September 2025 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2025-Sep 2025-Sep Final 1.0 999 2026-05-17T14:53:43 September 2025 Security Updates 2025-09-09T00:00:00 2026-05-17T14:53:43 <h2 id="this-release-consists-of-the-following-94-microsoft-cves">This release consists of the following 94 Microsoft CVEs:</h2> <table> <thead> <tr> <th>Tag</th> <th>CVE</th> <th>Base Score</th> <th>CVSS Vector</th> <th>Exploitability</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Microsoft Edge for Android</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47967">CVE-2025-47967</a></td> <td>4.7</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47997">CVE-2025-47997</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Windows Virtual Machine Agent</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49692">CVE-2025-49692</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft PC Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49728">CVE-2025-49728</a></td> <td>4.0</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows PowerShell</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49734">CVE-2025-49734</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53791">CVE-2025-53791</a></td> <td>4.7</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53796">CVE-2025-53796</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53797">CVE-2025-53797</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53798">CVE-2025-53798</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Imaging Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53799">CVE-2025-53799</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53800">CVE-2025-53800</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53801">CVE-2025-53801</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Bluetooth Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53802">CVE-2025-53802</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53803">CVE-2025-53803</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53804">CVE-2025-53804</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Internet Information Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53805">CVE-2025-53805</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53806">CVE-2025-53806</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53807">CVE-2025-53807</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Defender Firewall Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53808">CVE-2025-53808</a></td> <td>6.7</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Local Security Authority Subsystem Service (LSASS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53809">CVE-2025-53809</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Defender Firewall Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53810">CVE-2025-53810</a></td> <td>6.7</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54091">CVE-2025-54091</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54092">CVE-2025-54092</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows TCP/IP</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54093">CVE-2025-54093</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Defender Firewall Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54094">CVE-2025-54094</a></td> <td>6.7</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54095">CVE-2025-54095</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54096">CVE-2025-54096</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54097">CVE-2025-54097</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54098">CVE-2025-54098</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54099">CVE-2025-54099</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows SMBv3 Client</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54101">CVE-2025-54101</a></td> <td>4.8</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Connected Devices Platform Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54102">CVE-2025-54102</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Management Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54103">CVE-2025-54103</a></td> <td>7.4</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Defender Firewall Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54104">CVE-2025-54104</a></td> <td>6.7</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Brokering File System</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54105">CVE-2025-54105</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54106">CVE-2025-54106</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows MapUrlToZone</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54107">CVE-2025-54107</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Capability Access Management Service (camsvc)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54108">CVE-2025-54108</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Defender Firewall Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54109">CVE-2025-54109</a></td> <td>6.7</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54110">CVE-2025-54110</a></td> <td>8.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows UI XAML Phone DatePickerFlyout</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54111">CVE-2025-54111</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Virtual Hard Drive</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54112">CVE-2025-54112</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54113">CVE-2025-54113</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Connected Devices Platform Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54114">CVE-2025-54114</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54115">CVE-2025-54115</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows MultiPoint Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54116">CVE-2025-54116</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Local Security Authority Subsystem Service (LSASS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54894">CVE-2025-54894</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows SPNEGO Extended Negotiation</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54895">CVE-2025-54895</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54896">CVE-2025-54896</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54897">CVE-2025-54897</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54898">CVE-2025-54898</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54899">CVE-2025-54899</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54900">CVE-2025-54900</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54901">CVE-2025-54901</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54902">CVE-2025-54902</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54903">CVE-2025-54903</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54904">CVE-2025-54904</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54905">CVE-2025-54905</a></td> <td>7.1</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54906">CVE-2025-54906</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Visio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54907">CVE-2025-54907</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office PowerPoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54908">CVE-2025-54908</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54910">CVE-2025-54910</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows BitLocker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54911">CVE-2025-54911</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows BitLocker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54912">CVE-2025-54912</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows UI XAML Maps MapControlSettings</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54913">CVE-2025-54913</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure - Networking</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54914">CVE-2025-54914</a></td> <td>10.0</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Defender Firewall Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54915">CVE-2025-54915</a></td> <td>6.7</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NTFS</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54916">CVE-2025-54916</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows MapUrlToZone</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54917">CVE-2025-54917</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NTLM</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54918">CVE-2025-54918</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K - GRFX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54919">CVE-2025-54919</a></td> <td>7.5</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Graphics Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55223">CVE-2025-55223</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K - GRFX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55224">CVE-2025-55224</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55225">CVE-2025-55225</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Graphics Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55226">CVE-2025-55226</a></td> <td>6.7</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55227">CVE-2025-55227</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K - GRFX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55228">CVE-2025-55228</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft High Performance Compute Pack (HPC)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55232">CVE-2025-55232</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows SMB</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55234">CVE-2025-55234</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Graphics Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55236">CVE-2025-55236</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Dynamics 365 FastTrack Implementation Assets</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55238">CVE-2025-55238</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Entra</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55241">CVE-2025-55241</a></td> <td>10.0</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Xbox</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55242">CVE-2025-55242</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55243">CVE-2025-55243</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Bot Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55244">CVE-2025-55244</a></td> <td>9.0</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>XBox Gaming Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55245">CVE-2025-55245</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Connected Machine Agent</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55316">CVE-2025-55316</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft AutoUpdate (MAU)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55317">CVE-2025-55317</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Agentic AI and Visual Studio Code</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55319">CVE-2025-55319</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>GitHub</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55322">CVE-2025-55322</a></td> <td>7.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59215">CVE-2025-59215</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59216">CVE-2025-59216</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Bluetooth Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59220">CVE-2025-59220</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59251">CVE-2025-59251</a></td> <td>7.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="we-are-republishing-13-non-microsoft-cves">We are republishing 13 non-Microsoft CVEs:</h2> <table> <thead> <tr> <th>CNA</th> <th>Tag</th> <th>CVE</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>VulnCheck</td> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21907">CVE-2024-21907</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-10200">CVE-2025-10200</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-10201">CVE-2025-10201</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-10500">CVE-2025-10500</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-10501">CVE-2025-10501</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-10502">CVE-2025-10502</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-10585">CVE-2025-10585</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-10890">CVE-2025-10890</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-10891">CVE-2025-10891</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-10892">CVE-2025-10892</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-9864">CVE-2025-9864</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-9865">CVE-2025-9865</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-9866">CVE-2025-9866</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-9867">CVE-2025-9867</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>November 12, 2024</td> <td><a href="https://aka.ms/MSRC-CSAF-Blog">Toward greater transparency: Publishing machine-readable CSAF files</a></td> </tr> <tr> <td>June 27, 2024</td> <td><a href="https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves/">Toward greater transparency: Unveiling Cloud Service CVEs</a></td> </tr> <tr> <td>April 9, 2024</td> <td><a href="https://aka.ms/MSRC-CWE-Blog">Toward greater transparency: Security Update Guide now shares CWEs for CVEs</a></td> </tr> <tr> <td>January 6, 2023</td> <td><a href="https://msrc.microsoft.com/blog/2023/01/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/">Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API</a></td> </tr> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-resources">Relevant Resources</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5065306">5065306</a></td> <td>Windows Server 2022 Hotpatch</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5065426">5065426</a></td> <td>Windows 11, version 24H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5065429">5065429</a></td> <td>Windows 10</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5065431">5065431</a></td> <td>Windows 11 version 22H2, Windows 11 version 23H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5065432">5065432</a></td> <td>Windows Server 2022</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5065474">5065474</a></td> <td>Windows Server 2025 Hotpatch</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5065508">5065508</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5065511">5065511</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows Server 2025 (Server Core installation) Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Windows Server 2025 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) PowerShell 7.4 PowerShell 7.5 Visual Studio Code Office Online Server Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2024 for 64-bit editions Microsoft Office LTSC for Mac 2024 Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft PowerPoint 2016 (32-bit edition) Microsoft PowerPoint 2016 (64-bit edition) Microsoft OfficePLUS Microsoft AutoUpdate for Mac Microsoft Office for Android Microsoft HPC Pack 2019 Azure Connected Machine Agent Microsoft Entra ID Azure Networking Azure Bot Service Xbox Gaming Services Microsoft PC Manager Microsoft Edge (Chromium-based) Microsoft SQL Server 2017 for x64-based Systems (GDR) Microsoft SQL Server 2019 for x64-based Systems (GDR) Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack Microsoft SQL Server 2017 for x64-based Systems (CU 31) Microsoft SQL Server 2022 for x64-based Systems (GDR) Microsoft SQL Server 2022 for x64-based Systems (CU 20) Microsoft SQL Server 2019 for x64-based Systems (CU 32) Dynamics 365 FastTrack Implementation OmniParser azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 azl3 kernel 6.6.96.2-2 on Azure Linux 3.0 cbl2 erlang 25.3.2.21-2 on CBL Mariner 2.0 azl3 erlang 26.2.5.13-1 on Azure Linux 3.0 cbl2 erlang 25.3.2.21-4 on CBL Mariner 2.0 azl3 kernel 6.6.104.2-4 on Azure Linux 3.0 azl3 ruby 3.3.5-6 on Azure Linux 3.0 azl3 rubygem-rexml 3.3.9-2 on Azure Linux 3.0 azl3 ruby 3.3.5-5 on Azure Linux 3.0 cbl2 ruby 3.1.7-3 on CBL Mariner 2.0 azl3 python-pip 24.2-3 on Azure Linux 3.0 azl3 python-pip 24.2-4 on Azure Linux 3.0 azl3 squid 6.13-1 on Azure Linux 3.0 cbl2 glib-networking 2.70.0-1 on CBL Mariner 2.0 azl3 glib-networking 2.78.0-1 on Azure Linux 3.0 cbl2 pytorch 2.0.0-9 on CBL Mariner 2.0 cbl2 glib 2.71.0-5 on CBL Mariner 2.0 azl3 glib 2.78.6-3 on Azure Linux 3.0 cbl2 glib 2.71.0-7 on CBL Mariner 2.0 cbl2 glib 2.71.0-6 on CBL Mariner 2.0 azl3 glib 2.78.6-4 on Azure Linux 3.0 azl3 coredns 1.11.4-8 on Azure Linux 3.0 cbl2 coredns 1.11.1-19 on CBL Mariner 2.0 cbl2 cups 2.3.3op2-9 on CBL Mariner 2.0 cbl2 cups 2.3.3-9 on CBL Mariner 2.0 cbl2 expat 2.6.4-2 on CBL Mariner 2.0 azl3 expat 2.6.4-2 on Azure Linux 3.0 cbl2 cmake 3.21.4-18 on CBL Mariner 2.0 cbl2 expat 2.6.4-1 on CBL Mariner 2.0 azl3 cmake 3.30.3-9 on Azure Linux 3.0 azl3 python3 3.12.9-4 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 azl3 keras 3.3.3-3 on Azure Linux 3.0 cbl2 fluent-bit 3.0.6-4 on CBL Mariner 2.0 azl3 fluent-bit 3.1.9-5 on Azure Linux 3.0 cbl2 fluent-bit 3.0.6-3 on CBL Mariner 2.0 azl3 fluent-bit 3.1.9-6 on Azure Linux 3.0 azl3 fio 3.37-2 on Azure Linux 3.0 cbl2 fio 3.30-2 on CBL Mariner 2.0 cbl2 fio 3.30-3 on CBL Mariner 2.0 azl3 fio 3.37-3 on Azure Linux 3.0 cbl2 libtiff 4.6.0-8 on CBL Mariner 2.0 azl3 libtiff 4.6.0-8 on Azure Linux 3.0 cbl2 libsoup 3.0.4-9 on CBL Mariner 2.0 azl3 libsoup 3.4.4-9 on Azure Linux 3.0 cbl2 libsoup 3.0.4-10 on CBL Mariner 2.0 azl3 rubygem-rexml 3.3.9-1 on Azure Linux 3.0 azl3 pytorch 2.2.2-7 on Azure Linux 3.0 azl3 ceph 18.2.2-10 on Azure Linux 3.0 azl3 libcontainers-common 20240213-3 on Azure Linux 3.0 azl3 coredns 1.11.4-7 on Azure Linux 3.0 azl3 cups 2.4.10-1 on Azure Linux 3.0 azl3 expat 2.6.4-1 on Azure Linux 3.0 cbl2 python3 3.9.19-14 on CBL Mariner 2.0 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft PowerPoint 2016 (32-bit edition) Microsoft PowerPoint 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Windows Server 2016 Office Online Server Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft AutoUpdate for Mac Microsoft SharePoint Enterprise Server 2016 Microsoft SQL Server 2017 for x64-based Systems (GDR) Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft SharePoint Server 2019 Visual Studio Code Microsoft Edge (Chromium-based) Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft SQL Server 2019 for x64-based Systems (GDR) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft SharePoint Server Subscription Edition Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Microsoft SQL Server 2017 for x64-based Systems (CU 31) Microsoft SQL Server 2022 for x64-based Systems (GDR) Microsoft Office for Android Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) PowerShell 7.4 Azure Connected Machine Agent Xbox Gaming Services Microsoft OfficePLUS Microsoft Entra ID Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2024 for 64-bit editions Windows Server 2025 Windows Server 2025 (Server Core installation) Microsoft Office LTSC for Mac 2024 Microsoft PC Manager Microsoft HPC Pack 2019 Dynamics 365 FastTrack Implementation Microsoft SQL Server 2019 for x64-based Systems (CU 32) PowerShell 7.5 Microsoft SQL Server 2022 for x64-based Systems (CU 20) Azure Networking cbl2 kernel 5.15.186.1-1 on CBL Mariner 2.0 cbl2 rust 1.72.0-10 on CBL Mariner 2.0 azl3 libxslt 1.1.43-1 on Azure Linux 3.0 azl3 expat 2.6.4-1 on Azure Linux 3.0 azl3 rubygem-rexml 3.3.9-1 on Azure Linux 3.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 azl3 cups 2.4.10-1 on Azure Linux 3.0 azl3 libcontainers-common 20240213-3 on Azure Linux 3.0 azl3 crash 8.0.4-4 on Azure Linux 3.0 azl3 curl 8.11.1-3 on Azure Linux 3.0 azl3 pytorch 2.2.2-7 on Azure Linux 3.0 azl3 ceph 18.2.2-10 on Azure Linux 3.0 cbl2 python3 3.9.19-14 on CBL Mariner 2.0 cbl2 ceph 16.2.10-9 on CBL Mariner 2.0 cbl2 mysql 8.0.43-1 on CBL Mariner 2.0 cbl2 libssh 0.10.6-2 on CBL Mariner 2.0 azl3 coredns 1.11.4-7 on Azure Linux 3.0 azl3 libssh 0.10.6-2 on Azure Linux 3.0 azl3 binutils 2.41-7 on Azure Linux 3.0 Azure Bot Service cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 cbl2 rust 1.72.0-10 on CBL Mariner 2.0 cbl2 curl 8.8.0-6 on CBL Mariner 2.0 cbl2 cloud-hypervisor-cvm 38.0.72.2-5 on CBL Mariner 2.0 cbl2 openssl 1.1.1k-36 on CBL Mariner 2.0 cbl2 glib 2.71.0-5 on CBL Mariner 2.0 cbl2 pytorch 2.0.0-9 on CBL Mariner 2.0 cbl2 cups 2.3.3op2-9 on CBL Mariner 2.0 azl3 python3 3.12.9-4 on Azure Linux 3.0 azl3 python-pip 24.2-3 on Azure Linux 3.0 cbl2 cmake 3.21.4-18 on CBL Mariner 2.0 cbl2 crash 8.0.1-4 on CBL Mariner 2.0 cbl2 libssh 0.10.6-2 on CBL Mariner 2.0 cbl2 golang 1.22.7-4 on CBL Mariner 2.0 azl3 edk2 20240524git3e722403cd16-9 on Azure Linux 3.0 cbl2 coredns 1.11.1-19 on CBL Mariner 2.0 azl3 golang 1.24.5-1 on Azure Linux 3.0 azl3 squid 6.13-1 on Azure Linux 3.0 cbl2 libsoup 3.0.4-7 on CBL Mariner 2.0 azl3 libsoup 3.4.4-9 on Azure Linux 3.0 cbl2 libxslt 1.1.34-8 on CBL Mariner 2.0 cbl2 gdb 11.2-6 on CBL Mariner 2.0 cbl2 expat 2.6.4-1 on CBL Mariner 2.0 azl3 ruby 3.3.5-5 on Azure Linux 3.0 azl3 glib 2.78.6-3 on Azure Linux 3.0 cbl2 erlang 25.3.2.21-2 on CBL Mariner 2.0 azl3 erlang 26.2.5.13-1 on Azure Linux 3.0 cbl2 glib 2.71.0-7 on CBL Mariner 2.0 cbl2 golang 1.18.8-9 on CBL Mariner 2.0 cbl2 binutils 2.37-16 on CBL Mariner 2.0 cbl2 libsoup 3.0.4-9 on CBL Mariner 2.0 cbl2 fluent-bit 3.0.6-3 on CBL Mariner 2.0 cbl2 golang 1.22.7-5 on CBL Mariner 2.0 cbl2 ruby 3.1.7-3 on CBL Mariner 2.0 cbl2 kata-containers 3.2.0.azl2-7 on CBL Mariner 2.0 cbl2 kata-containers-cc 3.2.0.azl2-8 on CBL Mariner 2.0 cbl2 libtiff 4.6.0-8 on CBL Mariner 2.0 azl3 perl-JSON-XS 4.03-2 on Azure Linux 3.0 cbl2 perl-JSON-XS 4.03-2 on CBL Mariner 2.0 azl3 kernel 6.6.96.2-2 on Azure Linux 3.0 azl3 qemu 8.2.0-19 on Azure Linux 3.0 azl3 gdb 13.2-5 on Azure Linux 3.0 azl3 libtiff 4.6.0-8 on Azure Linux 3.0 azl3 cmake 3.30.3-9 on Azure Linux 3.0 azl3 libssh 0.10.6-3 on Azure Linux 3.0 azl3 coredns 1.11.4-8 on Azure Linux 3.0 azl3 fluent-bit 3.1.9-5 on Azure Linux 3.0 azl3 kata-containers-cc 3.15.0.aks0-5 on Azure Linux 3.0 azl3 rust 1.86.0-6 on Azure Linux 3.0 azl3 rust 1.75.0-18 on Azure Linux 3.0 azl3 keras 3.3.3-3 on Azure Linux 3.0 azl3 cloud-hypervisor 41.0.139-1 on Azure Linux 3.0 cbl2 cups 2.3.3-9 on CBL Mariner 2.0 cbl2 mysql 8.0.43-1 on CBL Mariner 2.0 azl3 mysql 8.0.43-1 on Azure Linux 3.0 OmniParser azl3 fio 3.37-2 on Azure Linux 3.0 cbl2 fio 3.30-2 on CBL Mariner 2.0 azl3 kata-containers 3.19.1.kata2-1 on Azure Linux 3.0 cbl2 glib-networking 2.70.0-1 on CBL Mariner 2.0 azl3 glib-networking 2.78.0-1 on Azure Linux 3.0 cbl2 glib 2.71.0-6 on CBL Mariner 2.0 azl3 openssl 3.3.3-3 on Azure Linux 3.0 cbl2 gdb 11.2-7 on CBL Mariner 2.0 cbl2 binutils 2.37-17 on CBL Mariner 2.0 cbl2 fluent-bit 3.0.6-4 on CBL Mariner 2.0 cbl2 cmake 3.21.4-19 on CBL Mariner 2.0 cbl2 libssh 0.10.6-3 on CBL Mariner 2.0 cbl2 erlang 25.3.2.21-4 on CBL Mariner 2.0 cbl2 curl 8.8.0-7 on CBL Mariner 2.0 cbl2 expat 2.6.4-2 on CBL Mariner 2.0 cbl2 fio 3.30-3 on CBL Mariner 2.0 azl3 kernel 6.6.104.2-4 on Azure Linux 3.0 azl3 glib 2.78.6-4 on Azure Linux 3.0 azl3 qemu 8.2.0-21 on Azure Linux 3.0 azl3 python-pip 24.2-4 on Azure Linux 3.0 azl3 curl 8.11.1-4 on Azure Linux 3.0 azl3 cmake 3.30.3-10 on Azure Linux 3.0 azl3 binutils 2.41-9 on Azure Linux 3.0 azl3 gdb 13.2-6 on Azure Linux 3.0 azl3 expat 2.6.4-2 on Azure Linux 3.0 azl3 fluent-bit 3.1.9-6 on Azure Linux 3.0 azl3 fio 3.37-3 on Azure Linux 3.0 azl3 edk2 20240524git3e722403cd16-10 on Azure Linux 3.0 azl3 skopeo 1.14.4-6 on Azure Linux 3.0 cbl2 gdb 11.2-10 on CBL Mariner 2.0 cbl2 binutils 2.37-19 on CBL Mariner 2.0 cbl2 crash 8.0.1-5 on CBL Mariner 2.0 cbl2 libsoup 3.0.4-10 on CBL Mariner 2.0 azl3 kernel 6.6.112.1-2 on Azure Linux 3.0 azl3 qemu 8.2.0-23 on Azure Linux 3.0 azl3 libsoup 3.4.4-10 on Azure Linux 3.0 azl3 libssh 0.10.6-4 on Azure Linux 3.0 azl3 rubygem-rexml 3.3.9-2 on Azure Linux 3.0 azl3 ruby 3.3.5-6 on Azure Linux 3.0 azl3 runc 1.3.3-1 on Azure Linux 3.0 azl3 conmon 2.1.8-1 on Azure Linux 3.0 cbl2 cmake 3.21.4-20 on CBL Mariner 2.0 cbl2 libxslt 1.1.34-9 on CBL Mariner 2.0 cbl2 pytorch 2.0.0-11 on CBL Mariner 2.0 cbl2 libssh 0.10.6-5 on CBL Mariner 2.0 azl3 kata-containers 3.19.1.kata2-2 on Azure Linux 3.0 azl3 kernel 6.6.117.1-1 on Azure Linux 3.0 azl3 libxslt 1.1.43-3 on Azure Linux 3.0 azl3 pytorch 2.2.2-9 on Azure Linux 3.0 azl3 rust 1.75.0-22 on Azure Linux 3.0 cbl2 libxslt 1.1.34-10 on CBL Mariner 2.0 azl3 kernel 6.6.119.3-1 on Azure Linux 3.0 azl3 pytorch 2.2.2-10 on Azure Linux 3.0 azl3 libsoup 3.4.4-11 on Azure Linux 3.0 azl3 rust 1.90.0-1 on Azure Linux 3.0 azl3 kernel 6.6.119.3-3 on Azure Linux 3.0 azl3 kata-containers-cc 3.15.0.aks0-6 on Azure Linux 3.0 azl3 kernel 6.6.121.1-1 on Azure Linux 3.0 azl3 rust 1.75.0-24 on Azure Linux 3.0 azl3 rust 1.90.0-3 on Azure Linux 3.0 azl3 curl 8.11.1-5 on Azure Linux 3.0 cbl2 cmake 3.21.4-21 on CBL Mariner 2.0 cbl2 curl 8.8.0-8 on CBL Mariner 2.0 azl3 cmake 3.30.3-11 on Azure Linux 3.0 cbl2 pytorch 2.0.0-12 on CBL Mariner 2.0 azl3 ruby 3.3.5-7 on Azure Linux 3.0 azl3 pytorch 2.2.2-11 on Azure Linux 3.0 cbl2 kernel 5.15.200.1-1 on CBL Mariner 2.0 cbl2 libsoup 3.0.4-12 on CBL Mariner 2.0 cbl2 pytorch 2.0.0-14 on CBL Mariner 2.0 azl3 kernel 6.6.126.1-1 on Azure Linux 3.0 azl3 libsoup 3.4.4-12 on Azure Linux 3.0 azl3 pytorch 2.2.2-12 on Azure Linux 3.0 cbl2 kernel 5.15.202.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.130.1-3 on Azure Linux 3.0 cbl2 pytorch 2.0.0-15 on CBL Mariner 2.0 azl3 libsoup 3.4.4-14 on Azure Linux 3.0 cbl2 libsoup 3.0.4-13 on CBL Mariner 2.0 azl3 gdb 13.2-7 on Azure Linux 3.0 azl3 libsoup 3.4.4-15 on Azure Linux 3.0 azl3 kernel 6.6.134.1-2 on Azure Linux 3.0 azl3 crash 9.0.0-2 on Azure Linux 3.0 azl3 pytorch 2.2.2-14 on Azure Linux 3.0 azl3 kernel 6.6.137.1-2 on Azure Linux 3.0 azl3 ruby 3.3.5-8 on Azure Linux 3.0 azl3 kernel 6.6.138.1-1 on Azure Linux 3.0 azl3 kernel 6.6.139.1-1 on Azure Linux 3.0 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) netfilter: nf_tables: reject duplicate device on updates <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38678 19683-17084 20412-17084 20553-17084 20613-17084 17087-17086 20925-17086 21093-17086 19683-17084 20412-17084 20553-17084 20613-17084 17087-17086 20925-17086 21093-17086 19683-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 19683-17084 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 20412-17084 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 20553-17084 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-09-04T01:02:24 <p>Information published.</p> 5.0 2026-03-31T15:03:58 <p>Information published.</p> 2.0 2025-11-27T01:01:37 <p>Information published.</p> 3.0 2025-12-02T14:35:35 <p>Information published.</p> 4.0 2026-03-03T14:51:05 <p>Information published.</p> fs/ntfs3: Add sanity check for file name <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38707 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Important 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-06T01:07:31 <p>Information published.</p> 2.0 2026-01-10T01:04:08 <p>Information published.</p> 3.0 2026-01-13T01:43:57 <p>Information published.</p> smb3: fix for slab out of bounds on mount to ksmbd <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38728 19683-17084 20412-17084 17087-17086 20925-17086 21093-17086 19683-17084 20412-17084 17087-17086 20925-17086 21093-17086 19683-17084 Moderate 20412-17084 Important 17087-17086 Important 20925-17086 Important 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20925-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21093-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 2.0 2026-01-10T01:03:01 <p>Information published.