.kr/">ENKI WhiteHat</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows State Repository API Server File Information Disclosure Vulnerability <p>Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the local memory address.</p> Windows StateRepository API Microsoft Yes CVE-2025-59203 Insertion of Sensitive Information into Log File 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Information Disclosure 20438 Information Disclosure 20437 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 <a href="https://x.com/M4x_1997">Aobo Wang</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Graphics Component Microsoft Yes CVE-2025-59205 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 wenqunwang with China Telecom Research Institute 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows MapUrlToZone Information Disclosure Vulnerability <p>Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and some loss of integrity (I:L), but no loss of availability (A:N). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view sensitive information, (Confidentiality), and make some changes to disclosed information (Integrity), but they would not be able to affect Availability.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> Windows MapUrlToZone Microsoft Yes CVE-2025-59208 Out-of-bounds Read 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 20438 Information Disclosure 20437 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 20438 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 20437 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11568 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11569 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11571 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11572 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11923 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11924 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11929 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11930 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11931 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 12085 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 12086 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 12097 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 12098 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 12099 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 12437 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 12242 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 12243 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 12244 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 12389 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 12390 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 12436 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 10729 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 10735 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 10852 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 10853 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 10816 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 10855 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 9312 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 10287 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 9318 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 9344 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 10051 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 10049 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 10378 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 10379 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 10483 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066840 5065435 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Yes IE Cumulative 1.000 https://support.microsoft.com/help/5066840 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 5066840 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities &amp; Mitigations <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities &amp; Mitigations 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Push Notification Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory addresses belonging to the &quot;EventLog&quot; Windows service</p> Windows Push Notification Core Microsoft Yes CVE-2025-59209 Exposure of Sensitive Information to an Unauthorized Actor 20438 20437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 20438 Information Disclosure 20437 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 20438 Important 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 <a href="https://x.com/M4x_1997">Aobo Wang</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Resilient File System (ReFS) Deduplication Service Microsoft Yes CVE-2025-59210 Use After Free 20438 20437 12437 12389 12390 12436 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 12437 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20438 Important 20437 Important 12437 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 5066835 https://support.microsoft.com/help/5066835 20438 20437 12437 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 Hwiwon Lee (hwiwonl), SEC-agent&#160;team <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37), SEC-agent team</a> with <a href="https://www.enki.co.kr/">ENKI WhiteHat</a> <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37), SEC-agent team</a> with <a href="https://www.enki.co.kr/">ENKI WhiteHat</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Configuration Manager Elevation of Privilege Vulnerability <p>Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An authorized attacker who successfully exploited this vulnerability could gain configuration manager administrator privileges.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by injecting malicious SQL into the DuplicateAMTMachineRecord method.</p> Microsoft Configuration Manager Microsoft Yes CVE-2025-59213 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 20545 16788 12402 Elevation of Privilege 20545 Elevation of Privilege 16788 Elevation of Privilege 12402 Important 20545 Important 16788 Important 12402 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20545 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16788 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12402 Release Notes https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2409/30385346 20545 Maybe Security Update 5.00.9132.1029 https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2503/34503790 20545 Release Notes Release Notes https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2503/32480179 16788 Maybe Security Update 5.00.9135.1008 https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2503/34503790 16788 Release Notes Release Notes https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2403/28204160 12402 Maybe Security Update 5.00.9128.1035 https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2503/34503790 12402 Release Notes <a href="https://x.com/kalimer0x00">Mehdi Elyassa</a> with <a href="https://www.synacktiv.com/">Synacktiv</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> 1.1 2026-02-13T08:00:00 <p>Updated information to include CVSS scores. This is an informational change only.</p> Microsoft Windows File Explorer Spoofing Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user would need to be tricked into opening a folder that contains a specially crafted file.</p> Windows File Explorer Microsoft Yes CVE-2025-59214 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 20438 20437 Spoofing 11568 Spoofing 11569 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12437 Spoofing 12242 Spoofing 12243 Spoofing 12244 Spoofing 12389 Spoofing 12390 Spoofing 12436 Spoofing 10729 Spoofing 10735 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 10855 Spoofing 9312 Spoofing 10287 Spoofing 9318 Spoofing 9344 Spoofing 10051 Spoofing 10049 Spoofing 10378 Spoofing 10379 Spoofing 10483 Spoofing 10543 Spoofing 20438 Spoofing 20437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 20438 Important 20437 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 20438 20437 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 20437 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 20437 5066835 <a href="https://x.com/Phantom01_">Hemant Kumar</a> <a href="https://web.facebook.com/aimadhouas">Aimad Eddine Houas (Steven)</a> <a href="http://linkedin.com/in/ruben-en">Ruben Enkaoua</a> with <a href="https://cymulate.com/">Cymulate</a> <a href="https://www.linkedin.com/in/bartlomiejadamski/">bartlomiejadamski</a>, <a href="https://github.com/panadamski">Holl0w</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Word Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Microsoft Office Word Microsoft Yes CVE-2025-59221 Use After Free 10950 11585 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10746 