</p> 3.0 2026-03-03T14:52:10 <p>Information published.</p> 4.0 2026-03-31T15:07:55 <p>Information published.</p> 1.0 2025-09-06T01:11:14 <p>Information published.</p> f2fs: vm_unmap_ram() may be called from an invalid context <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39731 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 1.0 2025-09-09T01:01:17 <p>Information published.</p> 1.1 2026-02-18T01:13:03 <p>Information published.</p> wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39732 19683-17084 17087-17086 19683-17084 17087-17086 Important 19683-17084 Moderate 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-09-09T01:01:23 <p>Information published.</p> 2.0 2025-11-27T01:02:28 <p>Information published.</p> 3.0 2025-12-03T01:37:48 <p>Information published.</p> 3.1 2026-02-18T01:13:54 <p>Information published.</p> NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39730 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Important 17087-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19683-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-09T01:01:30 <p>Information published.</p> 2.0 2026-01-13T01:01:42 <p>Information published.</p> 3.0 2026-02-24T14:38:59 <p>Information published.</p> PCI: endpoint: Fix configfs group list head handling <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39783 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Moderate 17087-17086 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 20412-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-13T01:01:23 <p>Information published.</p> 3.0 2026-01-19T14:37:27 <p>Information published.</p> 4.0 2026-02-24T14:39:47 <p>Information published.</p> 2.0 2026-01-18T01:02:23 <p>Information published.</p> rcutorture: Fix rcutorture_one_extend_check() splat in RT kernels <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39745 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Moderate 17087-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-09-13T01:01:28 <p>Information published.</p> 2.0 2025-11-27T01:02:38 <p>Information published.</p> 3.0 2025-12-03T01:37:53 <p>Information published.</p> 3.1 2026-02-18T01:24:19 <p>Information published.</p> fs: Prevent file descriptor table allocations exceeding INT_MAX <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39756 Missing Release of Memory after Effective Lifetime 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-13T01:01:34 <p>Information published.</p> 2.0 2026-01-11T01:02:33 <p>Information published.</p> 3.0 2026-01-12T14:38:41 <p>Information published.</p> 4.0 2026-01-13T01:45:03 <p>Information published.</p> scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39788 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Important 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 1.0 2025-09-13T01:01:40 <p>Information published.</p> 2.0 2026-01-18T01:02:33 <p>Information published.</p> 3.0 2026-01-19T14:37:32 <p>Information published.</p> 4.0 2026-01-21T01:42:15 <p>Information published.</p> 4.1 2026-02-18T01:25:38 <p>Information published.</p> parisc: Drop WARN_ON_ONCE() from flush_cache_vmap <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39781 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-13T01:01:45 <p>Information published.</p> 2.0 2025-11-27T01:03:19 <p>Information published.</p> 3.0 2025-12-03T01:38:04 <p>Information published.</p> usb: core: config: Prevent OOB read in SS endpoint companion parsing <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39760 20412-17084 20412-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-13T01:01:51 <p>Information published.</p> RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39758 20412-17084 20412-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-13T01:01:56 <p>Information published.</p> netfilter: ctnetlink: remove refcounting in expectation dumpers <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39764 20412-17084 20553-17084 20613-17084 17087-17086 20725-17084 20823-17084 20860-17084 20925-17086 20956-17084 21093-17086 20788-17084 20412-17084 20553-17084 20613-17084 17087-17086 20725-17084 20823-17084 20860-17084 20925-17086 20956-17084 21093-17086 20788-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 17087-17086 Moderate 20725-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21093-17086 Moderate 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 1.0 2025-09-13T01:02:02 <p>Information published.</p> 2.0 2025-11-27T01:03:09 <p>Information published.</p> 3.0 2025-12-07T01:50:25 <p>Information published.</p> 4.0 2026-01-08T14:46:25 <p>Information published.</p> 7.0 2026-03-03T14:54:15 <p>Information published.</p> 10.0 2026-03-31T15:05:59 <p>Information published.</p> 5.0 2026-01-20T14:40:55 <p>Information published.</p> 6.0 2026-02-18T02:31:57 <p>Information published.</p> 8.0 2026-03-04T14:37:50 <p>Information published.</p> 9.0 2026-03-28T14:36:29 <p>Information published.</p> gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39753 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-13T01:02:07 <p>Information published.</p> 3.0 2025-12-03T01:37:58 <p>Information published.</p> 2.0 2025-11-27T01:02:59 <p>Information published.</p> rcu: Protect ->defer_qs_iw_pending from data race <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39749 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Important 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-13T01:02:13 <p>Information published.</p> 4.0 2026-02-24T14:38:23 <p>Information published.</p> 2.0 2026-01-11T01:02:23 <p>Information published.</p> 3.0 2026-01-12T14:38:37 <p>Information published.</p> btrfs: subpage: keep TOWRITE tag until folio is cleaned <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39779 20412-17084 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 21093-17086 21332-17084 20553-17084 20613-17084 17087-17086 20956-17084 21094-17084 21248-17084 21308-17084 21344-17084 20412-17084 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 21093-17086 21332-17084 20553-17084 20613-17084 17087-17086 20956-17084 21094-17084 21248-17084 21308-17084 21344-17084 Moderate 20412-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 21093-17086 Moderate 21332-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 17087-17086 Moderate 20956-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 21308-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-13T01:02:18 <p>Information published.</p> 5.0 2026-01-20T14:41:05 <p>Information published.</p> 7.0 2026-03-03T14:54:34 <p>Information published.</p> 8.0 2026-03-04T14:37:59 <p>Information published.</p> 2.0 2025-11-27T01:03:14 <p>Information published.</p> 3.0 2025-12-07T01:50:33 <p>Information published.</p> 4.0 2026-01-08T14:46:33 <p>Information published.</p> 6.0 2026-02-18T02:32:44 <p>Information published.</p> 9.0 2026-03-31T14:54:05 <p>Information published.</p> 10.0 2026-04-29T14:41:36 <p>Information published.</p> 11.0 2026-05-06T14:53:28 <p>Information published.</p> 12.0 2026-05-11T01:52:01 <p>Information published.</p> 13.0 2026-05-17T14:53:18 <p>Information published.</p> mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39736 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-13T01:02:24 <p>Information published.</p> 2.0 2026-01-10T01:04:33 <p>Information published.</p> 3.0 2026-01-13T01:44:14 <p>Information published.</p> mm/smaps: fix race between smaps_hugetlb_range and migration <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39754 20412-17084 20613-17084 17087-17086 20725-17084 20823-17084 20860-17084 20925-17086 21094-17084 21248-17084 21332-17084 20553-17084 20788-17084 20956-17084 21093-17086 21308-17084 21344-17084 20412-17084 20613-17084 17087-17086 20725-17084 20823-17084 20860-17084 20925-17086 21094-17084 21248-17084 21332-17084 20553-17084 20788-17084 20956-17084 21093-17086 21308-17084 21344-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 17087-17086 Moderate 20725-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 21094-17084 Moderate 21248-17084 Moderate 21332-17084 Moderate 20553-17084 Moderate 20788-17084 Moderate 20956-17084 Moderate 21093-17086 Moderate 21308-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-13T01:02:29 <p>Information published.</p> 3.0 2025-12-07T01:50:42 <p>Information published.</p> 5.0 2026-01-20T14:41:15 <p>Information published.</p> 6.0 2026-02-18T02:33:29 <p>Information published.</p> 10.0 2026-04-29T14:41:48 <p>Information published.</p> 12.0 2026-05-11T01:52:11 <p>Information published.</p> 2.0 2025-11-27T01:04:50 <p>Information published.</p> 4.0 2026-01-08T14:46:41 <p>Information published.</p> 7.0 2026-03-03T14:55:06 <p>Information published.</p> 8.0 2026-03-04T14:38:07 <p>Information published.</p> 9.0 2026-03-31T14:54:38 <p>Information published.</p> 11.0 2026-05-06T14:53:34 <p>Information published.</p> 13.0 2026-05-17T14:53:27 <p>Information published.</p> drm/amd/display: add null check <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39762 20412-17084 20613-17084 17087-17086 20725-17084 20823-17084 20860-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 20553-17084 20788-17084 21308-17084 21332-17084 21344-17084 20412-17084 20613-17084 17087-17086 20725-17084 20823-17084 20860-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 20553-17084 20788-17084 21308-17084 21332-17084 21344-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 17087-17086 Moderate 20725-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21094-17084 Moderate 21093-17086 Moderate 21248-17084 Moderate 20553-17084 Moderate 20788-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-13T01:02:35 <p>Information published.</p> 3.0 2025-12-07T01:50:49 <p>Information published.</p> 6.0 2026-02-18T02:34:12 <p>Information published.</p> 7.0 2026-03-03T14:55:23 <p>Information published.</p> 8.0 2026-03-04T14:38:15 <p>Information published.</p> 9.0 2026-03-31T14:55:12 <p>Information published.</p> 10.0 2026-04-29T14:42:01 <p>Information published.</p> 12.0 2026-05-11T01:52:20 <p>Information published.</p> 2.0 2025-11-27T01:04:55 <p>Information published.</p> 4.0 2026-01-08T14:46:50 <p>Information published.</p> 5.0 2026-01-20T14:41:24 <p>Information published.</p> 11.0 2026-05-06T14:53:39 <p>Information published.</p> 13.0 2026-05-17T14:53:36 <p>Information published.</p> iommu/arm-smmu-qcom: Add SM6115 MDSS compatible <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39739 20412-17084 20412-17084 Moderate 20412-17084 5.6 5.6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-13T01:02:41 <p>Information published.</p> net: bridge: fix soft lockup in br_multicast_query_expired() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39773 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Moderate 17087-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-13T01:02:46 <p>Information published.</p> 4.0 2026-02-24T14:39:22 <p>Information published.</p> 2.0 2026-01-18T01:02:08 <p>Information published.</p> 3.0 2026-01-19T14:37:13 <p>Information published.</p> wifi: ath12k: Correct tid cleanup when tid setup fails <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39750 Out-of-bounds Read 20412-17084 20412-17084 Important 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 1.0 2025-09-13T01:02:51 <p>Information published.</p> 1.1 2026-02-18T01:32:23 <p>Information published.</p> wifi: ath10k: shutdown driver when hardware is unreliable <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39746 20412-17084 20613-17084 17087-17086 20725-17084 20788-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 20553-17084 20823-17084 20860-17084 21308-17084 21332-17084 21344-17084 20412-17084 20613-17084 17087-17086 20725-17084 20788-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 20553-17084 20823-17084 20860-17084 21308-17084 21332-17084 21344-17084 Important 20412-17084 Important 20613-17084 Moderate 17087-17086 Important 20725-17084 Important 20788-17084 Moderate 20925-17086 Important 20956-17084 Important 21094-17084 Moderate 21093-17086 Important 21248-17084 Important 20553-17084 Important 20823-17084 Important 20860-17084 Important 21308-17084 Important 21332-17084 Important 21344-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20956-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21248-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20823-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21308-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21332-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21344-17084 1.0 2025-09-13T01:02:57 <p>Information published.</p> 2.0 2025-11-27T01:02:43 <p>Information published.</p> 3.0 2025-12-07T01:50:56 <p>Information published.</p> 4.0 2026-01-08T14:46:58 <p>Information published.</p> 5.0 2026-01-20T14:41:35 <p>Information published.</p> 7.0 2026-03-03T14:53:05 <p>Information published.</p> 9.0 2026-03-31T14:55:51 <p>Information published.</p> 10.0 2026-04-29T14:42:16 <p>Information published.</p> 11.0 2026-05-06T14:37:42 <p>Information published.</p> 6.0 2026-02-18T02:34:58 <p>Information published.</p> 8.0 2026-03-04T14:38:23 <p>Information published.</p> 12.0 2026-05-11T01:52:28 <p>Information published.</p> 13.0 2026-05-17T14:53:43 <p>Information published.</p> LoongArch: Optimize module load time by optimizing PLT/GOT counting <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39767 Improper Locking 20412-17084 20412-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-13T01:03:03 <p>Information published.</p> ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39751 20412-17084 20412-17084 Important 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 1.0 2025-09-13T01:03:08 <p>Information published.</p> 1.1 2026-02-18T01:33:46 <p>Information published.</p> drm/msm: Add error handling for krealloc in metadata setup <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39747 20412-17084 20613-17084 20725-17084 20788-17084 20860-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 21308-17084 20553-17084 17087-17086 20823-17084 21332-17084 21344-17084 20412-17084 20613-17084 20725-17084 20788-17084 20860-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 21308-17084 20553-17084 17087-17086 20823-17084 21332-17084 21344-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21094-17084 Moderate 21093-17086 Moderate 21248-17084 Moderate 21308-17084 Moderate 20553-17084 Moderate 17087-17086 Moderate 20823-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-13T01:03:14 <p>Information published.</p> 3.0 2025-12-07T01:51:03 <p>Information published.</p> 4.0 2026-01-08T14:47:07 <p>Information published.</p> 6.0 2026-02-18T02:35:39 <p>Information published.</p> 7.0 2026-03-03T14:53:23 <p>Information published.</p> 8.0 2026-03-04T14:38:30 <p>Information published.</p> 9.0 2026-03-31T14:56:28 <p>Information published.</p> 11.0 2026-05-06T14:37:51 <p>Information published.</p> 2.0 2025-11-27T01:02:49 <p>Information published.</p> 5.0 2026-01-20T14:41:45 <p>Information published.</p> 10.0 2026-04-29T14:42:28 <p>Information published.</p> 12.0 2026-05-11T01:52:35 <p>Information published.</p> 13.0 2026-05-17T14:38:44 <p>Information published.</p> crypto: x86/aegis - Add missing error checks <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39789 20412-17084 20553-17084 17087-17086 20823-17084 20860-17084 21094-17084 21093-17086 21248-17084 21308-17084 21332-17084 20613-17084 20725-17084 20788-17084 20925-17086 20956-17084 21344-17084 20412-17084 20553-17084 17087-17086 20823-17084 20860-17084 21094-17084 21093-17086 21248-17084 21308-17084 21332-17084 20613-17084 20725-17084 20788-17084 20925-17086 20956-17084 21344-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 17087-17086 Moderate 20823-17084 Moderate 20860-17084 Moderate 21094-17084 Moderate 21093-17086 Moderate 21248-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-13T01:03:19 <p>Information published.</p> 2.0 2025-11-27T01:03:24 <p>Information published.</p> 3.0 2025-12-07T01:51:10 <p>Information published.</p> 4.0 2026-01-08T14:47:16 <p>Information published.</p> 5.0 2026-01-20T14:41:55 <p>Information published.</p> 6.0 2026-02-18T02:36:22 <p>Information published.</p> 8.0 2026-03-04T14:38:37 <p>Information published.</p> 9.0 2026-03-31T14:57:07 <p>Information published.</p> 10.0 2026-04-29T14:42:41 <p>Information published.</p> 11.0 2026-05-06T14:38:00 <p>Information published.</p> 7.0 2026-03-03T14:54:52 <p>Information published.</p> 12.0 2026-05-11T01:38:15 <p>Information published.</p> 13.0 2026-05-17T14:38:52 <p>Information published.</p> btrfs: qgroup: fix race between quota disable and quota rescan ioctl <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39759 20412-17084 17087-17086 21093-17086 20925-17086 20412-17084 17087-17086 21093-17086 20925-17086 Moderate 20412-17084 Important 17087-17086 Important 21093-17086 Important 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-13T01:03:25 <p>Information published.</p> 5.0 2026-03-31T15:08:35 <p>Information published.</p> 2.0 2026-01-11T01:02:42 <p>Information published.</p> 3.0 2026-01-12T14:38:51 <p>Information published.</p> 4.0 2026-03-03T14:53:07 <p>Information published.</p> bpf: Forget ranges when refining tnum after JSET <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39748 20412-17084 20613-17084 20725-17084 20823-17084 20860-17084 20956-17084 21093-17086 20553-17084 17087-17086 20788-17084 20925-17086 20412-17084 20613-17084 20725-17084 20823-17084 20860-17084 20956-17084 21093-17086 20553-17084 17087-17086 20788-17084 20925-17086 Moderate 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21093-17086 Moderate 20553-17084 Moderate 17087-17086 Moderate 20788-17084 Moderate 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 1.0 2025-09-13T01:03:30 <p>Information published.</p> 2.0 2025-11-27T01:02:54 <p>Information published.</p> 3.0 2025-12-07T01:51:17 <p>Information published.</p> 4.0 2026-01-08T14:47:24 <p>Information published.</p> 5.0 2026-01-20T14:42:05 <p>Information published.</p> 6.0 2026-02-18T02:37:01 <p>Information published.</p> 8.0 2026-03-04T14:38:44 <p>Information published.</p> 10.0 2026-03-31T15:05:11 <p>Information published.</p> 7.0 2026-03-03T14:53:41 <p>Information published.</p> 9.0 2026-03-28T14:36:34 <p>Information published.</p> soc: qcom: mdt_loader: Ensure we don't read past the ELF header <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39787 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-13T01:03:36 <p>Information published.</p> 3.0 2026-01-20T14:46:32 <p>Information published.</p> 4.0 2026-02-24T14:39:54 <p>Information published.</p> 2.0 2026-01-18T01:02:28 <p>Information published.</p> ARM: rockchip: fix kernel hang during smp initialization <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39752 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-13T01:03:41 <p>Information published.</p> 4.0 2026-02-24T14:38:30 <p>Information published.</p> 2.0 2026-01-11T01:02:28 <p>Information published.</p> 3.0 2026-01-13T01:44:58 <p>Information published.</p> ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39763 20412-17084 17087-17086 20925-17086 21093-17086 20412-17084 17087-17086 20925-17086 21093-17086 Moderate 20412-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-13T01:03:47 <p>Information published.</p> 4.0 2026-03-31T15:05:35 <p>Information published.</p> 2.0 2025-11-27T01:03:04 <p>Information published.</p> 3.0 2026-03-03T14:53:58 <p>Information published.</p> wifi: ath12k: Decrement TID on RX peer frag setup error handling <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39761 Out-of-bounds Read 20412-17084 20412-17084 Important 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20412-17084 1.0 2025-09-13T01:03:52 <p>Information published.</p> 1.1 2026-02-18T01:38:11 <p>Information published.</p> RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39742 20412-17084 17087-17086 20412-17084 17087-17086 Important 20412-17084 Moderate 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-09-13T01:03:58 <p>Information published.</p> 3.0 2026-01-12T14:38:27 <p>Information published.</p> 4.0 2026-01-13T01:44:48 <p>Information published.</p> 2.0 2026-01-11T01:02:13 <p>Information published.</p> 4.1 2026-02-18T01:38:58 <p>Information published.</p> jfs: truncate good inode pages when hard link is 0 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39743 20412-17084 17087-17086 20412-17084 17087-17086 Critical 20412-17084 Important 17087-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 1.0 2025-09-13T01:04:03 <p>Information published.</p> 2.0 2026-01-11T01:02:18 <p>Information published.</p> 3.0 2026-01-12T14:38:32 <p>Information published.</p> 4.0 2026-01-13T01:44:53 <p>Information published.</p> 4.1 2026-02-18T01:39:47 <p>Information published.</p> ALSA: usb-audio: Validate UAC3 cluster segment descriptors <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39757 20412-17084 17087-17086 20412-17084 17087-17086 Important 20412-17084 Important 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-13T01:04:09 <p>Information published.</p> 2.0 2026-01-11T01:02:38 <p>Information published.</p> 4.0 2026-02-24T14:38:38 <p>Information published.</p> 3.0 2026-01-12T14:38:46 <p>Information published.</p> net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39766 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Important 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-13T01:04:14 <p>Information published.</p> 4.0 2026-02-24T14:38:45 <p>Information published.</p> 2.0 2026-01-11T01:02:48 <p>Information published.</p> 3.0 2026-01-12T14:38:56 <p>Information published.</p> bus: mhi: host: Detect events pointing to unexpected TREs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39790 Double Free 20412-17084 17087-17086 20412-17084 17087-17086 Important 20412-17084 Important 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 1.0 2025-09-13T01:04:20 <p>Information published.</p> 3.0 2026-01-19T14:37:37 <p>Information published.</p> 2.0 2026-01-18T01:02:38 <p>Information published.</p> 4.0 2026-01-21T01:42:25 <p>Information published.</p> 4.1 2026-02-18T01:41:47 <p>Information published.</p> x86/vmscape: Add conditional IBPB mitigation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40300 20412-17084 20553-17084 17087-17086 20412-17084 20553-17084 17087-17086 Moderate 20412-17084 Moderate 20553-17084 Moderate 17087-17086 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 20412-17084 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-13T01:04:26 <p>Information published.</p> 4.0 2026-02-24T14:41:44 <p>Information published.</p> 2.0 2026-01-18T01:04:38 <p>Information published.</p> 3.0 2026-01-20T14:48:17 <p>Information published.</p> drm/hisilicon/hibmc: fix the hibmc loaded failed bug <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39772 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-13T01:04:31 <p>Information published.</p> 3.0 2026-01-20T14:46:21 <p>Information published.</p> 4.0 2026-02-24T14:39:14 <p>Information published.</p> 2.0 2026-01-18T01:02:03 <p>Information published.</p> btrfs: do not allow relocation of partially dropped subvolumes <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39738 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Important 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-13T01:04:36 <p>Information published.</p> 2.0 2026-01-11T01:02:07 <p>Information published.</p> 3.0 2026-01-12T14:38:22 <p>Information published.</p> 4.0 2026-02-24T14:38:16 <p>Information published.</p> mm/debug_vm_pgtable: clear page table entries at destroy_args() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39776 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Important 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-13T01:04:42 <p>Information published.</p> 4.0 2026-02-24T14:39:33 <p>Information published.</p> 2.0 2026-01-18T01:02:13 <p>Information published.</p> 3.0 2026-01-19T14:37:18 <p>Information published.</p> mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39737 20412-17084 20412-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-13T01:04:47 <p>Information published.</p> rcu: Fix rcu_read_unlock() deadloop due to IRQ work <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39744 20412-17084 21093-17086 17087-17086 20925-17086 20412-17084 21093-17086 17087-17086 20925-17086 Moderate 20412-17084 Moderate 21093-17086 Moderate 17087-17086 Moderate 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-13T01:04:53 <p>Information published.</p> 3.0 2026-03-03T14:52:49 <p>Information published.</p> 2.0 2025-11-27T01:02:33 <p>Information published.</p> 4.0 2026-03-31T15:04:47 <p>Information published.</p> Out of bounds read for cookie path <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner curl Yes CVE-2025-9086 19252-17084 20047-17086 19799-17086 20439-17086 20416-17084 19721-17086 19668-17086 20440-17084 20425-17084 20424-17084 17667-17084 20529-17086 20562-17084 20692-17086 20869-17084 20870-17086 20871-17086 19570-17086 17183-17086 20542-17086 20563-17084 20872-17084 19252-17084 20047-17086 19799-17086 20439-17086 20416-17084 19721-17086 19668-17086 20440-17084 20425-17084 20424-17084 17667-17084 20529-17086 20562-17084 20692-17086 20869-17084 20870-17086 20871-17086 19570-17086 17183-17086 20542-17086 20563-17084 20872-17084 Moderate 19252-17084 Moderate 20047-17086 Moderate 19799-17086 20439-17086 Moderate 20416-17084 19721-17086 Moderate 19668-17086 Moderate 20440-17084 Moderate 20425-17084 Moderate 20424-17084 Moderate 17667-17084 Moderate 20529-17086 Moderate 20562-17084 Moderate 20692-17086 Moderate 20869-17084 Moderate 20870-17086 Moderate 20871-17086 Moderate 19570-17086 Moderate 17183-17086 Moderate 20542-17086 Moderate 20563-17084 Moderate 20872-17084 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 19252-17084 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 20047-17086 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 19799-17086 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 20439-17086 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 20416-17084 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 19721-17086 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 19668-17086 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 20440-17084 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 20425-17084 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 20424-17084 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 17667-17084 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 20529-17086 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 20562-17084 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 20692-17086 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 20869-17084 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 20870-17086 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 20871-17086 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 19570-17086 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 17183-17086 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 20542-17086 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 20563-17084 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U 20872-17084 1.0 2025-09-13T01:05:35 <p>Information published.</p> 3.0 2026-02-18T02:38:38 <p>Information published.</p> 2.0 2025-12-06T14:37:40 <p>Information published.</p> 2.1 2026-02-18T01:49:09 <p>Information published.</p> Malicious Key Exchange Messages may Lead to Excessive Resource Consumption <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner EEF Yes CVE-2025-48040 Uncontrolled Resource Consumption 20323-17086 20325-17084 20541-17086 20323-17086 20325-17084 20541-17086 Moderate 20323-17086 Moderate 20325-17084 Moderate 20541-17086 5.3 4.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20323-17086 5.3 4.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20541-17086 CBL-Mariner Releases 20323-17086 No Security Update 25.3.2.21-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20323-17086 CBL-Mariner Releases CBL-Mariner Releases 20325-17084 No Security Update 26.2.5.15-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20325-17084 CBL-Mariner Releases CBL-Mariner Releases 20541-17086 No Security Update 25.3.2.21-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20541-17086 CBL-Mariner Releases 1.0 2025-09-13T01:06:10 <p>Information published.</p> fs/smb: Fix inconsistent refcnt update <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39819 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 4.0 2026-02-18T14:56:52 <p>Information published.</p> 1.0 2025-09-20T01:07:49 <p>Information published.</p> 2.0 2026-01-18T01:03:18 <p>Information published.</p> 3.0 2026-01-20T14:47:25 <p>Information published.</p> ftrace: Fix potential warning in trace_printk_seq during ftrace_dump <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39813 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 4.0 2026-02-24T14:40:38 <p>Information published.</p> 1.0 2025-09-20T01:07:59 <p>Information published.</p> 2.0 2026-01-18T01:03:08 <p>Information published.</p> 3.0 2026-01-19T14:37:52 <p>Information published.</p> smb: client: fix race with concurrent opens in rename(2) <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39825 20412-17084 17087-17086 20412-17084 17087-17086 Important 20412-17084 Moderate 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-20T01:08:04 <p>Information published.</p> 4.0 2026-02-18T14:57:42 <p>Information published.</p> 2.0 2026-01-18T01:03:33 <p>Information published.</p> 3.0 2026-01-20T14:47:36 <p>Information published.</p> atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39828 20412-17084 17087-17086 20412-17084 17087-17086 Important 20412-17084 Important 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-20T01:08:15 <p>Information published.</p> 3.0 2026-01-19T14:38:22 <p>Information published.</p> 2.0 2026-01-18T01:03:48 <p>Information published.</p> 4.0 2026-01-21T01:42:47 <p>Information published.</p> net: rose: include node references in rose_neigh refcount <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39827 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-20T01:08:20 <p>Information published.</p> 3.0 2026-01-19T14:38:17 <p>Information published.</p> 4.0 2026-02-18T14:58:07 <p>Information published.</p> 2.0 2026-01-18T01:03:43 <p>Information published.</p> trace/fgraph: Fix the warning caused by missing unregister notifier <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39829 20925-17086 21093-17086 20412-17084 17087-17086 20925-17086 21093-17086 20412-17084 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-09-20T01:08:31 <p>Information published.</p> 3.0 2026-03-03T14:58:41 <p>Information published.</p> 4.0 2026-03-31T15:09:30 <p>Information published.</p> 2.0 2025-12-04T01:01:45 <p>Information published.</p> net: macb: fix unregister_netdev call order in macb_remove() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39805 20613-17084 20725-17084 20412-17084 20553-17084 20613-17084 20725-17084 20412-17084 20553-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 1.0 2025-09-20T01:08:37 <p>Information published.</p> 2.0 2025-12-07T01:51:25 <p>Information published.</p> 3.0 2026-01-07T14:35:45 <p>Information published.</p> HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39808 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 3.0 2026-01-20T14:47:02 <p>Information published.</p> 4.0 2026-02-24T14:40:23 <p>Information published.</p> 1.0 2025-09-20T01:08:47 <p>Information published.</p> 2.0 2026-01-18T01:02:58 <p>Information published.</p> sctp: initialize more fields in sctp_v6_from_sk() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39812 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-20T01:08:53 <p>Information published.</p> 3.0 2026-01-20T14:47:14 <p>Information published.</p> 2.0 2026-01-18T01:03:03 <p>Information published.</p> 4.0 2026-02-24T14:40:30 <p>Information published.</p> mISDN: hfcpci: Fix warning when deleting uninitialized timer <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39833 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 21332-17084 20412-17084 17087-17086 21308-17084 21344-17084 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 21332-17084 20412-17084 17087-17086 21308-17084 21344-17084 Important 20553-17084 Important 20613-17084 Important 20725-17084 Important 20788-17084 Important 20823-17084 Important 20860-17084 Moderate 20925-17086 Important 20956-17084 Important 21094-17084 Moderate 21093-17086 Important 21248-17084 Important 21332-17084 Important 20412-17084 Moderate 17087-17086 Important 21308-17084 Important 21344-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20823-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20956-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21248-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21332-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21308-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21344-17084 1.0 2025-09-20T01:08:58 <p>Information published.</p> 2.0 2025-12-05T01:02:56 <p>Information published.</p> 3.0 2025-12-07T01:51:31 <p>Information published.</p> 5.0 2026-01-20T14:42:17 <p>Information published.</p> 6.0 2026-02-18T02:39:22 <p>Information published.</p> 7.0 2026-03-03T15:01:02 <p>Information published.</p> 8.0 2026-03-04T14:38:50 <p>Information published.</p> 9.0 2026-03-31T14:57:45 <p>Information published.</p> 12.0 2026-05-11T01:38:25 <p>Information published.</p> 4.0 2026-01-08T14:47:32 <p>Information published.</p> 10.0 2026-04-29T14:42:54 <p>Information published.</p> 11.0 2026-05-06T14:38:09 <p>Information published.</p> 13.0 2026-05-17T14:39:04 <p>Information published.</p> KVM: x86: use array_index_nospec with indices that come from guest <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39823 Improper Validation of Array Index 20412-17084 17087-17086 20412-17084 17087-17086 Important 20412-17084 Important 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-20T01:09:03 <p>Information published.</p> 2.0 2026-01-18T01:03:23 <p>Information published.</p> 3.0 2026-01-19T14:38:02 <p>Information published.</p> 4.0 2026-02-24T14:40:54 <p>Information published.</p> HID: asus: fix UAF via HID_CLAIMED_INPUT validation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39824 20412-17084 17087-17086 20412-17084 17087-17086 Important 20412-17084 Important 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-20T01:09:08 <p>Information published.</p> 3.0 2026-01-19T14:38:07 <p>Information published.</p> 2.0 2026-01-18T01:03:28 <p>Information published.</p> 4.0 2026-02-24T14:41:01 <p>Information published.</p> batman-adv: fix OOB read/write in network-coding decode <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39839 20553-17084 17087-17086 20412-17084 20553-17084 17087-17086 20412-17084 Moderate 20553-17084 Important 17087-17086 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 2.0 2026-01-21T01:03:23 <p>Information published.</p> 3.0 2026-02-24T14:41:52 <p>Information published.</p> 1.0 2025-09-21T01:01:18 <p>Information published.</p> i40e: Fix potential invalid access when MAC list is empty <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39853 17087-17086 20412-17084 20553-17084 17087-17086 20412-17084 20553-17084 Important 17087-17086 Important 20412-17084 Important 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 2.0 2026-01-21T01:04:23 <p>Information published.</p> 3.0 2026-02-24T14:42:30 <p>Information published.</p> 1.0 2025-09-21T01:01:34 <p>Information published.</p> ocfs2: prevent release journal inode after journal shutdown <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39842 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-09-21T01:01:44 <p>Information published.</p> scsi: lpfc: Fix buffer free/clear order in deferred receive path <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39841 17087-17086 20412-17084 20553-17084 17087-17086 20412-17084 20553-17084 Important 17087-17086 Important 20412-17084 Important 20553-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 2.0 2026-01-21T01:03:31 <p>Information published.</p> 1.0 2025-09-21T01:02:00 <p>Information published.</p> 3.0 2026-02-24T14:41:59 <p>Information published.</p> ppp: fix memory leak in pad_compress_skb <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39847 17087-17086 20412-17084 20553-17084 17087-17086 20412-17084 20553-17084 Moderate 17087-17086 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 2.0 2026-01-21T01:04:06 <p>Information published.</p> 3.0 2026-02-24T14:42:23 <p>Information published.</p> 1.0 2025-09-21T01:02:26 <p>Information published.</p> wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39863 20925-17086 21093-17086 20412-17084 20553-17084 17087-17086 20925-17086 21093-17086 20412-17084 20553-17084 17087-17086 Important 20925-17086 Important 21093-17086 Important 20412-17084 Important 20553-17084 Important 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 2.0 2025-12-14T14:02:30 <p>Information published.</p> 4.0 2026-03-03T14:41:28 <p>Information published.</p> 5.0 2026-03-31T14:46:14 <p>Information published.</p> 1.0 2025-09-21T01:02:41 <p>Information published.</p> 3.0 2025-12-15T14:36:24 <p>Information published.</p> vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39850 NULL Pointer Dereference 20613-17084 20725-17084 17087-17086 20823-17084 20925-17086 21093-17086 21248-17084 21332-17084 20412-17084 20553-17084 20788-17084 20860-17084 20956-17084 21094-17084 21308-17084 21344-17084 20613-17084 20725-17084 17087-17086 20823-17084 20925-17086 21093-17086 21248-17084 21332-17084 20412-17084 20553-17084 20788-17084 20860-17084 20956-17084 21094-17084 21308-17084 21344-17084 Important 20613-17084 Important 20725-17084 Moderate 17087-17086 Important 20823-17084 Moderate 20925-17086 Moderate 21093-17086 Important 21248-17084 Important 21332-17084 Important 20412-17084 Important 20553-17084 Important 20788-17084 Important 20860-17084 Important 20956-17084 Important 21094-17084 Important 21308-17084 Important 21344-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20823-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20925-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21093-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21248-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21332-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20956-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21094-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21308-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21344-17084 2.0 2025-12-07T01:35:29 <p>Information published.</p> 4.0 2025-12-16T01:38:07 <p>Information published.</p> 5.0 2026-01-08T14:48:06 <p>Information published.</p> 7.0 2026-02-18T02:51:17 <p>Information published.</p> 8.0 2026-03-03T14:40:52 <p>Information published.</p> 11.0 2026-04-29T14:43:49 <p>Information published.</p> 12.0 2026-05-06T14:38:45 <p>Information published.</p> 13.0 2026-05-11T01:39:02 <p>Information published.</p> 1.0 2025-09-21T01:02:47 <p>Information published.</p> 3.0 2025-12-14T14:02:15 <p>Information published.</p> 6.0 2026-01-20T14:43:00 <p>Information published.</p> 9.0 2026-03-04T14:39:18 <p>Information published.</p> 10.0 2026-03-31T15:05:16 <p>Information published.</p> 14.0 2026-05-17T14:39:44 <p>Information published.</p> ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39859 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20956-17084 21248-17084 21332-17084 20412-17084 17087-17086 21094-17084 21308-17084 21344-17084 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20956-17084 21248-17084 21332-17084 20412-17084 17087-17086 21094-17084 21308-17084 21344-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21248-17084 Moderate 21332-17084 Moderate 20412-17084 Important 17087-17086 Moderate 21094-17084 Moderate 21308-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-12-07T01:35:40 <p>Information published.</p> 3.0 2025-12-14T14:02:25 <p>Information published.</p> 6.0 2026-01-08T14:48:15 <p>Information published.</p> 7.0 2026-01-20T14:43:11 <p>Information published.</p> 10.0 2026-03-31T15:05:42 <p>Information published.</p> 11.0 2026-04-29T14:44:02 <p>Information published.</p> 1.0 2025-09-21T01:02:52 <p>Information published.</p> 4.0 2025-12-15T14:36:19 <p>Information published.</p> 5.0 2025-12-16T01:38:18 <p>Information published.</p> 8.0 2026-02-18T02:51:57 <p>Information published.</p> 9.0 2026-03-04T14:39:26 <p>Information published.</p> 12.0 2026-05-06T14:38:53 <p>Information published.</p> 13.0 2026-05-11T01:39:11 <p>Information published.</p> 14.0 2026-05-17T14:39:54 <p>Information published.</p> Bluetooth: vhci: Prevent use-after-free by removing debugfs files early <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39861 20553-17084 20412-17084 20553-17084 20412-17084 Important 20553-17084 Important 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-09-21T01:02:57 <p>Information published.</p> wifi: cfg80211: fix use-after-free in cmp_bss() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39864 Use After Free 20412-17084 20553-17084 20412-17084 20553-17084 Important 20412-17084 Important 20553-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-09-21T01:03:02 <p>Information published.</p> fs: writeback: fix use-after-free in __mark_inode_dirty() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39866 20412-17084 20553-17084 20412-17084 20553-17084 Important 20412-17084 Important 20553-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-09-21T01:03:07 <p>Information published.</p> pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39846 17087-17086 20412-17084 20553-17084 17087-17086 20412-17084 20553-17084 Moderate 17087-17086 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 2.0 2026-01-21T01:03:58 <p>Information published.</p> 1.0 2025-09-21T01:03:30 <p>Information published.</p> 3.0 2026-02-18T14:29:08 <p>Information published.</p> REXML has a DoS condition when parsing malformed XML file <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-58767 Uncontrolled Resource Consumption 20631-17084 20629-17084 21312-17084 20244-17084 17652-17084 20392-17086 20884-17084 20631-17084 20629-17084 21312-17084 20244-17084 17652-17084 20392-17086 20884-17084 Low 20631-17084 Low 20629-17084 Low 21312-17084 Low 20244-17084 Low 17652-17084 Low 20392-17086 Low 20884-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20631-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20629-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21312-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20244-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17652-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20392-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20884-17084 CBL-Mariner Releases 20629-17084 17652-17084 No Security Update 3.3.9-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20629-17084 17652-17084 CBL-Mariner Releases 1.0 2025-09-21T01:04:06 <p>Information published.</p> 2.0 2026-02-18T14:30:26 <p>Information published.</p> 3.0 2026-05-06T14:39:02 <p>Information published.</p> Kata Containers coco-tdx malicious host can circumvent initdata verification <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-58354 Improper Check for Unusual or Exceptional Conditions 20449-17084 20421-17084 20394-17086 20712-17084 20393-17086 20449-17084 20421-17084 20394-17086 20712-17084 20393-17086 Moderate 20449-17084 Moderate 20421-17084 Moderate 20394-17086 Moderate 20712-17084 Moderate 20393-17086 1.0 2025-09-25T01:02:04 <p>Information published.</p> 2.0 2025-12-07T01:35:50 <p>Information published.</p> 3.0 2026-01-13T01:39:34 <p>Information published.</p> Fallback tar extraction in pip doesn't check symbolic links point to extraction directory <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner PSF Yes CVE-2025-8869 20043-17084 20561-17084 20043-17084 20561-17084 Moderate 20043-17084 Moderate 20561-17084 CBL-Mariner Releases 20043-17084 20561-17084 No Security Update 24.2-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20043-17084 20561-17084 CBL-Mariner Releases 1.0 2025-09-27T01:02:56 <p>Information published.</p> Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-59362 Encoding Error 20164-17084 20164-17084 Important 20164-17084 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N 20164-17084 CBL-Mariner Releases 20164-17084 No Security Update 6.13-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20164-17084 CBL-Mariner Releases 1.0 2025-09-28T01:02:19 <p>Information published.</p> Glib-networking: uninitialized memory dereferences on glib-networking through glib-networking/tls/openssl/gtlsbio.c via g_tls_bio_new_from_iostream() and g_tls_bio_new_from_datagram_based() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-60019 NULL Pointer Dereference 20464-17086 20465-17084 20464-17086 20465-17084 Low 20464-17086 Low 20465-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 20464-17086 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 20465-17084 1.0 2025-09-29T01:01:23 <p>Information published.</p> In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-46148 19949-17086 19407-17084 19949-17086 19407-17084 Moderate 19949-17086 Moderate 19407-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19949-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19407-17084 1.0 2025-09-29T01:01:59 <p>Information published.</p> Timing side-channel in SM2 algorithm on 64 bit ARM <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openssl Yes CVE-2025-9231 Covert Timing Channel 20467-17084 20435-17084 19805-17086 20822-17084 20744-17084 20864-17084 20865-17084 20467-17084 20435-17084 19805-17086 20822-17084 20744-17084 20864-17084 20865-17084 Moderate 20467-17084 Moderate 20435-17084 Moderate 19805-17086 Moderate 20822-17084 Moderate 20744-17084 Moderate 20864-17084 Moderate 20865-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 20467-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 20435-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 19805-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 20822-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 20744-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 20864-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 20865-17084 2.0 2026-01-20T01:01:32 <p>Information published.</p> 3.0 2026-01-20T14:49:03 <p>Information published.</p> 1.0 2025-10-02T01:05:45 <p>Information published.</p> 4.0 2026-02-21T03:27:44 <p>Information published.</p> An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-55551 19407-17084 19949-17086 20729-17084 20799-17084 20938-17086 21103-17086 21262-17084 20694-17086 20906-17084 20874-17086 20972-17084 19407-17084 19949-17086 20729-17084 20799-17084 20938-17086 21103-17086 21262-17084 20694-17086 20906-17084 20874-17086 20972-17084 Important 19407-17084 Important 19949-17086 Important 20729-17084 Important 20799-17084 Low 20938-17086 Low 21103-17086 Low 21262-17084 Important 20694-17086 Low 20906-17084 Low 20874-17086 Low 20972-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19407-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19949-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20729-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20799-17084 2.5 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 20938-17086 2.5 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 21103-17086 2.5 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 21262-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20694-17086 2.5 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 20906-17084 2.5 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 20874-17086 2.5 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 20972-17084 1.0 2025-10-05T01:01:25 <p>Information published.</p> 2.0 2025-12-06T14:37:56 <p>Information published.</p> 3.0 2025-12-07T01:37:15 <p>Information published.</p> 4.0 2026-01-08T14:48:48 <p>Information published.</p> 6.0 2026-03-03T14:57:06 <p>Information published.</p> 8.0 2026-03-31T15:18:19 <p>Information published.</p> 5.0 2026-02-19T01:37:21 <p>Information published.</p> 7.0 2026-03-04T14:39:56 <p>Information published.</p> 9.0 2026-04-29T14:44:56 <p>Information published.</p> pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-55552 Integer Overflow or Wraparound 19407-17084 19949-17086 20729-17084 20694-17086 19407-17084 19949-17086 20729-17084 20694-17086 Moderate 19407-17084 Important 19949-17086 Moderate 20729-17084 Important 20694-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19407-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19949-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20729-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 20694-17086 CBL-Mariner Releases 19407-17084 20729-17084 No Security Update 2.2.2-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19407-17084 20729-17084 CBL-Mariner Releases CBL-Mariner Releases 19949-17086 20694-17086 No Security Update 2.0.0-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19949-17086 20694-17086 CBL-Mariner Releases 1.0 2025-10-05T01:01:33 <p>Information published.</p> 5.0 2025-12-07T01:37:33 <p>Information published.</p> 2.0 2025-12-05T01:35:57 <p>Information published.</p> 3.0 2025-12-05T14:35:05 <p>Information published.</p> 4.0 2025-12-06T14:38:02 <p>Information published.</p> ext4: avoid deadlock in fs reclaim with page writeback Mariner Linux Yes CVE-2023-53149 Improper Locking 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 1.0 2025-11-27T01:01:32 <p>Information published.</p> 3.0 2026-03-31T15:03:37 <p>Information published.</p> 2.0 2026-03-03T14:50:47 <p>Information published.</p> btrfs: fix use-after-free of new block group that became unused Mariner Linux Yes CVE-2023-53187 Use After Free 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 Important 20925-17086 Important 21093-17086 Important 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 2.0 2026-03-03T14:57:07 <p>Information published.</p> 1.0 2025-12-03T01:02:04 <p>Information published.</p> 3.0 2026-03-31T15:08:03 <p>Information published.</p> kprobes: Fix check for probe enabled in kill_kprobe() Mariner Linux Yes CVE-2022-50266 NULL Pointer Dereference 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 2.0 2026-03-03T14:57:49 <p>Information published.</p> 3.0 2026-03-31T15:08:48 <p>Information published.</p> 1.0 2025-12-04T01:01:24 <p>Information published.</p> rxrpc: Make it so that a waiting process can be aborted Mariner Linux Yes CVE-2023-53218 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 Important 20925-17086 Important 21093-17086 Important 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 3.0 2026-03-31T15:09:51 <p>Information published.</p> 1.0 2025-12-05T01:02:06 <p>Information published.</p> 2.0 2026-03-03T14:58:59 <p>Information published.</p> bpf: Fix memleak due to fentry attach failure Mariner Linux Yes CVE-2023-53221 Missing Release of Memory after Effective Lifetime 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 Moderate 21093-17086 Moderate 17087-17086 Moderate 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 2.0 2026-03-03T14:59:17 <p>Information published.</p> 1.0 2025-12-05T01:02:12 <p>Information published.</p> 3.0 2026-03-31T15:10:13 <p>Information published.</p> xsk: check IFF_UP earlier in Tx path Mariner Linux Yes CVE-2023-53240 NULL Pointer Dereference 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 2.0 2026-03-03T14:59:34 <p>Information published.</p> 3.0 2026-03-31T15:10:35 <p>Information published.</p> 1.0 2025-12-05T01:02:17 <p>Information published.</p> btrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand Mariner Linux Yes CVE-2023-53247 Reachable Assertion 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 2.0 2026-03-03T14:59:51 <p>Information published.</p> 1.0 2025-12-05T01:02:23 <p>Information published.</p> 3.0 2026-03-31T15:10:58 <p>Information published.</p> drm/amdkfd: Fix double release compute pasid Mariner Linux Yes CVE-2022-50303 Double Free 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 17087-17086 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 20925-17086 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 21093-17086 1.0 2025-12-06T01:01:22 <p>Information published.</p> 2.0 2026-03-03T15:01:49 <p>Information published.</p> 3.0 2026-03-31T15:13:30 <p>Information published.</p> erofs: Fix detection of atomic context Mariner Linux Yes CVE-2023-53231 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-12-06T01:01:38 <p>Information published.</p> 2.0 2025-12-09T01:38:28 <p>Information published.</p> ext2/dax: Fix ext2_setsize when len is page aligned Mariner Linux Yes CVE-2023-53323 Reachable Assertion 20925-17086 17087-17086 21093-17086 20925-17086 17087-17086 21093-17086 Moderate 20925-17086 Moderate 17087-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 2.0 2026-03-03T15:03:43 <p>Information published.</p> 3.0 2026-03-31T14:37:19 <p>Information published.</p> 1.0 2025-12-12T01:01:27 <p>Information published.</p> genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask() Mariner Linux Yes CVE-2023-53332 NULL Pointer Dereference 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 1.0 2025-12-12T01:01:33 <p>Information published.</p> 2.0 2026-03-03T15:04:01 <p>Information published.</p> 3.0 2026-03-31T14:37:49 <p>Information published.</p> iomap: iomap: fix memory corruption when recording errors during writeback Mariner Linux Yes CVE-2022-50406 Out-of-bounds Write 17087-17086 17087-17086 Important 17087-17086 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 17087-17086 1.0 2025-12-12T01:01:43 <p>Information published.</p> 2.0 2025-12-16T01:36:42 <p>Information published.</p> crypto: hisilicon/qm - increase the memory of local variables Mariner Linux Yes CVE-2022-50407 Uncontrolled Recursion 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 17087-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20925-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21093-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 2.0 2026-03-03T15:04:25 <p>Information published.</p> 3.0 2026-03-31T14:38:13 <p>Information published.</p> 1.0 2025-12-12T01:01:49 <p>Information published.</p> net/mlx5: Handle pairing of E-switch via uplink un/load APIs Mariner Linux Yes CVE-2023-53347 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20925-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21093-17086 2.0 2026-03-03T15:04:33 <p>Information published.</p> 3.0 2026-03-31T14:38:37 <p>Information published.</p> 1.0 2025-12-12T01:01:54 <p>Information published.</p> btrfs: fix deadlock when aborting transaction during relocation with scrub Mariner Linux Yes CVE-2023-53348 Improper Locking 20925-17086 17087-17086 21093-17086 20925-17086 17087-17086 21093-17086 Moderate 20925-17086 Moderate 17087-17086 Moderate 21093-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20925-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21093-17086 2.0 2026-03-03T15:04:40 <p>Information published.</p> 3.0 2026-03-31T14:39:00 <p>Information published.</p> 1.0 2025-12-12T01:01:59 <p>Information published.</p> USB: ULPI: fix memory leak with using debugfs_lookup() Mariner Linux Yes CVE-2023-53410 Missing Release of Memory after Effective Lifetime 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-12-12T01:02:16 <p>Information published.</p> 2.0 2025-12-16T01:36:48 <p>Information published.</p> staging: pi433: fix memory leak with using debugfs_lookup() Mariner Linux Yes CVE-2023-53355 Missing Release of Memory after Effective Lifetime 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20925-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21093-17086 2.0 2026-03-03T14:36:22 <p>Information published.</p> 3.0 2026-03-31T14:39:50 <p>Information published.