10747 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10746 Remote Code Execution 10747 Important 10950 Important 11585 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10746 Important 10747 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 5002788 https://www.microsoft.com/en-us/download/details.aspx?id=108403 5002778 10950 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002788 10950 5002788 5002787 https://www.microsoft.com/en-us/download/details.aspx?id=108410 5002777 10950 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002787 10950 5002787 5002796 https://www.microsoft.com/en-us/download/details.aspx?id=108409 5002775 11585 Maybe Security Update 16.0.10417.20059 https://support.microsoft.com/help/5002796 11585 5002796 5002798 https://www.microsoft.com/en-us/download/details.aspx?id=108407 5002774 11585 Maybe Security Update 16.0.10417.20059 https://support.microsoft.com/help/5002798 11585 5002798 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.102.25101223 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002789 https://www.microsoft.com/en-us/download/details.aspx?id=108408 5002780 10746 10747 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002789 10746 10747 5002789 Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Word Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Word Microsoft Yes CVE-2025-59222 Use After Free 10950 11585 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10746 10747 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10746 Remote Code Execution 10747 Important 10950 Important 11585 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10746 Important 10747 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 5002788 https://www.microsoft.com/en-us/download/details.aspx?id=108403 5002778 10950 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002788 10950 5002788 5002787 https://www.microsoft.com/en-us/download/details.aspx?id=108410 5002777 10950 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002787 10950 5002787 5002796 https://www.microsoft.com/en-us/download/details.aspx?id=108409 5002775 11585 Maybe Security Update 16.0.10417.20059 https://support.microsoft.com/help/5002796 11585 5002796 5002798 https://www.microsoft.com/en-us/download/details.aspx?id=108407 5002774 11585 Maybe Security Update 16.0.10417.20059 https://support.microsoft.com/help/5002798 11585 5002798 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.102.25101223 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002789 https://www.microsoft.com/en-us/download/details.aspx?id=108408 5002780 10746 10747 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002789 10746 10747 5002789 Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2025-59223 Use After Free 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002797 https://www.microsoft.com/en-us/download/details.aspx?id=108411 5002776 10836 Maybe Security Update 16.0.10417.20059 https://support.microsoft.com/help/5002797 10836 5002797 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.102.25101223 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002794 https://www.microsoft.com/en-us/download/details.aspx?id=108415 5002782 10739 10740 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002794 10739 10740 5002794 Anonymous 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2025-59224 Use After Free 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002797 https://www.microsoft.com/en-us/download/details.aspx?id=108411 5002776 10836 Maybe Security Update 16.0.10417.20059 https://support.microsoft.com/help/5002797 10836 5002797 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.102.25101223 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002794 https://www.microsoft.com/en-us/download/details.aspx?id=108415 5002782 10739 10740 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002794 10739 10740 5002794 Anonymous Anonymous 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2025-59225 Use After Free 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002797 https://www.microsoft.com/en-us/download/details.aspx?id=108411 5002776 10836 Maybe Security Update 16.0.10417.20059 https://support.microsoft.com/help/5002797 10836 5002797 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.102.25101223 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002794 https://www.microsoft.com/en-us/download/details.aspx?id=108415 5002782 10739 10740 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002794 10739 10740 5002794 Quan Jin with DBAPPSecurity WeBin Lab 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Office Visio Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user would need to be tricked into opening a malicious file in Visio.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Visio Microsoft Yes CVE-2025-59226 Use After Free 11762 11763 11952 11953 12420 12421 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Important 11762 Important 11763 Important 11952 Important 11953 Important 12420 Important 12421 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 Click to Run 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates 11762 11763 11952 11953 12420 12421 Click to Run <a href="https://www.linkedin.com/in/4n0nym4u5">4n0nym4u5</a> with <a href="https://www.zscaler.com/">Zscaler</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Office Remote Code Execution Vulnerability <p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> Microsoft Office Microsoft Yes CVE-2025-59227 Use After Free 10754 11573 11574 11953 11952 12420 12421 11762 11763 12440 10753 11951 12155 Remote Code Execution 10754 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11953 Remote Code Execution 11952 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 11951 Remote Code Execution 12155 Critical 10754 Critical 11573 Critical 11574 Critical 11953 Critical 11952 Critical 12420 Critical 12421 Critical 11762 Critical 11763 Critical 12440 Critical 10753 Critical 11951 Critical 12155 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12155 5002792 https://www.microsoft.com/en-us/download/details.aspx?id=108412 5002781 10754 10753 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002792 10754 10753 5002792 Click to Run 11573 11574 11953 11952 12420 12421 11762 11763 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11953 11952 12420 12421 11762 11763 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 12440 11951 Maybe Security Update 16.102.25101223 https://go.microsoft.com/fwlink/p/?linkid=831049 12440 11951 Release Notes Release Notes https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow 12155 Maybe Security Update 16.0.19328.20000 https://support.google.com/googleplay/answer/113412?hl=en 12155 Release Notes cdbb6164ddfda2b210fd348442322115 1.1 2025-10-15T07:00:00 <p>Updated acknowledgment.</p> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Office Denial of Service Vulnerability <p>Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> Microsoft Office Microsoft Yes CVE-2025-59229 Uncaught Exception 12420 12421 11762 11763 Denial of Service 12420 Denial of Service 12421 Denial of Service 11762 Denial of Service 11763 Important 12420 Important 12421 Important 11762 Important 11763 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12420 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12421 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11762 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11763 Click to Run 12420 12421 11762 11763 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 12420 12421 11762 11763 Click to Run mose nilsson mose nilsson moushi 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Excel Information Disclosure Vulnerability <p>Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> Microsoft Office Excel Microsoft Yes CVE-2025-59232 Out-of-bounds Read 10836 10950 11585 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 10751 10752 Information Disclosure 10836 Information Disclosure 10950 Information Disclosure 11585 Information Disclosure 11573 Information Disclosure 11574 Information Disclosure 11762 Information Disclosure 11763 Information Disclosure 11951 Information Disclosure 11952 Information Disclosure 11953 Information Disclosure 12420 Information Disclosure 12421 Information Disclosure 12440 Information Disclosure 10739 Information Disclosure 10740 Information Disclosure 10751 Information Disclosure 10752 Important 10836 Important 10950 Important 11585 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Important 10751 Important 10752 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 10836 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 10950 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11585 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11573 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11574 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11762 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11763 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11951 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11952 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11953 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 12420 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 12421 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 12440 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 10739 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 10740 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 10751 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 10752 5002797 https://www.microsoft.com/en-us/download/details.aspx?id=108411 5002776 10836 Maybe Security Update 16.0.10417.20059 https://support.microsoft.com/help/5002797 10836 5002797 5002788 https://www.microsoft.com/en-us/download/details.aspx?id=108403 5002778 10950 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002788 10950 5002788 5002796 https://www.microsoft.com/en-us/download/details.aspx?id=108409 5002775 11585 Maybe Security Update 16.0.10417.20059 https://support.microsoft.com/help/5002796 11585 5002796 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.102.25101223 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002794 https://www.microsoft.com/en-us/download/details.aspx?id=108415 5002782 10739 10740 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002794 10739 10740 5002794 5002719 https://www.microsoft.com/en-us/download/details.aspx?id=108413 5002588 10739 10740 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002719 10739 10740 5002719 5002757 https://www.microsoft.com/en-us/download/details.aspx?id=108406 5002734 10739 10740 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002757 10739 10740 5002757 5002341 https://www.microsoft.com/en-us/download/details.aspx?id=108405 5002052 10739 10740 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002341 10739 10740 5002341 5002720 https://www.microsoft.com/en-us/download/details.aspx?id=108414 5002701 10751 10752 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/kb/5002720 10751 10752 5002720 Nathan Shomber of Microsoft Nathan Shomber of Microsoft 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft PowerPoint Remote Code Execution Vulnerability <p>Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> Microsoft Office PowerPoint Microsoft Yes CVE-2025-59238 Use After Free 11573 11574 11762 11763 11952 11953 12420 12421 10741 10742 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 10741 Remote Code Execution 10742 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 12420 Important 12421 Important 10741 Important 10742 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10741 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10742 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002790 https://www.microsoft.com/en-us/download/details.aspx?id=108416 5002779 10741 10742 Maybe Security Update 16.0.5522.1000 https://support.microsoft.com/help/5002790 10741 10742 5002790 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Health and Optimized Experiences Elevation of Privilege Vulnerability <p>Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> Windows Health and Optimized Experiences Service Microsoft Yes CVE-2025-59241 Improper Link Resolution Before File Access ('Link Following') 20437 20438 12389 12390 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12389 Elevation of Privilege 12390 Important 20437 Important 20438 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066835 https://support.microsoft.com/help/5066835 20437 20438 12389 12390 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12389 12390 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12389 12390 5066835 <a href="https://twitter.com/filip_dragovic">Filip Dragović</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation <p><a href="https://www.cve.org/CVERecord?id=CVE-2025-2884">CVE-2025-2884</a> is regarding a vulnerability in TCG TPM2.0 Reference implementation's CryptHmacSign helper function that is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm.</p> <p>CERT/CC created this CVE on their behalf. The documented Windows updates incorporate updates in TCG TPM2.0 Reference implementation which address this vulnerability. Please see <a href="https://www.cve.org/CVERecord?id=CVE-2025-2884">CVE-2025-2884</a> for more information.</p> TCG TPM2.0 CERT/CC Yes CVE-2025-2884 Out-of-bounds Read 20438 20853 12086 12437 12243 12244 12390 12436 Information Disclosure 20438 Remote Code Execution 20853 Information Disclosure 12086 Information Disclosure 12437 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12390 Information Disclosure 12436 Important 20438 Critical 20853 Important 12086 Important 12437 Important 12243 Important 12244 Important 12390 Important 12436 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely 5.3 4.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C 20438 5.3 4.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C 20853 5.3 4.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C 12086 5.3 4.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C 12437 5.3 4.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C 12243 5.3 4.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C 12244 5.3 4.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C 12390 5.3 4.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20438 5066835 5066835 https://support.microsoft.com/help/5066835 20438 12437 12390 12436 5077179 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5077179 20853 Yes Security Update 10.0.28000.1575 https://support.microsoft.com/help/5077179 20853 5077179 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12086 5066793 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12390 12436 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 Anonymous Anonymous TCG [security@trustedcomputing.org] TCG 2.0 2026-02-10T08:00:00 <p>Added Affected Software for Windows packages</p> 1.0 2025-10-14T07:00:00 <p>Information published.</p> NTLM Hash Disclosure Spoofing Vulnerability <p>External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user interacting with the file in multiple ways will cause the NTLM hash to be leaked. A few interactions which trigger this leak include:</p> <ul> <li>Opening the parent folder in Explorer</li> <li>Clicking the file (any mouse button)</li> <li>Dragging the file</li> <li>Deleting the file</li> </ul> Windows Core Shell Microsoft Yes CVE-2025-59244 External Control of File Name or Path 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10483 10543 Spoofing 11568 Spoofing 11569 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12437 Spoofing 20437 Spoofing 20438 Spoofing 12242 Spoofing 12243 Spoofing 12244 Spoofing 12389 Spoofing 12390 Spoofing 12436 Spoofing 10729 Spoofing 10735 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 10855 Spoofing 10483 Spoofing 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 20437 20438 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Nacl 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Exchange Server Spoofing Vulnerability <p>Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.</p> Microsoft Exchange Server Microsoft Yes CVE-2025-59248 Improper Input Validation 16792 12502 12039 12293 Spoofing 16792 Spoofing 12502 Spoofing 12039 Spoofing 12293 Important 16792 Important 12502 Important 12039 Important 12293 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 16792 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12502 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12039 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12293 5066366 https://www.microsoft.com/en-us/download/details.aspx?id=108422 5063224 16792 Yes Security Update 15.02.2562.029 https://support.microsoft.com/help/5066366 16792 5066366 5066367 https://www.microsoft.com/en-us/download/details.aspx?id=108419 5063221 12502 Yes Security Update 15.02.1748.039 https://support.microsoft.com/help/5066367 12502 5066367 5066369 https://www.microsoft.com/en-us/download/details.aspx?id=108420 5063223 12039 Yes Security Update 15.01.2507.061 https://support.microsoft.com/help/5066369 12039 5066369 5066368 https://www.microsoft.com/en-us/download/details.aspx?id=108421 5063222 12293 Yes Security Update 15.02.1544.036 https://support.microsoft.com/help/5066368 12293 5066368 <a href="https://www.linkedin.com/in/anna-breeva-51476b163/">Anna Breeva</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Remote Access Connection Manager Elevation of Privilege Vulnerability <p>Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Remote Access Connection Manager Microsoft Yes CVE-2025-59230 Improper Access Control 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11568 