</p> 1.0 2025-12-12T01:02:10 <p>Information published.</p> blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats() Mariner Linux Yes CVE-2023-53421 NULL Pointer Dereference 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 3.0 2026-03-31T14:40:11 <p>Information published.</p> 1.0 2025-12-12T01:02:21 <p>Information published.</p> 2.0 2026-03-03T14:36:41 <p>Information published.</p> btrfs: don't check PageError in __extent_writepage Mariner Linux Yes CVE-2023-53429 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 1.0 2025-12-12T01:02:32 <p>Information published.</p> 2.0 2026-03-03T14:37:23 <p>Information published.</p> 3.0 2026-03-31T14:40:59 <p>Information published.</p> irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 Mariner Linux Yes CVE-2023-53383 20925-17086 17087-17086 21093-17086 20925-17086 17087-17086 21093-17086 Moderate 20925-17086 Moderate 17087-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 1.0 2025-12-13T01:01:29 <p>Information published.</p> 2.0 2026-03-03T14:38:37 <p>Information published.</p> 3.0 2026-03-31T14:42:37 <p>Information published.</p> scsi: ufs: core: Fix device management cmd timeout flow Mariner Linux Yes CVE-2023-53387 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-12-13T01:01:35 <p>Information published.</p> 2.0 2025-12-16T01:37:11 <p>Information published.</p> drm/amdgpu: fix memory leak in mes self test Mariner Linux Yes CVE-2023-53370 Missing Release of Memory after Effective Lifetime 17087-17086 21093-17086 20925-17086 17087-17086 21093-17086 20925-17086 Moderate 17087-17086 Moderate 21093-17086 Moderate 20925-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21093-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20925-17086 1.0 2025-12-14T14:01:41 <p>Information published.</p> 2.0 2025-12-16T01:37:37 <p>Information published.</p> 3.0 2026-03-03T14:40:02 <p>Information published.</p> 4.0 2026-03-31T14:44:52 <p>Information published.</p> media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar Mariner Linux Yes CVE-2025-38693 NULL Pointer Dereference 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 3.0 2026-02-24T14:37:46 <p>Information published.</p> 1.0 2026-01-11T01:01:43 <p>Information published.</p> 2.0 2026-01-12T14:38:17 <p>Information published.</p> predictable WebSocket mask <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner curl Yes CVE-2025-10148 19252-17084 20425-17084 20424-17084 17667-17084 20542-17086 20562-17084 19799-17086 20439-17086 20416-17084 19721-17086 20440-17084 19570-17086 17183-17086 20563-17084 19252-17084 20425-17084 20424-17084 17667-17084 20542-17086 20562-17084 19799-17086 20439-17086 20416-17084 19721-17086 20440-17084 19570-17086 17183-17086 20563-17084 Moderate 19252-17084 Moderate 20425-17084 Moderate 20424-17084 Moderate 17667-17084 Moderate 20542-17086 Moderate 20562-17084 Moderate 19799-17086 20439-17086 Moderate 20416-17084 19721-17086 Moderate 20440-17084 Moderate 19570-17086 Moderate 17183-17086 Moderate 20563-17084 6.5 6.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U 19252-17084 6.5 6.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U 20425-17084 6.5 6.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U 20424-17084 6.5 6.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U 17667-17084 6.5 6.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U 20542-17086 6.5 6.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U 20562-17084 6.5 6.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U 19799-17086 6.5 6.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U 20439-17086 6.5 6.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U 20416-17084 6.5 6.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U 19721-17086 6.5 6.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U 20440-17084 6.5 6.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U 19570-17086 6.5 6.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U 17183-17086 6.5 6.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U 20563-17084 CBL-Mariner Releases 19252-17084 20562-17084 No Security Update 8.11.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19252-17084 20562-17084 CBL-Mariner Releases CBL-Mariner Releases 20542-17086 19799-17086 No Security Update 8.8.0-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20542-17086 19799-17086 CBL-Mariner Releases CBL-Mariner Releases 20416-17084 20563-17084 No Security Update 3.30.3-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20416-17084 20563-17084 CBL-Mariner Releases 1.0 2025-09-11T01:01:33 <p>Information published.</p> 1.1 2026-02-18T01:18:21 <p>Information published.</p> Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-7039 Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;) 19898-17086 20272-17084 20365-17086 20466-17086 20554-17084 19898-17086 20272-17084 20365-17086 20466-17086 20554-17084 19898-17086 Low 20272-17084 20365-17086 Low 20466-17086 Low 20554-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 19898-17086 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 20272-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 20365-17086 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 20466-17086 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 20554-17084 CBL-Mariner Releases 20272-17084 20554-17084 No Security Update 2.78.6-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20272-17084 20554-17084 CBL-Mariner Releases CBL-Mariner Releases 20365-17086 No Security Update 2.71.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20365-17086 CBL-Mariner Releases CBL-Mariner Releases 20466-17086 No Security Update 2.71.0-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20466-17086 CBL-Mariner Releases 1.0 2025-09-05T01:05:05 <p>Information published.</p> iommufd: Prevent ALIGN() overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38688 19683-17084 19683-17084 Important 19683-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 19683-17084 1.0 2025-09-06T01:01:17 <p>Information published.</p> 1.1 2026-02-18T14:11:44 <p>Information published.</p> sctp: linearize cloned gso packets in sctp_rcv <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38718 Use of Uninitialized Resource 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 Important 17087-17086 19683-17084 Moderate 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-06T01:01:23 <p>Information published.</p> 2.0 2026-01-10T01:04:23 <p>Information published.</p> 3.0 2026-02-24T14:37:24 <p>Information published.</p> LoongArch: BPF: Fix jump offset calculation in tailcall <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38723 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-06T01:01:32 <p>Information published.</p> fbdev: Fix vmalloc out-of-bounds write in fast_imageblit <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38685 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 Important 17087-17086 Important 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 2.0 2026-01-10T01:02:46 <p>Information published.</p> 1.0 2025-09-06T01:01:41 <p>Information published.</p> 3.0 2026-02-24T14:36:17 <p>Information published.</p> MIPS: Don't crash in stack_top() for tasks without ABI or vDSO <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38696 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-06T01:01:49 <p>Information published.</p> 2.0 2026-01-11T01:01:52 <p>Information published.</p> 3.0 2026-01-13T01:44:34 <p>Information published.</p> pNFS: Fix uninited ptr deref in block/scsi layout <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38691 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 3.0 2026-01-13T01:44:24 <p>Information published.</p> 1.0 2025-09-06T01:02:01 <p>Information published.</p> 2.0 2026-01-11T01:01:37 <p>Information published.</p> 4.0 2026-02-24T14:37:39 <p>Information published.</p> ALSA: usb-audio: Validate UAC3 power domain descriptors, too <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38729 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 Important 17087-17086 Important 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 2.0 2026-01-10T01:03:07 <p>Information published.</p> 3.0 2026-02-24T14:36:39 <p>Information published.</p> 1.0 2025-09-06T01:02:22 <p>Information published.</p> media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38680 Out-of-bounds Read 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 Important 17087-17086 19683-17084 Low 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 19683-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 2.0 2026-01-10T01:02:26 <p>Information published.</p> 3.0 2026-02-24T14:36:02 <p>Information published.</p> 1.0 2025-09-06T01:02:38 <p>Information published.</p> gfs2: Validate i_depth for exhash directories <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38710 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-09-06T01:03:00 <p>Information published.</p> 3.0 2025-12-03T01:37:29 <p>Information published.</p> 3.1 2026-02-18T14:14:54 <p>Information published.</p> 2.0 2025-11-27T01:01:42 <p>Information published.</p> loop: Avoid updating block size under exclusive owner <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38709 20412-17084 17087-17086 20925-17086 19683-17084 21093-17086 20412-17084 17087-17086 20925-17086 19683-17084 21093-17086 Moderate 20412-17084 Moderate 17087-17086 Moderate 20925-17086 19683-17084 Moderate 21093-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-06T01:03:29 <p>Information published.</p> 2.0 2025-12-05T01:02:51 <p>Information published.</p> 3.0 2026-03-03T15:00:43 <p>Information published.</p> 4.0 2026-03-31T15:12:35 <p>Information published.</p> mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38681 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 Moderate 17087-17086 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-06T01:03:45 <p>Information published.</p> 2.0 2026-01-10T01:02:31 <p>Information published.</p> 3.0 2026-01-13T01:43:09 <p>Information published.</p> scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38695 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 2.0 2026-01-11T01:01:47 <p>Information published.</p> 3.0 2026-01-13T01:44:29 <p>Information published.</p> 1.0 2025-09-06T01:04:14 <p>Information published.</p> 4.0 2026-02-24T14:37:53 <p>Information published.</p> jfs: Regular file corruption check <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38698 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 19683-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-06T01:04:52 <p>Information published.</p> drbd: add missing kref_get in handle_write_conflicts <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38708 Use After Free 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 19683-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-06T01:05:12 <p>Information published.</p> hfs: fix slab-out-of-bounds in hfs_bnode_read() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38715 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 1.0 2025-09-06T01:05:31 <p>Information published.</p> 1.1 2026-02-18T14:17:03 <p>Information published.</p> io_uring/net: commit partial buffers on retry <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38730 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-06T01:05:44 <p>Information published.</p> hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38714 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 Important 17087-17086 Important 20412-17084 9.0 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H/E:U 19683-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 9.0 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H/E:U 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 2.0 2026-01-10T01:04:18 <p>Information published.</p> 3.0 2026-01-13T01:44:09 <p>Information published.</p> 1.0 2025-09-06T01:05:58 <p>Information published.</p> jfs: upper bound check of tree index in dbAllocAG <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38697 19683-17084 19683-17084 Important 19683-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19683-17084 1.0 2025-09-06T01:06:21 <p>Information published.</p> 1.1 2026-02-18T14:18:07 <p>Information published.</p> net/sched: ets: use old 'nbands' while purging unused classes <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38684 17087-17086 19683-17084 17087-17086 19683-17084 Moderate 17087-17086 Important 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 1.0 2025-09-06T01:06:52 <p>Information published.</p> 2.0 2026-01-10T01:02:41 <p>Information published.</p> 3.0 2026-01-13T01:43:16 <p>Information published.</p> 3.1 2026-02-18T14:18:42 <p>Information published.</p> hfs: fix general protection fault in hfs_find_init() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38716 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-06T01:07:12 <p>Information published.</p> 2.0 2025-11-27T01:01:47 <p>Information published.</p> 3.0 2025-12-03T01:37:33 <p>Information published.</p> scsi: bfa: Double-free fix <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38699 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Important 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-06T01:07:53 <p>Information published.</p> 2.0 2026-01-09T01:07:17 <p>Information published.</p> 3.0 2026-02-24T14:45:08 <p>Information published.</p> drm/amd/pm: fix null pointer access <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38705 19683-17084 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 17087-17086 20823-17084 20860-17084 21308-17084 21332-17084 21344-17084 19683-17084 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 17087-17086 20823-17084 20860-17084 21308-17084 21332-17084 21344-17084 19683-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21094-17084 Moderate 21093-17086 Moderate 21248-17084 Moderate 17087-17086 Moderate 20823-17084 Moderate 20860-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 3.0 2025-12-07T01:49:24 <p>Information published.</p> 4.0 2026-01-08T14:45:17 <p>Information published.</p> 5.0 2026-01-20T14:39:42 <p>Information published.</p> 6.0 2026-02-18T01:53:40 <p>Information published.</p> 7.0 2026-03-03T14:49:38 <p>Information published.</p> 9.0 2026-03-31T14:50:03 <p>Information published.</p> 10.0 2026-04-29T14:40:16 <p>Information published.</p> 1.0 2025-09-06T01:08:14 <p>Information published.</p> 2.0 2025-11-26T01:01:44 <p>Information published.</p> 8.0 2026-03-04T14:36:38 <p>Information published.</p> 11.0 2026-05-06T14:52:49 <p>Information published.</p> 12.0 2026-05-11T01:51:09 <p>Information published.</p> 13.0 2026-05-17T14:52:21 <p>Information published.</p> nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38724 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 Important 17087-17086 Moderate 20412-17084 6.8 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 19683-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 6.8 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 2.0 2026-01-10T01:02:51 <p>Information published.</p> 1.0 2025-09-06T01:08:33 <p>Information published.</p> 3.0 2026-02-24T14:36:24 <p>Information published.</p> fbdev: fix potential buffer overflow in do_register_framebuffer() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38702 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Important 20412-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-06T01:08:54 <p>Information published.</p> comedi: fix race between polling and detaching <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38687 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 3.0 2026-01-13T01:44:19 <p>Information published.</p> 1.0 2025-09-06T01:09:14 <p>Information published.</p> 2.0 2026-01-11T01:01:32 <p>Information published.</p> media: venus: Fix OOB read due to missing payload bound check <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38679 20412-17084 17087-17086 20925-17086 21093-17086 19683-17084 20412-17084 17087-17086 20925-17086 21093-17086 19683-17084 Moderate 20412-17084 Important 17087-17086 Important 20925-17086 Important 21093-17086 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20925-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-06T01:09:41 <p>Information published.</p> 2.0 2026-01-10T01:02:21 <p>Information published.</p> 3.0 2026-03-03T14:51:53 <p>Information published.</p> 4.0 2026-03-31T15:07:32 <p>Information published.</p> hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38712 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-06T01:10:07 <p>Information published.</p> netfilter: ctnetlink: fix refcount leak on table dump <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38721 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 Moderate 17087-17086 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-06T01:10:33 <p>Information published.</p> 2.0 2026-01-10T01:04:28 <p>Information published.</p> 3.0 2026-02-24T14:37:31 <p>Information published.</p> smb/server: avoid deadlock when linking with ReplaceIfExists <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38711 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-06T01:10:53 <p>Information published.</p> 2.0 2026-01-10T01:04:13 <p>Information published.</p> 3.0 2026-01-13T01:44:03 <p>Information published.</p> drm/xe: Make dma-fences compliant with the safe access rules <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38703 Use After Free 19683-17084 19683-17084 Important 19683-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 1.0 2025-09-06T01:11:40 <p>Information published.</p> 1.1 2026-02-18T02:01:49 <p>Information published.</p> habanalabs: fix UAF in export_dmabuf() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38722 20613-17084 20725-17084 20823-17084 21094-17084 19683-17084 20412-17084 20553-17084 20788-17084 20860-17084 20956-17084 21248-17084 21308-17084 21332-17084 21344-17084 20613-17084 20725-17084 20823-17084 21094-17084 19683-17084 20412-17084 20553-17084 20788-17084 20860-17084 20956-17084 21248-17084 21308-17084 21332-17084 21344-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 21094-17084 19683-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20788-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21248-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-06T01:11:57 <p>Information published.</p> 2.0 2025-12-07T01:49:31 <p>Information published.</p> 5.0 2026-02-18T02:02:47 <p>Information published.</p> 6.0 2026-03-04T14:36:46 <p>Information published.</p> 7.0 2026-03-31T14:50:28 <p>Information published.</p> 8.0 2026-04-29T14:40:29 <p>Information published.</p> 3.0 2026-01-08T14:45:26 <p>Information published.</p> 4.0 2026-01-20T14:39:52 <p>Information published.</p> 9.0 2026-05-06T14:52:56 <p>Information published.</p> 10.0 2026-05-11T01:51:18 <p>Information published.</p> 11.0 2026-05-17T14:52:31 <p>Information published.</p> exfat: add cluster chain loop check for dir <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38692 19683-17084 17087-17086 19683-17084 17087-17086 Important 19683-17084 Moderate 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 3.0 2025-12-03T01:37:24 <p>Information published.</p> 3.1 2026-02-18T02:03:54 <p>Information published.</p> 1.0 2025-09-06T01:12:22 <p>Information published.</p> 2.0 2025-11-26T01:01:34 <p>Information published.</p> net: kcm: Fix race condition in kcm_unattach() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38717 20613-17084 20725-17084 20788-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 21332-17084 19683-17084 20412-17084 20553-17084 17087-17086 20823-17084 20860-17084 21308-17084 21344-17084 20613-17084 20725-17084 20788-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 21332-17084 19683-17084 20412-17084 20553-17084 17087-17086 20823-17084 20860-17084 21308-17084 21344-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21094-17084 Moderate 21093-17086 Moderate 21248-17084 Moderate 21332-17084 19683-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 17087-17086 Moderate 20823-17084 Moderate 20860-17084 Moderate 21308-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-11-27T01:01:53 <p>Information published.</p> 3.0 2025-12-07T01:49:40 <p>Information published.</p> 5.0 2026-01-20T14:40:03 <p>Information published.</p> 6.0 2026-02-18T02:05:16 <p>Information published.</p> 7.0 2026-03-03T14:51:24 <p>Information published.</p> 8.0 2026-03-04T14:36:54 <p>Information published.</p> 9.0 2026-03-31T14:51:04 <p>Information published.</p> 10.0 2026-04-29T14:40:41 <p>Information published.</p> 12.0 2026-05-11T01:51:27 <p>Information published.</p> 1.0 2025-09-06T01:12:47 <p>Information published.</p> 4.0 2026-01-08T14:45:35 <p>Information published.</p> 11.0 2026-05-06T14:53:04 <p>Information published.</p> 13.0 2026-05-17T14:52:41 <p>Information published.</p> net: usb: asix_devices: add phy_mask for ax88772 mdio bus <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38725 NULL Pointer Dereference 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 2.0 2026-01-10T01:02:56 <p>Information published.</p> 1.0 2025-09-06T01:13:01 <p>Information published.</p> 3.0 2026-02-24T14:36:32 <p>Information published.</p> rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38704 19683-17084 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 20956-17084 21093-17086 20553-17084 17087-17086 19683-17084 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 20956-17084 21093-17086 20553-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21093-17086 Moderate 20553-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 17087-17086 1.0 2025-09-06T01:13:17 <p>Information published.</p> 5.0 2026-01-20T14:40:14 <p>Information published.</p> 7.0 2026-03-03T14:49:21 <p>Information published.</p> 10.0 2026-03-31T15:01:57 <p>Information published.</p> 2.0 2025-11-26T01:01:39 <p>Information published.</p> 3.0 2025-12-07T01:49:49 <p>Information published.</p> 4.0 2026-01-08T14:45:44 <p>Information published.</p> 6.0 2026-02-18T02:07:25 <p>Information published.</p> 8.0 2026-03-04T14:37:02 <p>Information published.</p> 9.0 2026-03-28T14:36:23 <p>Information published.</p> ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38706 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 19683-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-06T01:13:41 <p>Information published.</p> ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38701 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 19683-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-06T01:14:03 <p>Information published.</p> 2.0 2026-01-10T01:04:03 <p>Information published.</p> 3.0 2026-02-24T14:37:17 <p>Information published.</p> hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38713 Out-of-bounds Read 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 19683-17084 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 20412-17084 1.0 2025-09-06T01:14:32 <p>Information published.</p> 1.1 2026-02-18T02:09:36 <p>Information published.</p> scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38700 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 3.0 2026-01-13T01:44:39 <p>Information published.</p> 4.0 2026-02-24T14:38:00 <p>Information published.</p> 1.0 2025-09-06T01:14:54 <p>Information published.</p> 2.0 2026-01-11T01:01:57 <p>Information published.</p> net, hsr: reject HSR frame if skb can't hold tag <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39703 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-07T01:01:27 <p>Information published.</p> 3.0 2026-02-24T14:46:14 <p>Information published.</p> 2.0 2026-01-09T01:10:16 <p>Information published.</p> NFS: Fix a race when updating an existing write <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39697 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 Moderate 17087-17086 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:01:52 <p>Information published.</p> 3.0 2026-02-24T14:46:01 <p>Information published.</p> 2.0 2026-01-09T01:10:06 <p>Information published.</p> media: venus: protect against spurious interrupts during probe <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39709 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 3.0 2026-01-13T01:41:51 <p>Information published.</p> 1.0 2025-09-07T01:02:25 <p>Information published.</p> 2.0 2026-01-09T01:10:25 <p>Information published.</p> s390/ism: fix concurrency management in ism_cmd() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39726 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 Moderate 20412-17084 19683-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 2.0 2025-11-27T01:02:23 <p>Information published.</p> 3.0 2025-12-03T01:37:43 <p>Information published.</p> 1.0 2025-09-07T01:02:57 <p>Information published.</p> comedi: pcl726: Prevent invalid irq number <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39685 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Important 17087-17086 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:03:06 <p>Information published.</p> 2.0 2026-01-09T01:09:41 <p>Information published.</p> 3.0 2026-01-13T01:41:31 <p>Information published.</p> comedi: Make insn_rw_emulate_bits() do insn->n samples <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39686 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Important 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 3.0 2026-01-13T01:41:37 <p>Information published.</p> 1.0 2025-09-07T01:03:14 <p>Information published.</p> 2.0 2026-01-09T01:09:46 <p>Information published.</p> ipv6: sr: Fix MAC comparison to be constant-time <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39702 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Important 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19683-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-07T01:03:29 <p>Information published.</p> 2.0 2026-01-09T01:10:11 <p>Information published.</p> 3.0 2026-02-24T14:46:07 <p>Information published.</p> media: venus: Add a check for packet size after reading from shared memory <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39710 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 Moderate 20412-17084 19683-17084 Important 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:03:46 <p>Information published.</p> 2.0 2026-01-13T01:01:28 <p>Information published.</p> vsock/virtio: Validate length in packet header before skb_put() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39718 Out-of-bounds Write 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:03:56 <p>Information published.</p> gve: prevent ethtool ops after shutdown <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38735 19683-17084 19683-17084 Important 19683-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 1.0 2025-09-07T01:04:11 <p>Information published.</p> 1.1 2026-02-18T02:18:00 <p>Information published.</p> comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39684 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 Moderate 17087-17086 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:04:24 <p>Information published.</p> 2.0 2026-01-09T01:09:36 <p>Information published.</p> 3.0 2026-01-13T01:41:24 <p>Information published.</p> smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39692 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:04:48 <p>Information published.</p> 3.0 2026-01-13T01:41:44 <p>Information published.</p> 2.0 2026-01-09T01:10:01 <p>Information published.</p> serial: 8250: fix panic due to PSLVERR <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39724 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-07T01:05:12 <p>Information published.</p> 2.0 2026-01-13T01:01:37 <p>Information published.</p> 3.0 2026-02-24T14:38:52 <p>Information published.</p> ftrace: Also allocate and copy hash for reading of filter files <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39689 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Important 17087-17086 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 19683-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-07T01:05:43 <p>Information published.