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11569 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11571 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11572 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11923 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11924 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11929 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11930 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11931 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12085 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12086 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12097 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12098 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12099 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12437 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 20437 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 20438 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12242 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12243 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12244 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12389 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12390 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12436 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10729 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10735 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10852 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10853 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10816 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10855 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9312 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10287 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9318 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9344 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10051 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10049 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10378 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10379 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10483 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10543 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 20437 20438 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Microsoft Threat Intelligence Center (MSTIC) & Microsoft Security Response Center (MSRC) 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Search Service Denial of Service Vulnerability <p>Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.</p> Microsoft Windows Search Component Microsoft Yes CVE-2025-59253 Improper Access Control 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 20437 Denial of Service 20438 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 20437 20438 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 <a href="https://www.linkedin.com/in/remco-vandermeer/">Remco van der Meer</a> with Warpnet <a href="https://www.linkedin.com/in/remco-vandermeer/">Remco van der Meer</a> with Warpnet 1.0 2025-10-14T07:00:00 <p>Information published.</p> Microsoft Failover Cluster Virtual Driver Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> Microsoft Failover Cluster Virtual Driver Microsoft Yes CVE-2025-59260 Exposure of Sensitive Information to an Unauthorized Actor 11571 11572 11923 11924 12437 12244 12436 10816 10855 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12436 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10816 10855 5066836 <a href="https://twitter.com/lewislee53">Lewis Lee</a>, <a href="https://twitter.com/ver0759">Chunyang Han</a> and <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> with HUST <a href="https://twitter.com/ver0759">Chunyang Han</a> <a href="https://twitter.com/ver0759">Chunyang Han</a> <a href="https://twitter.com/lewislee53">Lewis Lee</a>, <a href="https://twitter.com/ver0759">Chunyang Han</a> and <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> with HUST 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p>Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Graphics Component Microsoft Yes CVE-2025-59261 Time-of-check Time-of-use (TOCTOU) Race Condition 11923 11924 12085 12086 12437 20437 20438 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11923 Important 11924 Important 12085 Important 12086 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 20437 20438 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 Maxime Villard 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Authentication Elevation of Privilege Vulnerability <p>Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Windows Authentication Methods Microsoft Yes CVE-2025-59275 Improper Validation of Specified Type of Input Out-of-bounds Read Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Windows Authentication Elevation of Privilege Vulnerability <p>Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> Windows Authentication Methods Microsoft Yes CVE-2025-59278 Improper Validation of Specified Type of Input 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066874 5065508 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23571 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066874 5066874 https://support.microsoft.com/help/5066874 9312 10287 9318 9344 5066877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066877 9312 10287 9318 9344 Yes Security Only 6.0.6003.23571 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066877 5066877 https://support.microsoft.com/help/5066877 9312 10287 9318 9344 5066872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066872 5065468 10051 10049 Yes Monthly Rollup 6.1.7601.27974 https://support.microsoft.com/help/5066872 10051 10049 5066872 5066876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066876 10051 10049 Yes Security Only 6.1.7601.27974 https://support.microsoft.com/help/5066876 10051 10049 5066876 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> Chromium: CVE-2025-11215 Off by one error in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>141.0.3537.57</td> <td>10/2/2025</td> <td>141.0.7390.55</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-11215 11655 11655 11655 Release Notes 11655 No Security Update 141.0.3537.57 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-02T20:48:05 <p>Information published.</p> Chromium: CVE-2025-11216 Inappropriate implementation in Storage <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>141.0.3537.57</td> <td>10/2/2025</td> <td>141.0.7390.55</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-11216 11655 11655 11655 Release Notes 11655 No Security Update 141.0.3537.57 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-02T20:48:06 <p>Information published.</p> Chromium: CVE-2025-11213 Inappropriate implementation in Omnibox <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>141.0.3537.57</td> <td>10/2/2025</td> <td>141.0.7390.55</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-11213 11655 11655 11655 Release Notes 11655 No Security Update 141.0.3537.57 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-02T20:48:04 <p>Information published.</p> Chromium: CVE-2025-11210 Side-channel information leakage in Tab <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>141.0.3537.57</td> <td>10/2/2025</td> <td>141.0.7390.55</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-11210 11655 11655 11655 Release Notes 11655 No Security Update 141.0.3537.57 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-02T20:48:01 <p>Information published.</p> Chromium: CVE-2025-11207 Side-channel information leakage in Storage <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>141.0.3537.57</td> <td>10/2/2025</td> <td>141.0.7390.55</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-11207 11655 11655 11655 Release Notes 11655 No Security Update 141.0.3537.57 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-02T20:47:59 <p>Information published.</p> Chromium: CVE-2025-11208 Inappropriate implementation in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>141.0.3537.57</td> <td>10/2/2025</td> <td>141.0.7390.55</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-11208 11655 11655 11655 Release Notes 11655 No Security Update 141.0.3537.57 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-02T20:47:59 <p>Information published.</p> Chromium: CVE-2025-11206 Heap buffer overflow in Video <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>141.0.3537.57</td> <td>10/2/2025</td> <td>141.0.7390.55</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-11206 11655 11655 11655 Release Notes 11655 No Security Update 141.0.3537.57 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-02T20:47:58 <p>Information published.</p> Chromium: CVE-2025-11219 Use after free in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>141.0.3537.57</td> <td>10/2/2025</td> <td>141.0.7390.55</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-11219 11655 11655 11655 Release Notes 11655 No Security Update 141.0.3537.57 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-02T20:48:07 <p>Information published.</p> Azure Monitor Agent Elevation of Privilege Vulnerability <p>Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L) and the privilege required is none (PR:L). What privileges could an attacker gain with successful exploitation?</strong></p> <p>A local user could take advantage of this vulnerability and perform elevation of privilege (EOP). By successfully exploiting this vulnerability, the attacker could elevate their privileges to obtain root level access on the virtual machine.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What is does this mean in the context of the elevation of privilege vulnerability?</strong></p> <p>In order to successfully exploit this vulnerability, the attacker requires write access to the configuration directory by creating malicious files in a directory before the Azure Monitor Agent is installed or before the service starts after system restart.</p> Azure Monitor Agent Microsoft Yes CVE-2025-59285 Deserialization of Untrusted Data 12331 Elevation of Privilege 12331 Important 12331 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12331 Release Notes https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-cli 12331 Maybe Security Update 1.36.3 https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-cli 12331 Release Notes P1hcn 1.0 2025-10-14T07:00:00 <p>Information published.</p> MITRE: CVE-2025-59489 Unity Gaming Engine Editor vulnerability <p><a href="https://unity.com">Unity</a> announced a security vulnerability (CVE-2025-59489) that is affecting games or applications built with the Unity Gaming Engine Editor (version 2017.1 or later).</p> <p>You may be using a Microsoft app or playing a Microsoft game that should be uninstalled until an update is available. We are working to update games and applications that are potentially affected by this Unity vulnerability.</p> <p>In most cases, you can stay safe by ensuring your games and applications are up to date and Microsoft Defender is running on your device.</p> <p>If you have downloaded a vulnerable game or app (see list below) on one of the following platforms, you could be at risk:</p> <ul> <li>Android</li> <li>Windows</li> <li>Linux (Desktop)</li> <li>Linux (embedded)</li> <li>MacOS</li> </ul> <p>We have confirmed the following are not impacted:</p> <ul> <li>Xbox consoles</li> <li>Xbox Cloud Gaming</li> <li>iOS</li> <li>HoloLens</li> </ul> <p><strong>Recommended Next Steps:</strong></p> <p><strong>For Developers</strong>: Unity has made a fix available to developers. Organizations who believe that they have an app or game that might be impacted should reference Unity guidance and update their apps/games as soon as possible. You can learn more from Unity here.</p> <p><strong>For Players and Customers</strong>: Microsoft security and game development teams are working to update any game or application that is potentially affected by this Unity vulnerability.</p> <p>If a Microsoft-owned game or application is not listed and you have installed all available updates, no further action is required. For customers who have automatic updates enabled, fixes will be deployed as they become available. If you have automatic updates turned off, please check to see if you have any updates available for your downloaded apps and games and install the latest update on your device.</p> <p>Customers who have an impacted app or game installed (see below list) are encouraged to take these steps:</p> <ul> <li>Temporarily uninstall any impacted Microsoft apps or games until an update is available. For more guidance on how to uninstall, please see the FAQs below.</li> <li>Use an up-to-date version of Microsoft Defender to detect and block attempts to exploit this vulnerability.</li> <li>Follow guidance from Unity or your platform provider.</li> <li>Microsoft-owned games and apps affected by this vulnerability and their requisite updates are documented in the Security Updates Table.</li> </ul> <p><strong>For Microsoft Mesh Apps Users</strong></p> <p>In response to this CVE that is affecting applications built with the Unity Gaming Engine Editor (version 2017.1 or later), Microsoft has released a required security update for the Microsoft Mesh PC applications. We strongly encourage all users with the Microsoft Mesh apps installed on their devices to promptly update to the latest version of these apps, version 5.2513.3.0 or greater. If you have automatic updates enabled for these apps on all devices, no further action is required.</p> <p>While we do not expect this to affect the functionality of any previously-scheduled events in Microsoft Mesh, use of the immersive spaces in Microsoft Teams meetings, or immersive events in Microsoft Teams, users will be required to update the Mesh PC apps before joining newly scheduled events in Mesh. We are informing you of this now so that you can mitigate any disruptions this may introduce to your events.</p> <p><strong>Why are there no links to updates in the Security Updates Table?</strong></p> <p>This document will be updated with more information as it becomes available. We recommend allowing automatic updates for the apps on your platform.</p> <p><strong>I am using an impacted game or app, what should I do?</strong></p> <p>You should uninstall the impacted application until an update is available. Updates are being released regularly, you can check this page to see if the impacted application has been removed from the “Updates in Progress” list above or check for available updates on your device. We also encourage customers to subscribe to Security Update Guide notifications to be alerted of updates for impacted games/apps. This Advisory and the related CVE will be updated with new information as needed and will link to any future security updates released.</p> <p><strong>How do I check for and install updates for my games or apps?</strong></p> <p>Windows customers can learn more here. If you are using another platform, please refer to their guidance.</p> <p><strong>How do I uninstall an impacted game or application?</strong></p> <p>To uninstall an app or game on Windows, press the Windows logo key on your keyboard or toolbar, and then enter settings in the search bar. Select Settings from the results, and then go to Apps &gt; Apps &amp; features or Installed apps, depending on your version of Windows. If you're on a Windows 10 device, choose the game that you want to uninstall from the list and then select Uninstall two times. On Windows 11, select the More actions button (“…”), and then select Uninstall two times. If you're on a Windows 10 device, choose the game that you want to uninstall from the list and then select Uninstall two times. On Windows 11, select the More actions button (“…”), and then select Uninstall two times.</p> <p><strong>How do I know if my game is impacted?</strong></p> <p>You can review the above list for impacted Microsoft titles. If the game you are playing is not listed and you have installed all available security updates, no further action is required. The above list is only representative of first-party Microsoft games.</p> <p><strong>I am playing one of the impacted games on Xbox console, should I be worried?</strong></p> <p>No. Console games and cloud gaming are not impacted.</p> <p><strong>Are there any games that were vulnerable but Microsoft has already released security updates for?</strong></p> <p>Yes, our teams have already released updates for some games and applications that were built on the effected version of Unity Editor. Those games and apps will be listed in the soon-to-be-published CVE-2025-59489.</p> <p><strong>When will updates be available for the games and apps that have not been updated?</strong></p> <p>Microsoft does not provide ETAs for security updates. Solutions to security issues are tested to ensure quality prior to release and will be published to the Microsoft Store once validation has been completed.</p> <p><strong>Are there any mitigations that can be deployed until a patch is available?</strong></p> <p>The game or app can be uninstalled and reinstalled once a patched version is available, please see <a href="https://www.cve.org/CVERecord/SearchResults?query=CVE-2025-59489">MITRE: CVE-2025-59489 Unity Gaming Engine Editor vulnerability</a> for the current status.</p> <p>Additionally, Windows Defender will block exploitation attempts, Defender definitions version 1.437.296.0 and above have the following detections:</p> <ul> <li>Exploit:Win32/CVE-2025-59489</li> <li>Exploit:Win32/CVE-2025-59489.B</li> <li>Behavior:Win32/CVE-2025-59489</li> </ul> <p><strong>Are handheld devices affected?