</p> 2.0 2026-01-09T01:09:51 <p>Information published.</p> 3.0 2026-02-24T14:45:48 <p>Information published.</p> ksmbd: fix refcount leak causing resource not released <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39720 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 Moderate 20412-17084 19683-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:06:21 <p>Information published.</p> 2.0 2025-11-27T01:02:18 <p>Information published.</p> 3.0 2025-12-03T01:37:38 <p>Information published.</p> media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39711 Use After Free 19683-17084 19683-17084 Important 19683-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 1.0 2025-09-07T01:07:03 <p>Information published.</p> 1.1 2026-02-18T02:22:39 <p>Information published.</p> crypto: qat - flush misc workqueue during device shutdown <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39721 19683-17084 19683-17084 Important 19683-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 1.0 2025-09-07T01:07:41 <p>Information published.</p> 1.1 2026-02-18T02:23:23 <p>Information published.</p> iio: light: as73211: Ensure buffer holes are zeroed <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39687 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:08:07 <p>Information published.</p> s390/sclp: Fix SCCB present check <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39694 19683-17084 19683-17084 Important 19683-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 1.0 2025-09-07T01:08:31 <p>Information published.</p> 1.1 2026-02-18T02:24:38 <p>Information published.</p> drm/amd/display: Avoid a NULL pointer dereference <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39693 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 Moderate 17087-17086 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:08:47 <p>Information published.</p> 2.0 2026-01-09T01:07:51 <p>Information published.</p> 3.0 2026-02-24T14:45:28 <p>Information published.</p> drm/amd/display: fix a Null pointer dereference vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39705 19683-17084 20412-17084 20613-17084 20725-17084 20823-17084 20925-17086 20956-17084 21094-17084 21093-17086 20553-17084 17087-17086 20788-17084 20860-17084 21248-17084 21308-17084 21332-17084 21344-17084 19683-17084 20412-17084 20613-17084 20725-17084 20823-17084 20925-17086 20956-17084 21094-17084 21093-17086 20553-17084 17087-17086 20788-17084 20860-17084 21248-17084 21308-17084 21332-17084 21344-17084 19683-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21094-17084 Moderate 21093-17086 Moderate 20553-17084 Moderate 17087-17086 Moderate 20788-17084 Moderate 20860-17084 Moderate 21248-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-07T01:09:03 <p>Information published.</p> 3.0 2025-12-07T01:49:57 <p>Information published.</p> 4.0 2026-01-08T14:45:52 <p>Information published.</p> 5.0 2026-01-20T14:40:25 <p>Information published.</p> 6.0 2026-02-18T02:26:30 <p>Information published.</p> 7.0 2026-03-03T14:52:17 <p>Information published.</p> 8.0 2026-03-04T14:37:12 <p>Information published.</p> 9.0 2026-03-31T14:51:39 <p>Information published.</p> 12.0 2026-05-11T01:51:36 <p>Information published.</p> 2.0 2025-11-27T01:02:08 <p>Information published.</p> 10.0 2026-04-29T14:40:55 <p>Information published.</p> 11.0 2026-05-06T14:53:09 <p>Information published.</p> 13.0 2026-05-17T14:52:50 <p>Information published.</p> net/sched: Fix backlog accounting in qdisc_dequeue_internal <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39677 20412-17084 20613-17084 17087-17086 20725-17084 20788-17084 20823-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 21332-17084 19683-17084 20553-17084 20860-17084 21308-17084 21344-17084 20412-17084 20613-17084 17087-17086 20725-17084 20788-17084 20823-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 21332-17084 19683-17084 20553-17084 20860-17084 21308-17084 21344-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 17087-17086 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21094-17084 Moderate 21093-17086 Moderate 21248-17084 Moderate 21332-17084 19683-17084 Moderate 20553-17084 Moderate 20860-17084 Moderate 21308-17084 Moderate 21344-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20725-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20788-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20956-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21248-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21332-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20553-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20860-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21308-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21344-17084 1.0 2025-09-07T01:09:12 <p>Information published.</p> 3.0 2025-12-07T01:50:08 <p>Information published.</p> 9.0 2026-03-31T14:52:15 <p>Information published.</p> 10.0 2026-04-29T14:41:07 <p>Information published.</p> 2.0 2025-11-27T01:02:03 <p>Information published.</p> 4.0 2026-01-08T14:46:00 <p>Information published.</p> 5.0 2026-01-20T14:40:34 <p>Information published.</p> 6.0 2026-02-18T02:27:30 <p>Information published.</p> 7.0 2026-03-03T14:51:57 <p>Information published.</p> 8.0 2026-03-04T14:37:22 <p>Information published.</p> 11.0 2026-05-06T14:53:15 <p>Information published.</p> 12.0 2026-05-11T01:51:44 <p>Information published.</p> 13.0 2026-05-17T14:52:59 <p>Information published.</p> drm/amdkfd: Destroy KFD debugfs after destroy KFD wq <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39706 20412-17084 17087-17086 20925-17086 21093-17086 19683-17084 20412-17084 17087-17086 20925-17086 21093-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:09:21 <p>Information published.</p> 3.0 2026-03-03T14:51:36 <p>Information published.</p> 4.0 2026-03-31T15:07:15 <p>Information published.</p> 2.0 2026-01-09T01:10:21 <p>Information published.</p> drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39707 20412-17084 20613-17084 20725-17084 20823-17084 20860-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 19683-17084 20553-17084 17087-17086 20788-17084 21308-17084 21332-17084 21344-17084 20412-17084 20613-17084 20725-17084 20823-17084 20860-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 19683-17084 20553-17084 17087-17086 20788-17084 21308-17084 21332-17084 21344-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21094-17084 Moderate 21093-17086 Moderate 21248-17084 19683-17084 Moderate 20553-17084 Moderate 17087-17086 Moderate 20788-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 3.0 2025-12-07T01:50:17 <p>Information published.</p> 4.0 2026-01-08T14:46:08 <p>Information published.</p> 5.0 2026-01-20T14:40:44 <p>Information published.</p> 7.0 2026-03-03T14:52:33 <p>Information published.</p> 8.0 2026-03-04T14:37:31 <p>Information published.</p> 9.0 2026-03-31T14:52:52 <p>Information published.</p> 10.0 2026-04-29T14:41:19 <p>Information published.</p> 1.0 2025-09-07T01:09:28 <p>Information published.</p> 2.0 2025-11-27T01:02:13 <p>Information published.</p> 6.0 2026-02-18T02:29:02 <p>Information published.</p> 11.0 2026-05-06T14:53:22 <p>Information published.</p> 12.0 2026-05-11T01:51:53 <p>Information published.</p> 13.0 2026-05-17T14:53:09 <p>Information published.</p> net/smc: fix UAF on smcsk after smc_listen_out() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38734 19683-17084 20412-17084 17087-17086 20925-17086 21093-17086 19683-17084 20412-17084 17087-17086 20925-17086 21093-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:09:52 <p>Information published.</p> 2.0 2025-11-27T01:01:58 <p>Information published.</p> 3.0 2026-03-03T14:51:41 <p>Information published.</p> 4.0 2026-03-31T15:04:23 <p>Information published.</p> ACPI: pfr_update: Fix the driver update version check <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39701 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:10:14 <p>Information published.</p> tls: fix handling of zero-length records on the rx_list <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39682 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:10:35 <p>Information published.</p> parisc: Revise gateway LWS calls to probe user read access <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39715 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:11:11 <p>Information published.</p> ppp: fix race conditions in ppp_fill_forward_path <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39673 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 Moderate 17087-17086 Important 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:11:43 <p>Information published.</p> 2.0 2026-01-09T01:07:26 <p>Information published.</p> 3.0 2026-02-24T14:45:14 <p>Information published.</p> drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39675 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:12:13 <p>Information published.</p> 3.0 2026-01-13T01:38:58 <p>Information published.</p> 2.0 2026-01-09T01:07:34 <p>Information published.</p> parisc: Revise __get_user() to probe user read access <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39716 19683-17084 20925-17086 21093-17086 20412-17084 17087-17086 19683-17084 20925-17086 21093-17086 20412-17084 17087-17086 19683-17084 Moderate 20925-17086 Moderate 21093-17086 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 2.0 2026-01-09T01:08:07 <p>Information published.</p> 4.0 2026-03-31T15:06:50 <p>Information published.</p> 1.0 2025-09-07T01:12:43 <p>Information published.</p> 3.0 2026-03-03T14:51:15 <p>Information published.</p> netfilter: nf_reject: don't leak dst refcount for loopback packets <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38732 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 Moderate 17087-17086 19683-17084 Important 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:13:06 <p>Information published.</p> 2.0 2026-01-11T01:02:02 <p>Information published.</p> 3.0 2026-01-13T01:44:43 <p>Information published.</p> 4.0 2026-02-24T14:38:08 <p>Information published.</p> fs/buffer: fix use-after-free when call bh_read() helper <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39691 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Important 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19683-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 2.0 2026-01-09T01:09:56 <p>Information published.</p> 3.0 2026-02-24T14:45:54 <p>Information published.</p> 1.0 2025-09-07T01:13:19 <p>Information published.</p> iio: imu: bno055: fix OOB access of hw_xlate array <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39719 Out-of-bounds Read 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:13:30 <p>Information published.</p> media: usbtv: Lock resolution while streaming <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39714 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 Moderate 20412-17084 19683-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:13:39 <p>Information published.</p> 2.0 2026-01-13T01:01:32 <p>Information published.</p> media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39713 Time-of-check Time-of-use (TOCTOU) Race Condition 19683-17084 17087-17086 19683-17084 17087-17086 Important 19683-17084 Moderate 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-09-07T01:13:46 <p>Information published.</p> 2.0 2026-01-09T01:08:00 <p>Information published.</p> 3.0 2026-01-13T01:39:06 <p>Information published.</p> 3.1 2026-02-18T01:08:06 <p>Information published.</p> drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39679 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:13:53 <p>Information published.</p> scsi: qla4xxx: Prevent a potential error pointer dereference <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39676 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 2.0 2026-01-09T01:07:43 <p>Information published.</p> 1.0 2025-09-07T01:14:07 <p>Information published.</p> 3.0 2026-02-24T14:45:21 <p>Information published.</p> tracing: Limit access to parser->buffer when trace_get_user failed <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39683 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 Important 17087-17086 Important 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19683-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:14:30 <p>Information published.</p> 2.0 2026-01-09T01:09:31 <p>Information published.</p> 3.0 2026-02-24T14:45:41 <p>Information published.</p> net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38736 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-07T01:14:50 <p>Information published.</p> x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39681 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-07T01:15:12 <p>Information published.</p> 3.0 2026-02-24T14:45:34 <p>Information published.</p> 2.0 2026-01-09T01:09:27 <p>Information published.</p> cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-57052 Out-of-bounds Read 19531-17084 19531-17084 Critical 19531-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19531-17084 1.0 2025-09-07T01:15:37 <p>Information published.</p> 1.1 2026-02-18T01:11:12 <p>Information published.</p> Podman: podman kube play command may overwrite host files <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-9566 Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;) 17793-17084 17793-17084 Important 17793-17084 8.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 17793-17084 1.0 2025-09-07T01:16:18 <p>Information published.</p> 1.1 2026-02-18T01:11:52 <p>Information published.</p> Libsoup: improper handling of http vary header in libsoup caching <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-9901 Use of Cache Containing Sensitive Information 20190-17084 20186-17086 20379-17086 20625-17084 20958-17084 21112-17084 21115-17086 20601-17086 20801-17084 20933-17086 21202-17084 20190-17084 20186-17086 20379-17086 20625-17084 20958-17084 21112-17084 21115-17086 20601-17086 20801-17084 20933-17086 21202-17084 Moderate 20190-17084 20186-17086 Moderate 20379-17086 Moderate 20625-17084 Moderate 20958-17084 Moderate 21112-17084 Moderate 21115-17086 Moderate 20601-17086 Moderate 20801-17084 Moderate 20933-17086 Moderate 21202-17084 5.9 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P 20190-17084 5.9 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P 20186-17086 5.9 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P 20379-17086 5.9 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P 20625-17084 5.9 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P 20958-17084 5.9 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P 21112-17084 5.9 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P 21115-17086 5.9 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P 20601-17086 5.9 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P 20801-17084 5.9 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P 20933-17086 5.9 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P 21202-17084 2.0 2026-01-08T14:46:16 <p>Information published.</p> 3.0 2026-03-03T14:39:47 <p>Information published.</p> 1.0 2025-09-07T01:17:16 <p>Information published.</p> 4.0 2026-03-04T14:37:41 <p>Information published.</p> 5.0 2026-03-31T14:53:28 <p>Information published.</p> 6.0 2026-04-14T14:38:32 <p>Information published.</p> JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner CPANSec Yes CVE-2025-40928 20411-17086 20410-17084 20411-17086 20410-17084 Important 20411-17086 Important 20410-17084 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 20411-17086 7.5 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 20410-17084 CBL-Mariner Releases 20411-17086 20410-17084 No Security Update 4.04-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20411-17086 20410-17084 CBL-Mariner Releases 1.0 2025-09-11T01:01:27 <p>Information published.</p> 2.0 2025-11-18T01:36:21 <p>Information published.</p> Libssh: memory exhaustion via repeated key exchange in libssh <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-8277 20111-17086 19623-17084 20418-17084 20628-17084 19574-17086 20532-17086 20695-17086 20111-17086 19623-17084 20418-17084 20628-17084 19574-17086 20532-17086 20695-17086 20111-17086 19623-17084 Low 20418-17084 Low 20628-17084 19574-17086 Low 20532-17086 Low 20695-17086 3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 20111-17086 3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 19623-17084 3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 20418-17084 3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 20628-17084 3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 19574-17086 3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 20532-17086 3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 20695-17086 CBL-Mariner Releases 20418-17084 20628-17084 No Security Update 0.10.6-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20418-17084 20628-17084 CBL-Mariner Releases CBL-Mariner Releases 20532-17086 20695-17086 No Security Update 0.10.6-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20532-17086 20695-17086 CBL-Mariner Releases 1.0 2025-09-11T01:01:43 <p>Information published.</p> 2.0 2025-12-06T14:37:35 <p>Information published.</p> CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-58063 19611-17084 20419-17084 20137-17086 19611-17084 20419-17084 20137-17086 19611-17084 Important 20419-17084 Important 20137-17086 7.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 19611-17084 7.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 20419-17084 7.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 20137-17086 CBL-Mariner Releases 20419-17084 No Security Update 1.11.4-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20419-17084 CBL-Mariner Releases CBL-Mariner Releases 20137-17086 No Security Update 1.11.1-21 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20137-17086 CBL-Mariner Releases 1.0 2025-09-11T01:01:49 <p>Information published.</p> cups has Authentication bypass with AuthType Negotiate <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-58060 Improper Authentication 17722-17084 19950-17086 17722-17084 19950-17086 Important 17722-17084 Important 19950-17086 8.0 7.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H/E:P 17722-17084 8.0 7.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H/E:P 19950-17086 CBL-Mariner Releases 17722-17084 No Security Update 2.4.13-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17722-17084 CBL-Mariner Releases CBL-Mariner Releases 19950-17086 No Security Update 2.3.3op2-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19950-17086 CBL-Mariner Releases 1.0 2025-09-12T01:08:34 <p>Information published.</p> Unverified File Handles can Cause Excessive Use of System Resources <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner EEF Yes CVE-2025-48038 Allocation of Resources Without Limits or Throttling 20325-17084 20323-17086 20541-17086 20325-17084 20323-17086 20541-17086 Moderate 20325-17084 Moderate 20323-17086 Moderate 20541-17086 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U 20325-17084 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U 20323-17086 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U 20541-17086 CBL-Mariner Releases 20325-17084 No Security Update 26.2.5.15-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20325-17084 CBL-Mariner Releases CBL-Mariner Releases 20323-17086 No Security Update 25.3.2.21-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20323-17086 CBL-Mariner Releases CBL-Mariner Releases 20541-17086 No Security Update 25.3.2.21-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20541-17086 CBL-Mariner Releases 1.0 2025-09-12T01:08:45 <p>Information published.</p> SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner EEF Yes CVE-2025-48041 Allocation of Resources Without Limits or Throttling 20325-17084 20323-17086 20541-17086 20325-17084 20323-17086 20541-17086 Moderate 20325-17084 Moderate 20323-17086 Moderate 20541-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20325-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20323-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20541-17086 CBL-Mariner Releases 20325-17084 No Security Update 26.2.5.15-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20325-17084 CBL-Mariner Releases CBL-Mariner Releases 20323-17086 No Security Update 25.3.2.21-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20323-17086 CBL-Mariner Releases CBL-Mariner Releases 20541-17086 No Security Update 25.3.2.21-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20541-17086 CBL-Mariner Releases 1.0 2025-09-12T01:08:55 <p>Information published.</p> Unverified Paths can Cause Excessive Use of System Resources <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner EEF Yes CVE-2025-48039 Allocation of Resources Without Limits or Throttling 20325-17084 20323-17086 20541-17086 20325-17084 20323-17086 20541-17086 Moderate 20325-17084 Moderate 20323-17086 Moderate 20541-17086 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U 20325-17084 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U 20323-17086 4.3 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U 20541-17086 CBL-Mariner Releases 20325-17084 No Security Update 26.2.5.15-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20325-17084 CBL-Mariner Releases CBL-Mariner Releases 20323-17086 20541-17086 No Security Update 25.3.2.21-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20323-17086 20541-17086 CBL-Mariner Releases 1.0 2025-09-12T01:09:04 <p>Information published.</p> cups: Remote DoS via null dereference <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-58364 Improper Input Validation 20436-17086 17722-17084 19950-17086 20436-17086 17722-17084 19950-17086 20436-17086 Moderate 17722-17084 Moderate 19950-17086 6.5 6.2 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 20436-17086 6.5 6.2 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 17722-17084 6.5 6.2 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 19950-17086 CBL-Mariner Releases 17722-17084 No Security Update 2.4.13-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17722-17084 CBL-Mariner Releases CBL-Mariner Releases 19950-17086 No Security Update 2.3.3op2-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19950-17086 CBL-Mariner Releases 1.0 2025-09-12T01:09:13 <p>Information published.</p> libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-59375 Allocation of Resources Without Limits or Throttling 20543-17086 20572-17084 17470-17084 20047-17086 20210-17086 20416-17084 19533-17086 19968-17084 20543-17086 20572-17084 17470-17084 20047-17086 20210-17086 20416-17084 19533-17086 19968-17084 Moderate 20543-17086 Moderate 20572-17084 Moderate 17470-17084 Moderate 20047-17086 Moderate 20210-17086 Moderate 20416-17084 Moderate 19533-17086 Moderate 19968-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20543-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20572-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 17470-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20047-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20210-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20416-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19533-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19968-17084 CBL-Mariner Releases 20543-17086 20572-17084 17470-17084 20210-17086 No Security Update 2.6.4-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20543-17086 20572-17084 17470-17084 20210-17086 CBL-Mariner Releases 1.0 2025-09-16T01:01:15 <p>Information published.</p> NFS: Fix the setting of capabilities when automounting a new filesystem <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39798 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Moderate 17087-17086 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 3.0 2026-01-20T14:46:41 <p>Information published.</p> 1.0 2025-09-16T01:01:21 <p>Information published.</p> 2.0 2026-01-18T01:02:48 <p>Information published.</p> 4.0 2026-02-24T14:40:09 <p>Information published.</p> xfrm: Duplicate SPI Handling <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39797 20925-17086 20412-17084 17087-17086 21093-17086 20925-17086 20412-17084 17087-17086 21093-17086 Moderate 20925-17086 Moderate 20412-17084 Moderate 17087-17086 Moderate 21093-17086 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 20925-17086 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U 20412-17084 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 17087-17086 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 21093-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 2.0 2025-11-26T01:01:49 <p>Information published.</p> 3.0 2026-03-03T14:49:55 <p>Information published.</p> 4.0 2026-03-31T15:02:23 <p>Information published.</p> 1.0 2025-09-16T01:01:26 <p>Information published.</p> block: avoid possible overflow for chunk_sectors check in blk_stack_limits() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39795 20412-17084 17087-17086 20412-17084 17087-17086 Low 20412-17084 Moderate 17087-17086 4.0 3.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-16T01:01:32 <p>Information published.</p> 3.0 2026-01-19T14:37:42 <p>Information published.</p> 4.0 2026-02-24T14:40:02 <p>Information published.</p> 2.0 2026-01-18T01:02:43 <p>Information published.</p> btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39800 20412-17084 17087-17086 20412-17084 17087-17086 20412-17084 Moderate 17087-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 3.0 2026-01-20T14:46:52 <p>Information published.</p> 1.0 2025-09-16T01:01:39 <p>Information published.</p> 2.0 2026-01-18T01:01:17 <p>Information published.</p> usb: dwc3: Remove WARN_ON for device endpoint command timeouts <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39801 20412-17084 20412-17084 Moderate 20412-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-16T01:01:45 <p>Information published.</p> ACPI: processor: perflib: Move problematic pr->performance check <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39799 20412-17084 20412-17084 20412-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20412-17084 1.0 2025-09-16T01:01:50 <p>Information published.</p> ARM: tegra: Use I/O memcpy to write to IRAM <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39794 20412-17084 20412-17084 Moderate 20412-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-16T01:01:56 <p>Information published.</p> Axios is vulnerable to DoS attack through lack of data size check <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-58754 Allocation of Resources Without Limits or Throttling 19693-17084 19693-17084 Important 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 1.1 2026-02-18T01:57:35 <p>Information published.</p> 1.0 2025-09-16T01:02:01 <p>Information published.</p> bnxt_en: Fix memory corruption when FW resources change during ifdown <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39810 Out-of-bounds Write 20412-17084 20613-17084 20725-17084 20823-17084 20860-17084 20956-17084 21094-17084 21093-17086 21248-17084 21332-17084 20553-17084 17087-17086 20788-17084 20925-17086 21308-17084 21344-17084 20412-17084 20613-17084 20725-17084 20823-17084 20860-17084 20956-17084 21094-17084 21093-17086 21248-17084 21332-17084 20553-17084 17087-17086 20788-17084 20925-17086 21308-17084 21344-17084 Important 20412-17084 Important 20613-17084 Important 20725-17084 Important 20823-17084 Important 20860-17084 Important 20956-17084 Important 21094-17084 Important 21093-17086 Important 21248-17084 Important 21332-17084 Important 20553-17084 Important 17087-17086 Important 20788-17084 Important 20925-17086 Important 21308-17084 Important 21344-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20823-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20956-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21094-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21248-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21332-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21308-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21344-17084 2.0 2025-12-04T01:01:40 <p>Information published.