</strong></p> <p>Devices running Windows are affected, including desktops, laptops and handheld devices.</p> Games MITRE Yes CVE-2025-59489 Untrusted Search Path 20471 20473 20474 20475 20480 20488 20489 20490 20491 20492 20493 20494 20495 20496 20498 20499 20500 20501 20502 20503 20504 20505 20506 20507 20509 20513 20476 20477 20486 20511 Elevation of Privilege 20471 Elevation of Privilege 20473 Elevation of Privilege 20474 Elevation of Privilege 20475 Elevation of Privilege 20480 Elevation of Privilege 20488 Elevation of Privilege 20489 Elevation of Privilege 20490 Elevation of Privilege 20491 Elevation of Privilege 20492 Elevation of Privilege 20493 Elevation of Privilege 20494 Elevation of Privilege 20495 Elevation of Privilege 20496 Elevation of Privilege 20498 Elevation of Privilege 20499 Elevation of Privilege 20500 Elevation of Privilege 20501 Elevation of Privilege 20502 Elevation of Privilege 20503 Elevation of Privilege 20504 Elevation of Privilege 20505 Elevation of Privilege 20506 Elevation of Privilege 20507 Elevation of Privilege 20509 Elevation of Privilege 20513 Elevation of Privilege 20476 Elevation of Privilege 20477 Elevation of Privilege 20486 Elevation of Privilege 20511 Important 20471 Important 20473 Important 20474 Important 20475 Important 20480 Important 20488 Important 20489 Important 20490 Important 20491 Important 20492 Important 20493 Important 20494 Important 20495 Important 20496 Important 20498 Important 20499 Important 20500 Important 20501 Important 20502 Important 20503 Important 20504 Important 20505 Important 20506 Important 20507 Important 20509 Important 20513 Important 20476 Important 20477 Important 20486 Important 20511 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20471 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20473 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20474 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20475 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20480 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20488 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20489 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20490 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20491 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20492 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20493 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20494 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20495 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20496 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20498 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20499 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20500 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20501 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20502 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20503 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20504 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20505 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20506 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20507 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20509 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20513 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20476 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20477 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20486 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20511 Release Notes https://www.meta.com/experiences/6750166401689690/ 20513 Maybe Security Update 5.2514 https://learn.microsoft.com/en-us/mesh/resources/mesh-release-notes 20513 Release Notes Release Notes https://learn.microsoft.com/en-us/mesh/resources/mesh-release-notes 20511 Maybe Security Update 5.2514 https://learn.microsoft.com/en-us/mesh/resources/mesh-release-notes 20511 Release Notes 1.0 2025-10-03T07:00:00 <p>Information published.</p> 2.0 2025-10-07T07:00:00 <p>The following updates have been made to CVE-2025-59489: 1) In the Security Updates table, added Microsoft Mesh and Microsoft Mesh for Meta Quest as they affected by this vulnerability. 2) Further, to comprehensively address this vulnerability, Microsoft has released the 5.2514 build for these applications.</p> <p>Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> Windows Server Update Service (WSUS) Remote Code Execution Vulnerability <p>Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>A remote, unauthenticated attacker could send a crafted event that triggers unsafe object deserialization in a legacy serialization mechanism, resulting in remote code execution.</p> <p><strong>What actions do I need to take to be protected from this vulnerability?</strong></p> <p>To fully address this vulnerability:</p> <ul> <li>Windows Server customers should install the out-of-band update released on October 23, 2025.</li> <li>Windows Servers enrolled into the hotpatch program should install the out-of-band standalone security update released on October 24, 2025.</li> </ul> <p>If you cannot install the update immediately see the <strong>Workaround</strong> section for actions you can take to be protected.</p> <p><strong>Will the out-of-band update released on October 23, 2025 require a Windows server reboot?</strong></p> <p>Yes. After you install the update you will need to reboot your system.</p> <p><strong>Will the out-of-band standalone security updates released on October 24, 2025 for Windows Servers enrolled into the hotpatch program require a reboot</strong></p> <p>Yes. A reboot will be required <strong>only</strong> on servers that have WSUS enabled. This update will not reset the previous baseline.</p> <p><strong>How I do get the October 23, 2025 out of band security update?</strong></p> <p>The update is available through the following channels:</p> <ul> <li><p>For customers who automatically install updates, this update will be downloaded and installed automatically from Windows Update and Microsoft Update.</p> </li> <li><p>The standalone package for this update is available on the Microsoft Update Catalog website.</p> </li> <li><p>This update will automatically sync with Windows Server Update Services (WSUS).</p> </li> </ul> <p><strong>How do I get the October 24, 2025 out-of-band standalone security update for Windows Servers enrolled into the hotpatch program?</strong></p> <p>Windows Server 2022:</p> <ul> <li><p>For customers who automatically install updates, this update will be downloaded and installed automatically from Windows Update.</p> </li> <li><p>This update will automatically sync with Windows Server Update Services (WSUS).</p> </li> </ul> <p>Windows Server 2025:</p> <ul> <li>For customers who automatically install updates, this update will be downloaded and installed automatically from Windows Update only.</li> </ul> <p><strong>Why did the Temporal CVSS score change?</strong></p> <p>Microsoft has updated the Exploit Code Maturity metric of the CVSS Temporal score from Unproven (U) to Proof-of-Concept (P) after confirming the availability of publicly disclosed PoC code for this CVE.</p> <p><strong>Will an updated Windows Update offline scan file, Wsusscn2.cab, with this new security update be available?</strong></p> <p>Yes. An updates scan file will be available at the time of, or shortly after, the release.</p> Windows Server Update Service Microsoft Yes CVE-2025-59287 Deserialization of Untrusted Data 11571 11572 11923 11924 12437 12244 12436 10816 10855 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 12437 Critical 12244 Critical 12436 Critical 10816 Critical 10855 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 9.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 9.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 9.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11923 9.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11924 9.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12437 9.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12244 9.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12436 9.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 9.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 9.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 9.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 9.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 9.