</p> 3.0 2025-12-07T01:51:36 <p>Information published.</p> 4.0 2026-01-08T14:47:40 <p>Information published.</p> 5.0 2026-01-20T14:42:27 <p>Information published.</p> 6.0 2026-02-18T02:40:04 <p>Information published.</p> 7.0 2026-03-03T14:58:23 <p>Information published.</p> 9.0 2026-03-31T14:58:45 <p>Information published.</p> 10.0 2026-04-29T14:43:09 <p>Information published.</p> 11.0 2026-05-06T14:38:18 <p>Information published.</p> 12.0 2026-05-11T01:38:35 <p>Information published.</p> 1.0 2025-09-20T01:01:29 <p>Information published.</p> 8.0 2026-03-04T14:38:57 <p>Information published.</p> 13.0 2026-05-17T14:39:13 <p>Information published.</p> net: rose: convert 'use' field to refcount_t <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39826 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Important 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 3.0 2026-01-19T14:38:12 <p>Information published.</p> 4.0 2026-01-21T01:42:37 <p>Information published.</p> 1.0 2025-09-20T01:01:34 <p>Information published.</p> 2.0 2026-01-18T01:03:38 <p>Information published.</p> mm: /proc/pid/smaps_rollup: fix no vma's null-deref <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2022-50380 20412-17084 20412-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 1.0 2025-09-20T01:02:40 <p>Information published.</p> Arbitary Code execution in Keras load_model() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2025-9905 Improper Control of Dynamically-Managed Code Resources 20434-17084 20434-17084 Important 20434-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 20434-17084 CBL-Mariner Releases 20434-17084 No Security Update 3.3.3-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20434-17084 CBL-Mariner Releases 1.0 2025-09-20T01:03:44 <p>Information published.</p> Arbitrary Code execution in Keras Safe Mode <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2025-9906 Deserialization of Untrusted Data 20434-17084 20434-17084 Important 20434-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 20434-17084 CBL-Mariner Releases 20434-17084 No Security Update 3.3.3-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20434-17084 CBL-Mariner Releases 1.0 2025-09-20T01:03:50 <p>Information published.</p> xfs: do not propagate ENODATA disk errors into xattr code <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39835 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Important 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 4.0 2026-02-24T14:41:08 <p>Information published.</p> 1.0 2025-09-20T01:07:54 <p>Information published.</p> 2.0 2026-01-18T01:03:53 <p>Information published.</p> 3.0 2026-01-19T14:38:27 <p>Information published.</p> efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39817 20412-17084 17087-17086 20412-17084 17087-17086 Important 20412-17084 Important 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-20T01:08:26 <p>Information published.</p> 4.0 2026-02-24T14:40:45 <p>Information published.</p> 2.0 2026-01-18T01:03:13 <p>Information published.</p> 3.0 2026-01-19T14:37:57 <p>Information published.</p> net/mlx5: Fix lockdep assertion on sync reset unload event <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39832 20412-17084 20412-17084 Important 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-20T01:08:42 <p>Information published.</p> mm: slub: avoid wake up kswapd in set_track_prepare <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39843 20412-17084 20412-17084 Important 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 1.0 2025-09-21T01:01:24 <p>Information published.</p> wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39849 20553-17084 20412-17084 20553-17084 20412-17084 Moderate 20553-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-09-21T01:01:29 <p>Information published.</p> x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39845 Missing Release of Memory after Effective Lifetime 20553-17084 17087-17086 20412-17084 20553-17084 17087-17086 20412-17084 Moderate 20553-17084 Moderate 17087-17086 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 2.0 2026-01-21T01:03:49 <p>Information published.</p> 3.0 2026-02-24T14:42:16 <p>Information published.</p> 1.0 2025-09-21T01:01:39 <p>Information published.</p> net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39857 20553-17084 20412-17084 20553-17084 20412-17084 Moderate 20553-17084 Moderate 20412-17084 5.8 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 20553-17084 5.8 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 20412-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-09-21T01:01:49 <p>Information published.</p> vxlan: Fix NPD when refreshing an FDB entry with a nexthop object <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39851 20725-17084 17087-17086 20860-17084 20925-17086 21094-17084 21093-17086 20412-17084 20553-17084 20613-17084 20788-17084 20823-17084 20956-17084 21248-17084 21308-17084 21332-17084 21344-17084 20725-17084 17087-17086 20860-17084 20925-17086 21094-17084 21093-17086 20412-17084 20553-17084 20613-17084 20788-17084 20823-17084 20956-17084 21248-17084 21308-17084 21332-17084 21344-17084 Important 20725-17084 Moderate 17087-17086 Important 20860-17084 Moderate 20925-17086 Important 21094-17084 Moderate 21093-17086 Important 20412-17084 Important 20553-17084 Important 20613-17084 Important 20788-17084 Important 20823-17084 Important 20956-17084 Important 21248-17084 Important 21308-17084 Important 21332-17084 Important 21344-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20925-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21094-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21093-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20823-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20956-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21248-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21308-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21332-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21344-17084 2.0 2025-12-07T01:51:42 <p>Information published.</p> 4.0 2025-12-16T01:38:13 <p>Information published.</p> 6.0 2026-01-20T14:42:38 <p>Information published.</p> 8.0 2026-03-03T14:41:10 <p>Information published.</p> 10.0 2026-03-31T15:03:54 <p>Information published.</p> 11.0 2026-04-29T14:43:22 <p>Information published.</p> 12.0 2026-05-06T14:38:27 <p>Information published.</p> 13.0 2026-05-11T01:38:44 <p>Information published.</p> 1.0 2025-09-21T01:01:55 <p>Information published.</p> 3.0 2025-12-14T14:02:20 <p>Information published.</p> 5.0 2026-01-08T14:47:49 <p>Information published.</p> 7.0 2026-02-18T02:47:29 <p>Information published.</p> 9.0 2026-03-04T14:39:05 <p>Information published.</p> 14.0 2026-05-17T14:39:24 <p>Information published.</p> wifi: mt76: mt7915: fix list corruption after hardware restart <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39862 20613-17084 20725-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 20412-17084 20553-17084 20788-17084 21308-17084 21332-17084 21344-17084 20613-17084 20725-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 20412-17084 20553-17084 20788-17084 21308-17084 21332-17084 21344-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20788-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.3 4.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U 20613-17084 5.3 4.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U 20725-17084 5.3 4.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U 20823-17084 5.3 4.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U 20860-17084 5.3 4.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U 20956-17084 5.3 4.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U 21094-17084 5.3 4.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U 21248-17084 5.3 4.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U 20412-17084 5.3 4.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U 20553-17084 5.3 4.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U 20788-17084 5.3 4.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U 21308-17084 5.3 4.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U 21332-17084 5.3 4.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U 21344-17084 2.0 2025-12-07T01:51:48 <p>Information published.</p> 5.0 2026-02-18T02:48:26 <p>Information published.</p> 7.0 2026-03-31T15:04:19 <p>Information published.</p> 8.0 2026-04-29T14:43:36 <p>Information published.</p> 10.0 2026-05-11T01:38:52 <p>Information published.</p> 1.0 2025-09-21T01:02:05 <p>Information published.</p> 3.0 2026-01-08T14:47:57 <p>Information published.</p> 4.0 2026-01-20T14:42:49 <p>Information published.</p> 6.0 2026-03-04T14:39:12 <p>Information published.</p> 9.0 2026-05-06T14:38:36 <p>Information published.</p> 11.0 2026-05-17T14:39:34 <p>Information published.</p> tee: fix NULL pointer dereference in tee_shm_put <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39865 20412-17084 20412-17084 Important 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 1.0 2025-09-21T01:02:21 <p>Information published.</p> mm: move page table sync declarations to linux/pgtable.h <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39844 17087-17086 20412-17084 20553-17084 17087-17086 20412-17084 20553-17084 Moderate 17087-17086 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 2.0 2026-01-21T01:03:40 <p>Information published.</p> 3.0 2026-02-24T14:42:08 <p>Information published.</p> 1.0 2025-09-21T01:02:31 <p>Information published.</p> Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39860 Use After Free 20412-17084 20553-17084 20412-17084 20553-17084 Important 20412-17084 Important 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-09-21T01:02:36 <p>Information published.</p> ax25: properly unshare skbs in ax25_kiss_rcv() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39848 20553-17084 17087-17086 20412-17084 20553-17084 17087-17086 20412-17084 Moderate 20553-17084 Moderate 17087-17086 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 2.0 2026-01-21T01:04:15 <p>Information published.</p> 1.0 2025-09-21T01:03:25 <p>Information published.</p> 3.0 2026-02-18T14:28:34 <p>Information published.</p> cifs: prevent NULL pointer dereference in UTF16 conversion <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39838 NULL Pointer Dereference 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-09-21T01:03:35 <p>Information published.</p> WAMR runtime hangs or crashes with large memory.fill addresses in LLVM-JIT mode <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-58749 Untrusted Pointer Dereference 20526-17086 20420-17084 20380-17086 20573-17084 20526-17086 20420-17084 20380-17086 20573-17084 Low 20526-17086 Low 20420-17084 Low 20380-17086 Low 20573-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20526-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20420-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20380-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20573-17084 CBL-Mariner Releases 20526-17086 20380-17086 No Security Update 3.0.6-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20526-17086 20380-17086 CBL-Mariner Releases CBL-Mariner Releases 20420-17084 20573-17084 No Security Update 3.1.9-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20420-17084 20573-17084 CBL-Mariner Releases 1.0 2025-09-21T01:03:55 <p>Information published.</p> axboe fio options.c str_buffer_pattern_cb null pointer dereference <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-10823 NULL Pointer Dereference 20447-17084 20448-17086 20544-17086 20574-17084 20447-17084 20448-17086 20544-17086 20574-17084 Moderate 20447-17084 Moderate 20448-17086 Moderate 20544-17086 Moderate 20574-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R 20447-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R 20448-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R 20544-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R 20574-17084 CBL-Mariner Releases 20447-17084 20574-17084 No Security Update 3.37-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20447-17084 20574-17084 CBL-Mariner Releases CBL-Mariner Releases 20448-17086 20544-17086 No Security Update 3.30-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20448-17086 20544-17086 CBL-Mariner Releases 1.0 2025-09-24T01:01:30 <p>Information published.</p> axboe fio init.c __parse_jobs_ini use after free <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-10824 Use After Free 20447-17084 20448-17086 20447-17084 20448-17086 Moderate 20447-17084 Moderate 20448-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 20447-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 20448-17086 1.0 2025-09-24T01:01:39 <p>Information published.</p> ocfs2: fix recursive semaphore deadlock in fiemap call <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39885 Improper Locking 20412-17084 17087-17086 20412-17084 17087-17086 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-09-24T01:01:44 <p>Information published.</p> 4.0 2026-02-18T14:31:25 <p>Information published.</p> 2.0 2026-01-18T01:04:03 <p>Information published.</p> 3.0 2026-01-19T14:38:37 <p>Information published.</p> kernfs: Fix UAF in polling when open file is released <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39881 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-09-24T01:01:49 <p>Information published.</p> mm/damon/sysfs: fix use-after-free in state_show() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39877 20412-17084 20412-17084 Moderate 20412-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 1.0 2025-09-24T01:01:55 <p>Information published.</p> bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39886 20412-17084 20553-17084 20925-17086 21093-17086 17087-17086 20412-17084 20553-17084 20925-17086 21093-17086 17087-17086 Moderate 20412-17084 Moderate 20553-17084 Moderate 20925-17086 Moderate 21093-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20925-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21093-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-09-24T01:02:00 <p>Information published.</p> 3.0 2025-12-16T01:38:23 <p>Information published.</p> 4.0 2026-03-03T14:41:46 <p>Information published.</p> 5.0 2026-03-31T14:46:38 <p>Information published.</p> 2.0 2025-12-14T14:02:35 <p>Information published.</p> netfilter: nft_set_pipapo: fix null deref for empty set <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39867 20412-17084 20412-17084 Moderate 20412-17084 4.7 4.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20412-17084 1.0 2025-09-24T01:02:05 <p>Information published.</p> can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39873 20412-17084 20553-17084 20412-17084 20553-17084 Important 20412-17084 Important 20553-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-09-24T01:02:10 <p>Information published.</p> dmaengine: ti: edma: Fix memory allocation size for queue_priority_map <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39869 20412-17084 20412-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 1.0 2025-09-24T01:02:15 <p>Information published.</p> mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39883 20412-17084 20553-17084 17087-17086 20412-17084 20553-17084 17087-17086 Low 20412-17084 Low 20553-17084 Important 17087-17086 4.1 3.8 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U 20412-17084 4.1 3.8 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-24T01:02:21 <p>Information published.</p> 3.0 2026-01-19T14:38:32 <p>Information published.</p> 4.0 2026-02-24T14:41:16 <p>Information published.</p> 2.0 2026-01-18T01:03:58 <p>Information published.</p> net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39876 NULL Pointer Dereference 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20412-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-09-24T01:02:26 <p>Information published.</p> libceph: fix invalid accesses to ceph_connection_v1_info <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39880 20412-17084 20553-17084 20412-17084 20553-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-09-24T01:02:31 <p>Information published.</p> Libtiff: libtiff write-what-where <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-9900 Write-what-where Condition 20397-17086 20415-17084 20397-17086 20415-17084 Important 20397-17086 Important 20415-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 20397-17086 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 20415-17084 CBL-Mariner Releases 20397-17086 20415-17084 No Security Update 4.6.0-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20397-17086 20415-17084 CBL-Mariner Releases 1.0 2025-09-27T01:03:04 <p>Information published.</p> astral-tokio-tar has a path traversal in tar extraction <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-59825 Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;) 20824-17084 20421-17084 20824-17084 20421-17084 Moderate 20824-17084 Moderate 20421-17084 2.0 2026-01-20T14:43:21 <p>Information published.</p> 1.0 2025-09-27T01:03:20 <p>Information published.</p> Glib-networking: out of bound reads on glib-networking through tls/openssl/gtlscertificate-openssl.c via "g_tls_certificate_openssl_get_property()" <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-60018 Out-of-bounds Read 20465-17084 20464-17086 20465-17084 20464-17086 Moderate 20465-17084 Moderate 20464-17086 4.8 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L 20465-17084 4.8 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L 20464-17086 1.0 2025-09-29T01:01:31 <p>Information published.</p> Libsoup: out-of-bounds read in cookie date handling of libsoup http library <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-11021 Out-of-bounds Read 20379-17086 20190-17084 20601-17086 20379-17086 20190-17084 20601-17086 Important 20379-17086 Important 20190-17084 Important 20601-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 20379-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 20190-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 20601-17086 CBL-Mariner Releases 20379-17086 20601-17086 No Security Update 3.0.4-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20379-17086 20601-17086 CBL-Mariner Releases CBL-Mariner Releases 20190-17084 No Security Update 3.4.4-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20190-17084 CBL-Mariner Releases 1.0 2025-09-29T01:01:39 <p>Information published.</p> Libxslt: use-after-free with key data stored cross-rvt <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-10911 Expired Pointer Dereference 20191-17086 20726-17084 20783-17086 17469-17084 20693-17086 20191-17086 20726-17084 20783-17086 17469-17084 20693-17086 Moderate 20191-17086 Moderate 20726-17084 Moderate 20783-17086 Moderate 17469-17084 Moderate 20693-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20191-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20726-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20783-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17469-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20693-17086 2.0 2025-12-06T14:37:45 <p>Information published.</p> 3.0 2025-12-07T01:36:04 <p>Information published.</p> 4.0 2026-01-03T01:37:47 <p>Information published.</p> 1.0 2025-09-29T01:01:46 <p>Information published.</p> In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-46152 Out-of-bounds Write 19949-17086 19407-17084 20729-17084 19949-17086 19407-17084 20729-17084 Moderate 19949-17086 Moderate 19407-17084 Moderate 20729-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19949-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19407-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20729-17084 CBL-Mariner Releases 19407-17084 No Security Update 2.2.2-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19407-17084 CBL-Mariner Releases CBL-Mariner Releases 20729-17084 No Security Update 2.2.2-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20729-17084 CBL-Mariner Releases 2.0 2025-11-18T01:36:32 <p>Information published.</p> 3.0 2025-12-07T01:36:18 <p>Information published.</p> 1.0 2025-09-29T01:01:54 <p>Information published.</p> A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-55553 Uncaught Exception 19949-17086 19407-17084 19949-17086 19407-17084 Important 19949-17086 Important 19407-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19949-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19407-17084 1.0 2025-10-01T17:11:29 <p>Information published.</p> GNU Binutils objdump.c dump_dwarf_section out-of-bounds <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-11081 Out-of-bounds Read 20376-17086 19634-17084 20376-17086 19634-17084 Moderate 20376-17086 Moderate 19634-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20376-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 19634-17084 1.0 2025-10-02T01:04:20 <p>Information published.</p> GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-11082 Heap-based Buffer Overflow 20100-17086 19634-17084 20414-17084 20524-17086 20568-17084 20599-17086 20598-17086 20376-17086 20203-17086 18844-17084 20525-17086 20569-17084 20100-17086 19634-17084 20414-17084 20524-17086 20568-17084 20599-17086 20598-17086 20376-17086 20203-17086 18844-17084 20525-17086 20569-17084 Moderate 20100-17086 Moderate 19634-17084 Moderate 20414-17084 Moderate 20524-17086 Moderate 20568-17084 Moderate 20599-17086 Moderate 20598-17086 Moderate 20376-17086 Moderate 20203-17086 Moderate 18844-17084 Moderate 20525-17086 Moderate 20569-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 20100-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 19634-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 20414-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 20524-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 20568-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 20599-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 20598-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 20376-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 20203-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 18844-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 20525-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 20569-17084 CBL-Mariner Releases 20100-17086 No Security Update 8.0.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20100-17086 CBL-Mariner Releases CBL-Mariner Releases 19634-17084 20568-17084 No Security Update 2.41-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19634-17084 20568-17084 CBL-Mariner Releases CBL-Mariner Releases 20414-17084 20569-17084 No Security Update 13.2-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20414-17084 20569-17084 CBL-Mariner Releases CBL-Mariner Releases 20524-17086 No Security Update 11.2-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20524-17086 CBL-Mariner Releases CBL-Mariner Releases 20599-17086 20525-17086 No Security Update 2.37-19 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20599-17086 20525-17086 CBL-Mariner Releases CBL-Mariner Releases 20598-17086 No Security Update 11.2-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20598-17086 CBL-Mariner Releases CBL-Mariner Releases 18844-17084 No Security Update 8.0.4-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18844-17084 CBL-Mariner Releases 1.0 2025-10-02T01:04:39 <p>Information published.</p> GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-11083 Heap-based Buffer Overflow 19634-17084 20600-17086 21253-17084 21201-17084 20376-17086 20203-17086 20525-17086 20524-17086 20568-17084 20599-17086 20598-17086 19634-17084 20600-17086 21253-17084 21201-17084 20376-17086 20203-17086 20525-17086 20524-17086 20568-17084 20599-17086 20598-17086 Moderate 19634-17084 Low 20600-17086 Low 21253-17084 Low 21201-17084 Moderate 20376-17086 Moderate 20203-17086 Moderate 20525-17086 Moderate 20524-17086 Moderate 20568-17084 Moderate 20599-17086 Moderate 20598-17086 5.5 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P 19634-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 20600-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 21253-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 21201-17084 5.5 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P 20376-17086 5.5 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P 20203-17086 5.5 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P 20525-17086 5.5 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P 20524-17086 5.5 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P 20568-17084 5.5 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P 20599-17086 5.5 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P 20598-17086 CBL-Mariner Releases 19634-17084 20568-17084 No Security Update 2.41-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19634-17084 20568-17084 CBL-Mariner Releases CBL-Mariner Releases 20525-17086 20599-17086 No Security Update 2.37-19 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20525-17086 20599-17086 CBL-Mariner Releases CBL-Mariner Releases 20524-17086 No Security Update 11.2-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20524-17086 CBL-Mariner Releases CBL-Mariner Releases 20598-17086 No Security Update 11.2-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20598-17086 CBL-Mariner Releases 2.0 2026-05-03T01:02:26 <p>Information published.</p> 1.0 2025-10-02T01:04:49 <p>Information published.</p> 3.0 2026-05-05T01:41:55 <p>Information published.</p> PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-46153 Inefficient CPU Computation 19407-17084 19949-17086 19407-17084 19949-17086 Moderate 19407-17084 Moderate 19949-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19407-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19949-17086 1.0 2025-10-02T01:04:57 <p>Information published.</p> In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-46149 Reachable Assertion 19949-17086 19407-17084 19949-17086 19407-17084 Moderate 19949-17086 Moderate 19407-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19949-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19407-17084 1.0 2025-10-02T01:05:06 <p>Information published.</p> A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-55557 Uncaught Exception 19949-17086 19407-17084 19949-17086 19407-17084 Important 19949-17086 Important 19407-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19949-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19407-17084 1.0 2025-10-02T01:05:13 <p>Information published.</p> In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-46150 19407-17084 19949-17086 19407-17084 19949-17086 Moderate 19407-17084 Moderate 19949-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19407-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19949-17086 1.0 2025-10-02T01:05:21 <p>Information published.</p> An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-55560 Uncontrolled Resource Consumption 19407-17084 20694-17086 20729-17084 19949-17086 19407-17084 20694-17086 20729-17084 19949-17086 Moderate 19407-17084 Moderate 20694-17086 Moderate 20729-17084 Moderate 19949-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19407-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20694-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20729-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19949-17086 CBL-Mariner Releases 19407-17084 No Security Update 2.2.2-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19407-17084 CBL-Mariner Releases CBL-Mariner Releases 20694-17086 No Security Update 2.0.0-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20694-17086 CBL-Mariner Releases CBL-Mariner Releases 20729-17084 No Security Update 2.2.2-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20729-17084 CBL-Mariner Releases CBL-Mariner Releases 19949-17086 No Security Update 2.0.0-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19949-17086 CBL-Mariner Releases 1.0 2025-10-02T01:05:29 <p>Information published.