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 5070883 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5070883 11571 11572 Maybe Security Update 10.0.17763.7922 https://support.microsoft.com/help/5070883 11571 11572 5070883 5070883 https://support.microsoft.com/help/5070883 11571 11572 5070884 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5070884 11923 11924 Yes Security Update 10.0.20348.4297 https://support.microsoft.com/help/5070884 11923 11924 5070884 5070884 https://support.microsoft.com/help/5070884 11923 11924 5070892 11923 11924 Yes Standalone Security Update 10.0.20348.4297 https://support.microsoft.com/help/5070892 11923 11924 5070892 5070892 https://support.microsoft.com/help/5070892 11923 11924 5070881 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5070881 12437 12436 Maybe Security Update 10.0.26100.6905 https://support.microsoft.com/help/5070881 12437 12436 5070881 5070881 https://support.microsoft.com/help/5070881 12437 12436 5070893 12437 12436 Yes Standalone Security Update 10.0.26100.6905 https://support.microsoft.com/help/5070893 12437 12436 5070893 5070893 https://support.microsoft.com/help/5070893 12437 12436 5070879 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5070879 12244 Yes Security Update 10.0.25398.1916 https://support.microsoft.com/help/5070879 12244 5070879 5070879 https://support.microsoft.com/help/5070879 12244 5070882 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5070882 10816 10855 Yes Security Update 10.0.14393.8524 https://support.microsoft.com/help/5070882 10816 10855 5070882 5070882 https://support.microsoft.com/help/5070882 10816 10855 5070887 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5070887 10378 10379 Yes Security Update 6.2.9200.25728 https://support.microsoft.com/help/5070887 10378 10379 5070887 5070887 https://support.microsoft.com/help/5070887 10378 10379 5070886 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5070886 10483 10543 Yes Security Update 6.3.9600.22826 https://support.microsoft.com/help/5070886 10483 10543 5070886 5070886 https://support.microsoft.com/help/5070886 10483 10543 <p>The following workarounds might be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you plan to leave either of these workarounds in place:</p> <p>If you are unable to install the October 23, 2025 out-of-band update, you can take any of the following actions to be protected against this vulnerability:</p> <ul> <li>If the WSUS Server Role is enabled on your server, disable it. Note that clients will no longer receive updates from the server if WSUS is disabled.</li> <li>Block inbound traffic to Ports 8530 and 8531 on the host firewall (as opposed to blocking only at the network/perimeter firewall) to render WSUS non-operational.</li> </ul> <p><strong>Important</strong>: Do NOT undo either of these workarounds until after you have installed the update.</p> <p><a href="https://www.microsoft.com/en-us/msrc/glossary#Mitigation">Mitigation</a> refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability.</p> <p><strong>The following mitigating factors might be helpful in your situation:</strong></p> <p>The WSUS Server Role is not enabled by default on Windows servers. Windows servers that do not have the WSUS server role enabled are not vulnerable to this vulnerability. If the WSUS server role is enabled, the server will become vulnerable if the fix is not installed before the WSUS server role is enabled.</p> <a href="https://twitter.com/mwulftange">Markus Wulftange</a> with <a href="https://code-white.com/">CODE WHITE GmbH</a> MEOW f7d8c52bec79e42795cf15888b85cbad MEOW 2.0 2025-10-23T07:00:00 <p>To comprehensively address CVE-2025-59287, Microsoft has released an out of band security update for the following supported versions of Windows Server: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), and Windows Server 2025. Note that a reboot will be required after you install the updates.</p> 1.0 2025-10-14T07:00:00 <p>Information published.</p> 2.1 2025-10-24T07:00:00 <p>Updated links to security updates. This is an informational change only.</p> 3.0 2025-10-24T07:00:00 <p>Security hotpatch updates are now available for supported versions of Windows Server 2022 and Windows Server 2025. Note that a reboot will be required after you install these hotpatch updates.</p> Windows Bluetooth Service Elevation of Privilege Vulnerability <p>Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Bluetooth Service Microsoft Yes CVE-2025-59289 Double Free 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 12097 12098 12099 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37), SEC-agent team</a> with <a href="https://www.enki.co.kr/">ENKI WhiteHat</a> Hwiwon Lee (hwiwonl), SEC-agent team 1.0 2025-10-14T07:00:00 <p>Information published. This CVE was addressed by updates that were released in September 2025, but the CVE was inadvertently omitted from the September 2025 Security Updates. This is an informational change only. Customers who have already installed the September 2025 updates do not need to take any further action.</p> MITRE CVE-2025-47827: Secure Boot bypass in IGEL OS before 11 <p>In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.</p> <p>MITRE created this CVE on their behalf. The documented Windows updates incorporate updates in IGEL OS which address this vulnerability. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows Secure Boot MITRE Yes CVE-2025-47827 Use of a Key Past its Expiration Date 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 20437 Security Feature Bypass 20438 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 11568 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 11569 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 11571 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 11572 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 11923 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 11924 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 11929 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 11930 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 11931 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 12085 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 12086 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 12097 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 12098 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 12099 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 12437 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 20437 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 20438 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 12242 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 12243 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 12244 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 12389 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 12390 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 12436 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 10729 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 10735 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 10852 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 10853 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 10816 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 10855 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 10378 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 10379 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 10483 4.6 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 10543 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 20437 20438 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066875 5065509 10378 10379 Yes Monthly Rollup 6.2.9200.25722 https://support.microsoft.com/help/5066875 10378 10379 5066875 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 <a href="https://www.linkedin.com/in/zack-didcott">Zack Didcott</a> 1.0 2025-10-14T07:00:00 <p>Information published.</p> 1.1 2025-10-30T07:00:00 <p>Added an acknowledgement. This is an informational change only.</p> Microsoft Defender for Linux Denial of Service Vulnerability <p>Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Microsoft Defender for Linux Microsoft Yes CVE-2025-59497 Time-of-check Time-of-use (TOCTOU) Race Condition 12015 Denial of Service 12015 Important 12015 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12015 Release Notes https://learn.microsoft.com/en-us/defender-endpoint/linux-updates 12015 Maybe Security Update 101.25032.0010 https://learn.microsoft.com/en-us/defender-endpoint/linux-whatsnew#april-2025-build-101250220002--release-version-3012502200010 12015 Release Notes G1ND1L4 Gil Regev 1.0 2025-10-14T07:00:00 <p>Information published.</p> Azure Entra ID Elevation of Privilege Vulnerability <p>Azure Entra ID Elevation of Privilege Vulnerability</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Entra ID Microsoft No CVE-2025-59218 Improper Access Control 12383 Elevation of Privilege 12383 Critical 12383 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.6 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C 12383 Vladimir Abramzon Vladimir Abramzon 1.0 2025-10-09T07:00:00 <p>Information published.</p> Azure Entra ID Elevation of Privilege Vulnerability <p>Azure Entra ID Elevation of Privilege Vulnerability</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Entra ID Microsoft No CVE-2025-59246 Missing Authentication for Critical Function 12383 Elevation of Privilege 12383 Critical 12383 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12383 Dylan Ryan-Zilavy 1.0 2025-10-09T07:00:00 <p>Information published.