</p> 2.0 2025-11-18T01:36:41 <p>Information published.</p> 5.0 2025-12-07T01:36:29 <p>Information published.</p> 3.0 2025-11-20T01:35:52 <p>Information published.</p> 4.0 2025-12-06T14:37:51 <p>Information published.</p> A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-55558 Uncontrolled Resource Consumption 19949-17086 19407-17084 19949-17086 19407-17084 Moderate 19949-17086 Moderate 19407-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19949-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19407-17084 1.0 2025-10-02T01:05:39 <p>Information published.</p> 2.0 2025-11-25T01:38:02 <p>Information published.</p> Out-of-bounds read in HTTP client no_proxy handling <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openssl Yes CVE-2025-9232 Out-of-bounds Read 20467-17084 20615-17084 20744-17084 20822-17084 20435-17084 20577-17084 20559-17084 19805-17086 20864-17084 20865-17084 20467-17084 20615-17084 20744-17084 20822-17084 20435-17084 20577-17084 20559-17084 19805-17086 20864-17084 20865-17084 Moderate 20467-17084 Moderate 20615-17084 Moderate 20744-17084 Moderate 20822-17084 Moderate 20435-17084 Moderate 20577-17084 Moderate 20559-17084 Moderate 19805-17086 Moderate 20864-17084 Moderate 20865-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20467-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20615-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20744-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20822-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20435-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20577-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20559-17084 5.9 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19805-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20864-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20865-17084 CBL-Mariner Releases 20467-17084 No Security Update 3.3.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20467-17084 CBL-Mariner Releases 1.0 2025-10-02T01:05:50 <p>Information published.</p> 2.0 2026-01-21T01:06:20 <p>Information published.</p> 3.0 2026-02-21T03:31:04 <p>Information published.</p> Out-of-bounds read & write in RFC 3211 KEK Unwrap <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openssl Yes CVE-2025-9230 Out-of-bounds Read 20467-17084 20435-17084 20128-17084 19805-17086 20744-17084 20822-17084 20864-17084 19813-17086 20413-17084 20865-17084 20467-17084 20435-17084 20128-17084 19805-17086 20744-17084 20822-17084 20864-17084 19813-17086 20413-17084 20865-17084 Important 20467-17084 Important 20435-17084 Important 20128-17084 Important 19805-17086 Important 20744-17084 Important 20822-17084 Important 20864-17084 Important 19813-17086 Important 20413-17084 Important 20865-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20467-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20435-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20128-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19805-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20744-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20822-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20864-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19813-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20413-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20865-17084 CBL-Mariner Releases 20467-17084 No Security Update 3.3.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20467-17084 CBL-Mariner Releases CBL-Mariner Releases 20128-17084 No Security Update 20240524git3e722403cd16-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20128-17084 CBL-Mariner Releases 1.0 2025-10-02T01:05:57 <p>Information published.</p> 3.0 2026-01-21T01:06:47 <p>Information published.</p> 2.0 2025-11-25T01:38:07 <p>Information published.</p> 4.0 2026-02-21T03:34:48 <p>Information published.</p> Denial of Service in CivetWeb <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner CERT-PL Yes CVE-2025-9648 Improper Neutralization of Null Byte or NUL Character 19531-17084 19540-17086 19531-17084 19540-17086 Important 19531-17084 Important 19540-17086 CBL-Mariner Releases 19531-17084 No Security Update 18.2.2-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19531-17084 CBL-Mariner Releases CBL-Mariner Releases 19540-17086 No Security Update 16.2.10-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19540-17086 CBL-Mariner Releases 1.0 2025-10-03T01:01:47 <p>Information published.</p> pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-55554 Integer Overflow or Wraparound 19949-17086 20729-17084 20874-17086 20938-17086 20972-17084 21103-17086 19407-17084 20694-17086 20799-17084 20906-17084 21262-17084 19949-17086 20729-17084 20874-17086 20938-17086 20972-17084 21103-17086 19407-17084 20694-17086 20799-17084 20906-17084 21262-17084 Moderate 19949-17086 Moderate 20729-17084 Moderate 20874-17086 Moderate 20938-17086 Moderate 20972-17084 Moderate 21103-17086 Moderate 19407-17084 Moderate 20694-17086 Moderate 20799-17084 Moderate 20906-17084 Moderate 21262-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19949-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20729-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20874-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20938-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20972-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 21103-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19407-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20694-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20799-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20906-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 21262-17084 1.0 2025-10-05T01:01:42 <p>Information published.</p> 2.0 2025-12-06T14:38:07 <p>Information published.</p> 6.0 2026-03-03T14:57:28 <p>Information published.</p> 7.0 2026-03-04T14:40:03 <p>Information published.</p> 8.0 2026-03-31T15:18:27 <p>Information published.</p> 9.0 2026-04-29T14:45:10 <p>Information published.</p> 3.0 2025-12-07T01:37:47 <p>Information published.</p> 4.0 2026-01-08T14:48:56 <p>Information published.</p> 5.0 2026-02-19T01:37:43 <p>Information published.</p> iommu/mediatek: Fix crash on isr after kexec() Mariner Linux Yes CVE-2022-50236 Use of Uninitialized Resource 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 2.0 2025-12-03T01:37:19 <p>Information published.</p> 1.0 2025-11-26T01:01:24 <p>Information published.</p> drm/amdgpu: fix calltrace warning in amddrm_buddy_fini Mariner Linux Yes CVE-2023-53152 Missing Release of Resource after Effective Lifetime 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 2.0 2026-03-03T14:49:05 <p>Information published.</p> 1.0 2025-11-26T01:01:29 <p>Information published.</p> 3.0 2026-03-31T15:01:32 <p>Information published.</p> drm/meson: remove drm bridges at aggregate driver unbind time Mariner Linux Yes CVE-2022-50256 Use After Free 20925-17086 17087-17086 21093-17086 20925-17086 17087-17086 21093-17086 Moderate 20925-17086 Moderate 17087-17086 Moderate 21093-17086 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 20925-17086 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 17087-17086 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 21093-17086 2.0 2026-03-03T14:50:13 <p>Information published.</p> 3.0 2026-03-31T15:02:52 <p>Information published.</p> 1.0 2025-11-27T01:01:21 <p>Information published.</p> drm/msm: Make .remove and .shutdown HW shutdown consistent Mariner Linux Yes CVE-2022-50260 17087-17086 21093-17086 20925-17086 17087-17086 21093-17086 20925-17086 Moderate 17087-17086 Moderate 21093-17086 Moderate 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 1.0 2025-11-27T01:01:27 <p>Information published.</p> 2.0 2026-03-03T14:50:30 <p>Information published.</p> 3.0 2026-03-31T15:03:14 <p>Information published.</p> Podman: build context bind mount Mariner redhat Yes CVE-2025-4953 Creation of Temporary File With Insecure Permissions 20583-17084 20675-17084 20660-17084 20583-17084 20675-17084 20660-17084 Moderate 20583-17084 Moderate 20675-17084 Moderate 20660-17084 7.4 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U 20583-17084 7.4 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U 20675-17084 7.4 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U 20660-17084 2.0 2025-12-03T01:39:03 <p>Information published.</p> 1.0 2025-11-29T01:01:26 <p>Information published.</p> scsi: target: iscsi: Fix a race condition between login_work and the login thread Mariner Linux Yes CVE-2022-50350 Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 2.0 2026-03-03T14:56:32 <p>Information published.</p> 3.0 2026-03-31T15:07:27 <p>Information published.</p> 1.0 2025-12-03T01:01:42 <p>Information published.</p> mm: fix zswap writeback race condition Mariner Linux Yes CVE-2023-53178 Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 Moderate 21093-17086 Moderate 17087-17086 Moderate 20925-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 2.0 2026-03-03T14:56:50 <p>Information published.</p> 3.0 2026-03-31T15:07:42 <p>Information published.</p> 1.0 2025-12-03T01:01:58 <p>Information published.</p> coresight: Fix memory leak in acpi_buffer->pointer Mariner Linux Yes CVE-2023-53261 Missing Release of Memory after Effective Lifetime 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-12-04T01:01:30 <p>Information published.</p> 2.0 2025-12-09T01:37:09 <p>Information published.</p> blk-mq: fix NULL dereference on q->elevator in blk_mq_elv_switch_none Mariner Linux Yes CVE-2023-53292 NULL Pointer Dereference 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 2.0 2026-03-03T14:58:06 <p>Information published.</p> 3.0 2026-03-31T15:09:08 <p>Information published.</p> 1.0 2025-12-04T01:01:35 <p>Information published.</p> orangefs: Fix kmemleak in orangefs_sysfs_init() Mariner Linux Yes CVE-2022-50316 Missing Release of Memory after Effective Lifetime 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-12-05T01:02:00 <p>Information published.</p> 2.0 2025-12-09T01:37:40 <p>Information published.</p> drm/amdgpu: install stub fence into potential unused fence pointers Mariner Linux Yes CVE-2023-53248 NULL Pointer Dereference 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 2.0 2026-03-03T15:00:10 <p>Information published.</p> 3.0 2026-03-31T15:11:19 <p>Information published.</p> 1.0 2025-12-05T01:02:29 <p>Information published.</p> cacheinfo: Fix shared_cpu_map to handle shared caches at different levels Mariner Linux Yes CVE-2023-53254 Out-of-bounds Read 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Important 17087-17086 Important 20925-17086 Important 21093-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20925-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21093-17086 1.0 2025-12-05T01:02:34 <p>Information published.</p> 2.0 2026-03-03T15:00:26 <p>Information published.</p> 3.0 2026-03-31T15:11:40 <p>Information published.</p> mtd: core: fix possible resource leak in init_mtd() Mariner Linux Yes CVE-2022-50304 Missing Release of Memory after Effective Lifetime 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 1.0 2025-12-06T01:01:27 <p>Information published.</p> 3.0 2026-03-31T15:13:50 <p>Information published.</p> 2.0 2026-03-03T15:02:07 <p>Information published.</p> wifi: mac80211_hwsim: Fix possible NULL dereference Mariner Linux Yes CVE-2023-53209 NULL Pointer Dereference 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 1.0 2025-12-06T01:01:33 <p>Information published.</p> 2.0 2026-03-03T15:02:28 <p>Information published.</p> 3.0 2026-03-31T15:14:13 <p>Information published.</p> usb: dwc3: core: fix some leaks in probe Mariner Linux Yes CVE-2022-50357 Missing Release of Memory after Effective Lifetime 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 1.0 2025-12-11T01:01:21 <p>Information published.</p> 2.0 2026-03-03T15:03:25 <p>Information published.</p> 3.0 2026-03-31T14:36:51 <p>Information published.</p> accel/habanalabs: postpone mem_mgr IDR destruction to hpriv_release() Mariner Linux Yes CVE-2023-53353 Missing Release of Memory after Effective Lifetime 17087-17086 21093-17086 20925-17086 17087-17086 21093-17086 20925-17086 Moderate 17087-17086 Moderate 21093-17086 Moderate 20925-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21093-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20925-17086 1.0 2025-12-12T01:02:05 <p>Information published.</p> 2.0 2026-03-03T14:36:04 <p>Information published.</p> 3.0 2026-03-31T14:39:25 <p>Information published.</p> clk: mediatek: fix of_iomap memory leak Mariner Linux Yes CVE-2023-53424 Missing Release of Memory after Effective Lifetime 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 Moderate 21093-17086 Moderate 17087-17086 Moderate 20925-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21093-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20925-17086 1.0 2025-12-12T01:02:26 <p>Information published.</p> 3.0 2026-03-31T14:40:36 <p>Information published.</p> 2.0 2026-03-03T14:37:00 <p>Information published.</p> x86/MCE: Always save CS register on AMD Zen IF Poison errors Mariner Linux Yes CVE-2023-53438 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20925-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21093-17086 2.0 2026-03-03T14:37:42 <p>Information published.</p> 3.0 2026-03-31T14:41:24 <p>Information published.</p> 1.0 2025-12-12T01:02:37 <p>Information published.</p> block: be a bit more careful in checking for NULL bdev while polling Mariner Linux Yes CVE-2023-53366 NULL Pointer Dereference 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 Moderate 21093-17086 Moderate 17087-17086 Moderate 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 1.0 2025-12-13T01:01:18 <p>Information published.</p> 3.0 2026-03-31T14:42:07 <p>Information published.</p> 2.0 2026-03-03T14:38:22 <p>Information published.</p> accel/habanalabs: fix mem leak in capture user mappings Mariner Linux Yes CVE-2023-53367 Missing Release of Memory after Effective Lifetime 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-12-13T01:01:24 <p>Information published.</p> 2.0 2025-12-16T01:37:04 <p>Information published.</p> mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required() Mariner Linux Yes CVE-2023-53401 NULL Pointer Dereference 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 3.0 2026-03-31T14:43:03 <p>Information published.</p> 1.0 2025-12-13T01:01:40 <p>Information published.</p> 2.0 2026-03-03T14:38:54 <p>Information published.</p> drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED Mariner Linux Yes CVE-2022-50390 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-12-14T14:01:25 <p>Information published.</p> 3.0 2025-12-17T01:38:51 <p>Information published.</p> 2.0 2025-12-16T01:37:22 <p>Information published.</p> drm/amdgpu: SDMA update use unlocked iterator Mariner Linux Yes CVE-2022-50393 17087-17086 21093-17086 20925-17086 17087-17086 21093-17086 20925-17086 Moderate 17087-17086 Moderate 21093-17086 Moderate 20925-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21093-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20925-17086 1.0 2025-12-14T14:01:30 <p>Information published.</p> 2.0 2025-12-16T01:37:27 <p>Information published.</p> 4.0 2026-03-31T14:44:05 <p>Information published.</p> 3.0 2026-03-03T14:39:28 <p>Information published.</p> wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register() Mariner Linux Yes CVE-2022-50418 Missing Release of Memory after Effective Lifetime 17087-17086 21093-17086 20925-17086 17087-17086 21093-17086 20925-17086 Moderate 17087-17086 Moderate 21093-17086 Moderate 20925-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21093-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20925-17086 3.0 2026-03-03T14:39:45 <p>Information published.</p> 4.0 2026-03-31T14:44:28 <p>Information published.</p> 1.0 2025-12-14T14:01:36 <p>Information published.</p> 2.0 2025-12-16T01:37:32 <p>Information published.</p> net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create Mariner Linux Yes CVE-2023-53371 Missing Release of Memory after Effective Lifetime 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 1.0 2025-12-14T14:01:46 <p>Information published.</p> 3.0 2025-12-17T01:38:56 <p>Information published.</p> 2.0 2025-12-16T01:37:43 <p>Information published.</p> scsi: mpi3mr: Use number of bits to manage bitmap sizes Mariner Linux Yes CVE-2023-53376 Out-of-bounds Read 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 6.0 6.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H 17087-17086 6.0 6.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H 20925-17086 6.0 6.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H 21093-17086 3.0 2026-03-03T14:40:19 <p>Information published.</p> 4.0 2026-03-31T14:45:16 <p>Information published.</p> 1.0 2025-12-14T14:01:52 <p>Information published.</p> 2.0 2025-12-15T14:36:14 <p>Information published.</p> f2fs: don't reset unchangable mount option in f2fs_remount() Mariner Linux Yes CVE-2023-53447 Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) 17087-17086 17087-17086 Moderate 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 3.0 2025-12-17T01:39:01 <p>Information published.</p> 1.0 2025-12-14T14:01:57 <p>Information published.</p> 2.0 2025-12-16T01:37:48 <p>Information published.</p> Bluetooth: hci_core: Disable works on hci_unregister_dev Mariner Linux Yes CVE-2024-58241 17087-17086 20725-17084 20823-17084 20956-17084 21093-17086 21248-17084 20788-17084 20860-17084 20925-17086 21094-17084 21308-17084 21332-17084 21344-17084 17087-17086 20725-17084 20823-17084 20956-17084 21093-17086 21248-17084 20788-17084 20860-17084 20925-17086 21094-17084 21308-17084 21332-17084 21344-17084 Moderate 17087-17086 Moderate 20725-17084 Moderate 20823-17084 Moderate 20956-17084 Moderate 21093-17086 Moderate 21248-17084 Moderate 20788-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 21094-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20725-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20823-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20956-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21093-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21248-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20788-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20860-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20925-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21094-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21308-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21332-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21344-17084 2.0 2025-12-16T01:38:02 <p>Information published.</p> 6.0 2026-03-03T14:40:37 <p>Information published.</p> 8.0 2026-03-31T14:45:51 <p>Information published.</p> 9.0 2026-04-29T14:52:22 <p>Information published.</p> 1.0 2025-12-14T14:02:10 <p>Information published.</p> 3.0 2026-01-08T14:44:27 <p>Information published.</p> 4.0 2026-01-20T14:51:36 <p>Information published.</p> 5.0 2026-02-18T14:17:07 <p>Information published.</p> 7.0 2026-03-04T14:44:32 <p>Information published.</p> 10.0 2026-05-06T14:44:48 <p>Information published.</p> 11.0 2026-05-11T01:43:35 <p>Information published.</p> 12.0 2026-05-17T14:44:40 <p>Information published.</p> hv_netvsc: Fix panic during namespace deletion with VF Mariner Linux Yes CVE-2025-38683 NULL Pointer Dereference 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2026-01-10T01:02:37 <p>Information published.</p> 2.0 2026-02-24T14:36:09 <p>Information published.</p> Revert "fs/ntfs3: Replace inode_trylock with inode_lock" Mariner Linux Yes CVE-2025-39734 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2026-01-13T01:01:48 <p>Information published.</p> ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value Mariner Linux Yes CVE-2022-50327 NULL Pointer Dereference 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 3.0 2026-02-24T14:39:07 <p>Information published.</p> 1.0 2026-01-18T01:01:23 <p>Information published.</p> 2.0 2026-01-19T14:36:45 <p>Information published.</p> net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM Mariner Linux Yes CVE-2025-39770 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 Moderate 21093-17086 Moderate 17087-17086 Moderate 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 2.0 2026-01-19T14:37:07 <p>Information published.</p> 3.0 2026-03-03T14:54:19 <p>Information published.</p> 4.0 2026-03-31T15:11:27 <p>Information published.</p> 1.0 2026-01-18T01:01:58 <p>Information published.</p> jbd2: prevent softlockup in jbd2_log_do_checkpoint() Mariner Linux Yes CVE-2025-39782 Improper Locking 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 3.0 2026-02-24T14:39:40 <p>Information published.</p> 1.0 2026-01-18T01:02:19 <p>Information published.</p> 2.0 2026-01-19T14:37:22 <p>Information published.</p> HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() Mariner Linux Yes CVE-2025-39806 Out-of-bounds Read 17087-17086 17087-17086 Important 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 2.0 2026-01-19T14:37:47 <p>Information published.</p> 3.0 2026-02-24T14:40:16 <p>Information published.</p> 1.0 2026-01-18T01:02:54 <p>Information published.</p> Unexpected paths returned from LookPath in os/exec <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2025-47906 20138-17084 20123-17086 20387-17086 20366-17086 20138-17084 20123-17086 20387-17086 20366-17086 Important 20138-17084 Important 20123-17086 Important 20387-17086 Moderate 20366-17086 8.8 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P 20138-17084 8.8 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P 20123-17086 8.8 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P 20387-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 20366-17086 CBL-Mariner Releases 20138-17084 No Security Update 1.24.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20138-17084 CBL-Mariner Releases CBL-Mariner Releases 20387-17086 No Security Update 1.22.7-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20387-17086 CBL-Mariner Releases CBL-Mariner Releases 20366-17086 No Security Update 1.18.8-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20366-17086 CBL-Mariner Releases 1.0 2025-09-03T22:11:07 <p>Information published.</p> 2.0 2025-11-18T01:36:07 <p>Information published.</p> PowerShell Direct Elevation of Privilege Vulnerability <p>Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>The attacker, initially a non-admin user on the host, could hijack the PowerShell Direct session intended for communication between the admin user on host and a guest VM. This unauthorized access enables the attacker to impersonate the admin host user in communications with the guest, potentially manipulating or controlling guest-side operations.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>Why am I getting login failure events on my unpatched guest VM?</strong></p> <p>To ensure compatibility with unpatched guests, the new client attempts a login. This will produce an event in the Security Event log with event id 4625. The username will be <code>?‹PSDirectVMLegacy&gt;</code> and the domain will be <code>䕖卒佉N</code>.</p> <p>This event should stop when you patch your guest.</p> <p><strong>Note</strong>: The <strong>?‹PSDirectVMLegacy&gt;</strong> and <strong>䕖卒佉N</strong> text is verbatim - this is what the user sees.</p> <p><strong>Where can I find information about additional mitigation steps?</strong></p> <p>There are edge case affecting hotpatched devices that have installed the September 2025 updates . These devices may experience failures with PowerShell Direct (PSDirect) connections when the host and guest virtual machines (VMs) are both not fully updated.</p> <p>If your hotpatched device is experiencing issues with PSDirect connection, we recommend updating both the host and guest VM with these updates.</p> <p>Additional information can be found in the Knowledge Base articles below.</p> <table> <thead> <tr> <th>KB Article</th> <th>Product</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5065306">5065306</a></td> <td>Windows Server 2022 Hotpatch</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5065426">5065426</a></td> <td>Windows 11, version 24H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5065432">5065432</a></td> <td>Windows Server 2022</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5065474">5065474</a></td> <td>Windows Server 2025 Hotpatch</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5066359">5066359</a></td> <td>PowerShell</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5066360">5066360</a></td> <td>PowerShell</td> </tr> </tbody> </table> Windows PowerShell Microsoft Yes CVE-2025-49734 Improper Restriction of Communication Channel to Intended Endpoints 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 12262 16787 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 12262 Elevation of Privilege 16787 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 12262 Important 16787 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12262 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16787 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 Release Notes https://github.com/PowerShell/Announcements/issues/78 12262 Maybe Security Update 7.4.12 https://github.com/PowerShell/Announcements/issues/78 12262 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/78 16787 Maybe Security Update 7.5.3 https://github.com/PowerShell/Announcements/issues/78 16787 Release Notes QWangWang 1.0 2025-09-09T00:00:00 <p>Information published.</p> 2.0 2025-09-11T00:00:00 <p>Revised the Security Updates table to include PowerShell 7.4 and PowerShell 7.5 because these versions of PowerShell 7 are affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/78">https://github.com/PowerShell/Announcements/issues/78</a> for more information.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-53797 Buffer Over-read 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12436 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 Anonymous 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-53798 Buffer Over-read 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12436 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 Anonymous 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-54095 Out-of-bounds Read 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12436 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 Anonymous 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-54096 Out-of-bounds Read 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12436 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 Anonymous 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-54097 Out-of-bounds Read 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12436 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 Anonymous 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p>Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2025-54099 Stack-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 haowei yan with jingdong dawnslab <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> 1.1 2025-11-20T00:00:00 <p>Acknowledgement added. This is an informational change only.