</p> Azure PlayFab Elevation of Privilege Vulnerability <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure PlayFab Microsoft No CVE-2025-59247 Improper Privilege Management Reliance on Cookies without Validation and Integrity Checking 20445 Elevation of Privilege 20445 Critical 20445 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20445 Anonymous 1.0 2025-10-09T07:00:00 <p>Information published.</p> M365 Copilot Information Disclosure Vulnerability <p>Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Copilot Microsoft No CVE-2025-59252 Improper Neutralization of Special Elements used in a Command ('Command Injection') 20452 Spoofing 20452 Critical 20452 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.3 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 20452 <a href="https://x.com/es7evam">Estevam Arantes</a> with Microsoft 1.1 2025-11-21T08:00:00 <p>Updated information to include CVSS scores. This is an informational change only.</p> 1.0 2025-10-09T07:00:00 <p>Information published.</p> Redis Enterprise Elevation of Privilege Vulnerability <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Redis Enterprise Microsoft No CVE-2025-59271 Improper Authorization 20450 20451 Elevation of Privilege 20450 Elevation of Privilege 20451 Critical 20450 Critical 20451 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20450 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20451 Chantal Olieman with Microsoft Gary Wang with Microsoft Jordan Rodak with Microsoft 1.0 2025-10-09T07:00:00 <p>Information published.</p> Copilot Information Disclosure Vulnerability <p>Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform information disclosure locally.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Copilot Microsoft No CVE-2025-59272 Improper Neutralization of Special Elements used in a Command ('Command Injection') 16791 Spoofing 16791 Critical 16791 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.3 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 16791 <a href="https://x.com/es7evam">Estevam Arantes</a> with Microsoft 1.1 2025-11-21T08:00:00 <p>Updated information to include CVSS scores. This is an informational change only.</p> 1.0 2025-10-09T07:00:00 <p>Information published.</p> Azure Monitor Log Analytics Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Monitor Microsoft No CVE-2025-55321 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11934 Spoofing 11934 Critical 11934 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.3 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11934 <a href="https://arnaud.sh/">Arnaud PASCAL</a> with <a href="https://vaadata.com/">VAADATA</a> <a href="https://github.com/voljeans">Thomas DELFINO</a> with <a href="https://vaadata.com/">VAADATA</a> 1.0 2025-10-09T07:00:00 <p>Information published.</p> Copilot Information Disclosure Vulnerability <p>Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Copilot Microsoft No CVE-2025-59286 Improper Neutralization of Special Elements used in a Command ('Command Injection') 16791 Spoofing 16791 Critical 16791 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.3 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 16791 <a href="https://x.com/es7evam">Estevam Arantes</a> with Microsoft 1.1 2025-11-21T08:00:00 <p>Updated information to include CVSS scores. This is an informational change only.</p> 1.0 2025-10-09T07:00:00 <p>Information published.</p> Chromium: CVE-2025-11756 Use after free in Safe Browsing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>141.0.3537.85</td> <td>10/17/2025</td> <td>141.0.7390.107/.108</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-11756 11655 11655 11655 Release Notes 11655 No Security Update 141.0.3537.85 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-17T15:29:43 <p>Information published.</p> Azure Event Grid System Elevation of Privilege Vulnerability <p>Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Event Grid Microsoft No CVE-2025-59273 Improper Access Control 20510 Elevation of Privilege 20510 Critical 20510 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 20510 <a href="https://www.linkedin.com/in/bobbracke/">Bob Bracke</a> with <a href="https://www.thecollective.eu/">The Collective Consulting</a> 1.0 2025-10-23T07:00:00 <p>Information published.</p> Azure Compute Resource Provider Elevation of Privilege Vulnerability <p>Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Compute Gallery Microsoft No CVE-2025-59503 Server-Side Request Forgery (SSRF) 20584 Elevation of Privilege 20584 Critical 20584 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 10.0 8.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20584 1.0 2025-10-23T07:00:00 <p>Information published.</p> 1.1 2025-10-28T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Azure Notification Service Elevation of Privilege Vulnerability <p>Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Notification Service Microsoft No CVE-2025-59500 Improper Access Control 20585 Elevation of Privilege 20585 Critical 20585 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 7.7 6.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C 20585 bountyplz bountyplz 1.0 2025-10-23T07:00:00 <p>Information published.</p> Microsoft Configuration Manager Spoofing Vulnerability <p>Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>For the vulnerability, this means the exploitation requires a specific and uncommon condition: an Active Directory user account must exist with a matching user principal name (UPN) that was not properly synchronized to Microsoft Entra ID.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by modifying the user principal name (UPN) of a valid Microsoft Entra ID account or create a new Account to impersonate an Active Directory user with the same UPN that was not synchronized to Entra ID. Successful exploitation could allow the attacker to gain unauthorized administrative control over Microsoft Configuration Manager and its managed clients.</p> <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p> Microsoft Configuration Manager Microsoft Yes CVE-2025-59501 Authentication Bypass by Spoofing 12402 16788 20545 Spoofing 12402 Spoofing 16788 Spoofing 20545 Important 12402 Important 16788 Important 20545 Publicly Disclosed:No;Exploited:No 4.8 4.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12402 4.8 4.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 16788 4.8 4.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20545 Release Notes https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2409/35360093 12402 No Security Update 5.00.9128.1037 https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2409/35360093 12402 Release Notes Release Notes https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2503/32851084 16788 No Security Update 5.0.9135.1013 https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2503/32851084 16788 Release Notes Release Notes https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2409/35360093 20545 No Security Update 5.00.9132.1031 https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2409/35360093 20545 Release Notes <a href="https://x.com/unsigned_sh0rt">Garrett Foster</a> with <a href="https://specterops.io/">SpecterOps, Inc.</a> <a href="https://x.com/unsigned_sh0rt">Garrett Foster</a> with <a href="https://specterops.io/">SpecterOps, Inc.</a> 1.0 2025-10-24T07:00:00 <p>Information published.</p> Chromium: CVE-2025-12036 Inappropriate implementation in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>142.0.3595.53</td> <td>10/31/2025</td> <td>142.0.7445.59/.60</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-12036 11655 11655 11655 Release Notes 11655 No Security Update 142.0.3595.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-10-31T07:00:51 <p>Information published.</p> Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability <p>Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>142.0.3595.53</td> <td>10/31/2025</td> <td>142.0.7445.59/.60</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>How could an attacker exploit this vulnerability via the Network?</strong></p> <p>An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?</strong></p> <p>While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2025-60711 Protection Mechanism Failure 11655 Remote Code Execution 11655 Important 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.3 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 11655 Release Notes 11655 No Security Update 142.0.3595.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Eduardo Braun Prado working with Trend Zero Day Initiative 1.0 2025-10-31T07:00:00 <p>Information published.</p>