</p> Windows SMB Client Remote Code Execution Vulnerability <p>Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an authorized attacker on the domain to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows SMBv3 Client Microsoft Yes CVE-2025-54101 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 Anonymous 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Connected Devices Platform Service Elevation of Privilege Vulnerability <p>Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Connected Devices Platform Service Microsoft Yes CVE-2025-54102 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 <a href="https://twitter.com/hillstone_lab">Zhang WangJunJie, He YiSheng</a> with <a href="https://www.hillstonenet.com/">Hillstone Network Security Research Institute</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-54106 Integer Overflow or Wraparound 11571 11572 11923 11924 12437 12244 12436 10816 10855 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12436 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10816 10855 5065427 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 Anonymous 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p>Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by sending specially crafted input from a sandboxed user-mode process to trigger an integer overflow, resulting in a buffer overflow in the kernel and enabling privilege escalation or sandbox escape.</p> Windows Kernel Microsoft Yes CVE-2025-54110 Integer Overflow or Wraparound 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 <a href="https://infosec.exchange/@ynwarcs">goodbyeselene</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows UI XAML Phone DatePickerFlyout Elevation of Privilege Vulnerability <p>Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows UI XAML Phone DatePickerFlyout Microsoft Yes CVE-2025-54111 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 Zhiniang Peng with HUST &amp; R4nger with CyberKunLun 1.0 2025-09-09T00:00:00 <p>Information published.</p> Local Security Authority Subsystem Service Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Local Security Authority Subsystem Service (LSASS) Microsoft Yes CVE-2025-54894 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 Anonymous 1.0 2025-09-09T00:00:00 <p>Information published.</p> SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege Vulnerability <p>Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p> Windows SPNEGO Extended Negotiation Microsoft Yes CVE-2025-54895 Integer Overflow or Wraparound Time-of-check Time-of-use (TOCTOU) Race Condition 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 <a href="https://bsky.app/profile/hexnomad.bsky.social">Erik Egsgard</a> with <a href="https://fieldeffect.com/">Field Effect</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user needs to be tricked into running malicious files.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of September 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Excel Microsoft Yes CVE-2025-54896 Use After Free 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002776 https://www.microsoft.com/en-us/download/details.aspx?id=108364 5002752 10836 Maybe Security Update 16.0.10417.20047 https://support.microsoft.com/help/5002776 10836 5002776 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.101.25091314 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002782 https://www.microsoft.com/en-us/download/details.aspx?id=108360 5002758 10739 10740 Maybe Security Update 16.0.5517.1000 https://support.microsoft.com/help/5002782 10739 10740 5002782 wh1tc with Kunlun Lab & Zhiniang Peng with HUST 1.0 2025-09-09T00:00:00 <p>Information published.</p> 2.0 2025-09-16T00:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft SharePoint Remote Code Execution Vulnerability <p>Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?</strong></p> <p>The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.</p> Microsoft Office SharePoint Microsoft Yes CVE-2025-54897 Deserialization of Untrusted Data 10950 11585 11961 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 5002778 https://www.microsoft.com/en-us/download/details.aspx?id=108355 5002771 10950 Maybe Security Update 16.0.5517.1000 https://support.microsoft.com/help/5002778 10950 5002778 5002775 https://www.microsoft.com/en-us/download/details.aspx?id=108363 5002769 11585 Maybe Security Update 16.0.10417.20047 https://support.microsoft.com/help/5002775 11585 5002775 5002784 https://www.microsoft.com/en-us/download/details.aspx?id=108353 5002773 11961 Maybe Security Update 16.0.19127.20100 https://support.microsoft.com/help/5002784 11961 5002784 <a href="https://github.com/zcgonvh">zcgonvh&#39;s cat Vanilla</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user needs to be tricked into running malicious files.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of September 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Microsoft Office Excel Microsoft Yes CVE-2025-54898 Out-of-bounds Read 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002776 https://www.microsoft.com/en-us/download/details.aspx?id=108364 5002752 10836 Maybe Security Update 16.0.10417.20047 https://support.microsoft.com/help/5002776 10836 5002776 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.101.25091314 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002782 https://www.microsoft.com/en-us/download/details.aspx?id=108360 5002758 10739 10740 Maybe Security Update 16.0.5517.1000 https://support.microsoft.com/help/5002782 10739 10740 5002782 <a href="https://twitter.com/edwardzpeng">wh1tc in Kunlun lab &amp; devoke &amp; Zhiniang Peng</a> with HUST cdbb6164ddfda2b210fd348442322115 1.0 2025-09-09T00:00:00 <p>Information published.</p> 2.0 2025-09-16T00:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of September 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2025-54899 Free of Memory not on the Heap 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.101.25091314 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002782 https://www.microsoft.com/en-us/download/details.aspx?id=108360 5002758 10739 10740 Maybe Security Update 16.0.5517.1000 https://support.microsoft.com/help/5002782 10739 10740 5002782 HAO LI with Venustech 1.0 2025-09-09T00:00:00 <p>Information published.</p> 2.0 2025-09-16T00:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of September 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2025-54902 Out-of-bounds Read Use After Free 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002776 https://www.microsoft.com/en-us/download/details.aspx?id=108364 5002752 10836 Maybe Security Update 16.0.10417.20047 https://support.microsoft.com/help/5002776 10836 5002776 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.101.25091314 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002782 https://www.microsoft.com/en-us/download/details.aspx?id=108360 5002758 10739 10740 Maybe Security Update 16.0.5517.1000 https://support.microsoft.com/help/5002782 10739 10740 5002782 <a href="https://twitter.com/jq0904">Quan Jin</a> with DBAPPSecurity 1.0 2025-09-09T00:00:00 <p>Information published.</p> 2.0 2025-09-16T00:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of September 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2025-54903 Use After Free 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002776 https://www.microsoft.com/en-us/download/details.aspx?id=108364 5002752 10836 Maybe Security Update 16.0.10417.20047 https://support.microsoft.com/help/5002776 10836 5002776 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.101.25091314 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002782 https://www.microsoft.com/en-us/download/details.aspx?id=108360 5002758 10739 10740 Maybe Security Update 16.0.5517.1000 https://support.microsoft.com/help/5002782 10739 10740 5002782 <a href="https://twitter.com/jq0904">Quan Jin</a> with DBAPPSecurity 1.0 2025-09-09T00:00:00 <p>Information published.</p> 2.0 2025-09-16T00:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of September 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2025-54904 Use After Free 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002776 https://www.microsoft.com/en-us/download/details.aspx?id=108364 5002752 10836 Maybe Security Update 16.0.10417.20047 https://support.microsoft.com/help/5002776 10836 5002776 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.101.25091314 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002782 https://www.microsoft.com/en-us/download/details.aspx?id=108360 5002758 10739 10740 Maybe Security Update 16.0.5517.1000 https://support.microsoft.com/help/5002782 10739 10740 5002782 <a href="https://twitter.com/jq0904">Quan Jin</a> with DBAPPSecurity 1.0 2025-09-09T00:00:00 <p>Information published.</p> 2.0 2025-09-16T00:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Word Information Disclosure Vulnerability <p>Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of September 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Word Microsoft Yes CVE-2025-54905 Untrusted Pointer Dereference 10950 11585 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10746 10747 Information Disclosure 10950 Information Disclosure 11585 Information Disclosure 11573 Information Disclosure 11574 Information Disclosure 11762 Information Disclosure 11763 Information Disclosure 11951 Information Disclosure 11952 Information Disclosure 11953 Information Disclosure 12420 Information Disclosure 12421 Information Disclosure 12440 Information Disclosure 10746 Information Disclosure 10747 Important 10950 Important 11585 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10746 Important 10747 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 10950 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11585 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11573 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11574 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11762 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11763 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11951 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11952 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11953 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 12420 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 12421 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 12440 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 10746 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 10747 5002778 https://www.microsoft.com/en-us/download/details.aspx?id=108355 5002771 10950 Maybe Security Update 16.0.5517.1000 https://support.microsoft.com/help/5002778 10950 5002778 5002777 https://www.microsoft.com/en-us/download/details.aspx?id=108354 5002772 10950 Maybe Security Update 16.0.5517.1000 https://support.microsoft.com/help/5002777 10950 5002777 5002775 https://www.microsoft.com/en-us/download/details.aspx?id=108363 5002769 11585 Maybe Security Update 16.0.10417.20047 https://support.microsoft.com/help/5002775 11585 5002775 5002774 https://www.microsoft.com/en-us/download/details.aspx?id=108359 5002770 11585 Maybe Security Update 16.0.10417.20047 https://support.microsoft.com/help/5002774 11585 5002774 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.101.25091314 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002780 https://www.microsoft.com/en-us/download/details.aspx?id=108358 5002763 10746 10747 Maybe Security Update 16.0.5517.1000 https://support.microsoft.com/help/5002780 10746 10747 5002780 <a href="https://twitter.com/jq0904">Quan Jin</a> with DBAPPSecurity 1.0 2025-09-09T00:00:00 <p>Information published.</p> 2.0 2025-09-16T00:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Office Remote Code Execution Vulnerability <p>Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of September 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Microsoft Yes CVE-2025-54906 Use After Free 10950 11585 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10753 10754 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Important 10950 Important 11585 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10753 Important 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 5002778 https://www.microsoft.com/en-us/download/details.aspx?id=108355 5002771 10950 Maybe Security Update 16.0.5517.1000 https://support.microsoft.com/help/5002778 10950 5002778 5002775 https://www.microsoft.com/en-us/download/details.aspx?id=108363 5002769 11585 Maybe Security Update 16.0.10417.20047 https://support.microsoft.com/help/5002775 11585 5002775 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.101.25091314 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002781 https://www.microsoft.com/en-us/download/details.aspx?id=108361 5002756 10753 10754 Maybe Security Update 16.0.5517.1000 https://support.microsoft.com/help/5002781 10753 10754 5002781 5002576 https://www.microsoft.com/en-us/download/details.aspx?id=108365 5002469 10753 10754 Maybe Security Update 16.0.5517.1000 https://support.microsoft.com/help/5002576 10753 10754 5002576 5002766 https://www.microsoft.com/en-us/download/details.aspx?id=108357 5002635 10753 10754 Maybe Security Update 16.0.5517.1000 https://support.microsoft.com/help/5002766 10753 10754 5002766 <a href="https://twitter.com/edwardzpeng">wh1tc in Kunlun lab &amp; devoke &amp; Zhiniang Peng</a> with HUST 1.0 2025-09-09T00:00:00 <p>Information published.</p> 2.0 2025-09-16T00:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Office Visio Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Visio Microsoft Yes CVE-2025-54907 Heap-based Buffer Overflow 11573 11574 11762 11763 11952 11953 12420 12421 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 12420 Important 12421 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Li Shuang, willJ and Guang Gong with Vulnerability Research Institute 1.0 2025-09-09T00:00:00 <p>Information published.</p> Microsoft PowerPoint Remote Code Execution Vulnerability <p>Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office PowerPoint Microsoft Yes CVE-2025-54908 Use After Free 11573 11574 11762 11763 11952 11953 12420 12421 10741 10742 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 10741 Remote Code Execution 10742 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 12420 Important 12421 Important 10741 Important 10742 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10741 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10742 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002779 https://www.microsoft.com/en-us/download/details.aspx?id=108362 5002765 10741 10742 Maybe Security Update 16.0.5517.1000 https://support.microsoft.com/help/5002779 10741 10742 5002779 anonymous 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p> Windows UI XAML Maps MapControlSettings Microsoft Yes CVE-2025-54913 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 Zhiniang Peng with HUST &amp; R4nger with CyberKunLun 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows NTFS Remote Code Execution Vulnerability <p>Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Windows NTFS Microsoft Yes CVE-2025-54916 Stack-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 <a href="https://x.com/immortalp0ny">Sergey Tarasov</a> with <a href="https://global.ptsecurity.com/">Positive Technologies</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows NTLM Elevation of Privilege Vulnerability <p>Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?</strong></p> <p>The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.</p> Windows NTLM Microsoft Yes CVE-2025-54918 Improper Authentication 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 <a href="https://www.linkedin.com/in/bryan-de-houwer/">Bryan De Houwer</a> with <a href="https://crimson7.io/">Crimson7</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Graphics Component Remote Code Execution Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. The vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an attacker needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker with privileges could send controlled inputs to exploit this vulnerability.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Windows Win32K - GRFX Microsoft Yes CVE-2025-54919 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 cyanbamboo <a href="https://twitter.com/b2ahex">b2ahex</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> DirectX Graphics Kernel Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Graphics Kernel Microsoft Yes CVE-2025-55223 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 <a href="https://twitter.com/b2ahex">b2ahex</a> cyanbamboo 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-55225 Out-of-bounds Read 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12436 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 Anonymous 1.0 2025-09-09T00:00:00 <p>Information published.</p> Graphics Kernel Remote Code Execution Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker with privileges could send controlled inputs to exploit this vulnerability.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Graphics Kernel Microsoft Yes CVE-2025-55226 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 <a href="https://twitter.com/b2ahex">b2ahex</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Graphics Component Remote Code Execution Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. The vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an attacker needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Windows Win32K - GRFX Microsoft Yes CVE-2025-55228 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11923 11924 11931 12085 12086 12097 12437 12242 12243 12244 12389 12390 12436 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Critical 11923 Critical 11924 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11931 12097 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 <a href="https://twitter.com/b2ahex">b2ahex</a> cyanbamboo 1.0 2025-09-09T00:00:00 <p>Information published.</p> Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability <p>Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network.</p> <p><strong>What do customers need to do to mitigate this vulnerability?</strong></p> <p>If you are currently using HPC Pack 2019 Update 2, you need to upgrade to HPC Pack 2019 Update 3 (Build 6.3.8328) and then apply the QFE patch (<a href="http://https://www.microsoft.com/en-us/download/details.aspx?id=108341">Build 6.3.8352</a>).</p> <p>If you are currently using HPC Pack 2016, you must migrate to 2019 to receive a fix, as there is no in-place update from 2016 to 2019.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.</p> Microsoft High Performance Compute Pack (HPC) Microsoft Yes CVE-2025-55232 Deserialization of Untrusted Data 12455 Remote Code Execution 12455 Important 12455 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12455 Release Notes https://www.microsoft.com/en-us/download/details.aspx?id=108341 12455 Maybe Security Update 6.3.8352 Quick Fix QFE https://github.com/Azure/hpcpack/blob/master/CHANGELOG.md#hpc-pack-2019-update-3-qfe-kb5065994-638352---8182025 12455 Release Notes <p>Customers should make sure the HPC Pack clusters are running in a trusted network secured by firewall rules especially for the TCP port 5999.</p> Dennis Carlson with <a href="https://www.abacusgroupllc.com/">Abacus Group LLC</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> 1.1 2025-09-25T00:00:00 <p>Added an acknowledgement. This is an informational change only.</p> Graphics Kernel Remote Code Execution Vulnerability <p>Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker with privileges could send controlled inputs to exploit this vulnerability.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Graphics Kernel Microsoft Yes CVE-2025-55236 Time-of-check Time-of-use (TOCTOU) Race Condition Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 <a href="https://twitter.com/b2ahex">b2ahex</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Xbox Gaming Services Elevation of Privilege Vulnerability <p>Improper link resolution before file access ('link following') in Xbox allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker would be able to delete targeted files on a system.</p> XBox Gaming Services Microsoft Yes CVE-2025-55245 Improper Link Resolution Before File Access ('Link Following') 12316 Elevation of Privilege 12316 Important 12316 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12316 Release Notes https://apps.microsoft.com/detail/9MWPM2CQNLHN?hl=en-us&gl=US&ocid=pdpshare 12316 No Microsoft App Store 30.104.13001.0. https://apps.microsoft.com/detail/9MWPM2CQNLHN?hl=en-us&gl=US&ocid=pdpshare 12316 Release Notes <a href="https://www.linkedin.com/in/enrique-fern&#225;ndez-lorenzo-49b884196/">Bighound</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Microsoft OfficePlus Spoofing Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Microsoft Office Plus allows an unauthorized attacker to perform spoofing over a network.</p> Microsoft Office Microsoft Yes CVE-2025-55243 Exposure of Sensitive Information to an Unauthorized Actor 12353 Spoofing 12353 Important 12353 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12353 Release Notes https://www.officeplus.cn/addin/OPCN/?source=OPCNNAVI 12353 Maybe Security Update 3.10.0.26585 https://www.officeplus.cn/ 12353 Release Notes <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> with HUST 1.0 2025-09-09T00:00:00 <p>Information published.</p> Azure Connected Machine Agent Elevation of Privilege Vulnerability <p>External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally.</p> <p>**What privileges could be gained by an attacker who successfully exploited this vulnerability? **</p> <p>An attacker can deploy VM Extensions on compromised Servers</p> Azure Connected Machine Agent Microsoft Yes CVE-2025-55316 External Control of File Name or Path 12264 Elevation of Privilege 12264 Important 12264 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12264 Release Notes https://gbl.his.arc.azure.com/azcmagent/1.56/AzureConnectedMachineAgent.msi 12264 Maybe Security Update 1.56 https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-release-notes 12264 Release Notes <a href="https://uk.linkedin.com/in/contact-sharan-p">Sharan Patil</a> with <a href="https://reversec.com/">REVERSEC</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> 1.1 2025-09-09T00:00:00 <p>Updated CVE title. This is an informational change only.</p> Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability <p>Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could elevate their privileges to perform commands as Root in the target environment.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>A user can download an installer and before the user runs the installer, the attacker could replace it with a malicious installer. When the victim runs the malicious installer the attacker could elevate their privileges.</p> Microsoft AutoUpdate (MAU) Microsoft Yes CVE-2025-55317 Improper Link Resolution Before File Access ('Link Following') 10949 Elevation of Privilege 10949 Important 10949 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10949 MAU https://go.microsoft.com/fwlink/p/?linkid=830196 10949 Maybe Security Update 4.80 https://support.office.com/en-us/article/Check-for-Office-for-Mac-updates-automatically-bfd1e497-c24d-4754-92ab-910a4074d7c1 10949 MAU 1.0 2025-09-09T00:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability <p>Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>140.0.3485.71</td> <td>09/16/2025</td> <td>140.0.7339.133</td> </tr> </tbody> </table> Microsoft Edge for Android Microsoft Yes CVE-2025-47967 Insufficient UI Warning of Dangerous Operations 11655 Spoofing 11655 Low 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 4.7 4.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 No Security Update 140.0.3485.71 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Barath Stalin 1.0 2025-09-16T00:00:00 <p>Information published.</p> Microsoft PC Manager Security Feature Bypass Vulnerability <p>Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker can obtain keys, which could enable an attacker to partially bypass the application's cryptographic protections. Confidential information could be exposed to malicious users, including configuration data but not including personal information or credentials.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> Microsoft PC Manager Microsoft Yes CVE-2025-49728 Cleartext Storage of Sensitive Information 12441 Security Feature Bypass 12441 Important 12441 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 4.0 3.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12441 Release Notes https://apps.microsoft.com/detail/9pm860492szd?hl=en-us&gl=US 12441 Maybe Security Update 3.18.0.0 https://apps.microsoft.com/detail/9pm860492szd?hl=en-us&gl=US 12441 Release Notes Microsoft Offensive Research & Security Engineering 1.0 2025-09-16T00:00:00 <p>Information published.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p>Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Graphics Component Microsoft Yes CVE-2025-59215 Use After Free 12437 12389 12390 12436 Elevation of Privilege 12437 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 12437 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 cyanbamboo 1.0 2025-09-18T00:00:00 <p>Information published.</p> Chromium: CVE-2025-10501 Use after free in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>140.0.3485.81</td> <td>09/19/2025</td> <td>140.0.7339.186</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-10501 11655 11655 11655 Release Notes 11655 No Security Update 140.0.3485.81 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-09-19T00:00:24 <p>Information published.</p> Chromium: CVE-2025-10585 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information. Google is aware that an exploit for CVE-2025-10585 exists in the wild.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>140.0.3485.81</td> <td>09/19/2025</td> <td>140.0.7339.186</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-10585 11655 11655 11655 Release Notes 11655 No Security Update 140.0.3485.81 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-09-19T00:00:19 <p>Information published.</p> Chromium: CVE-2025-10890 Side-channel information leakage in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>140.0.3485.94</td> <td>09/25/2025</td> <td>140.0.7339.208</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-10890 11655 11655 11655 Release Notes 11655 No Security Update 140.0.3485.94 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-09-25T00:00:34 <p>Information published.</p> Azure Connected Machine Agent Elevation of Privilege Vulnerability <p>Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.</p> <p><strong>What actions do customers need to take to protect themselves from this vulnerability?</strong></p> <p>Customers should update their Azure Connected Machine Agent to the latest version. For more information, see <a href="https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-release-notes">What's new with Azure Connected Machine agent</a>.</p> <p><strong>What privileges could an attacker gain with successful exploitation?</strong></p> <p>An attacker who successfully exploited the vulnerability could elevate their privileges as ‘NT AUTHORITY\SYSTEM’ user and perform arbitrary code execution.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L) and privileges required is low (PR:L). What does this mean in the context of this elevation of privilege vulnerability?</strong></p> <p>An attacker needs to be authorized as a standard user on the localhost to execute this attack. They could then elevate their privileges to perform unauthorized operations.</p> Azure Windows Virtual Machine Agent Microsoft Yes CVE-2025-49692 Improper Access Control 12264 Elevation of Privilege 12264 Important 12264 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12264 Release Notes https://learn.microsoft.com/en-us/azure/azure-arc/servers/manage-agent?tabs=windows#install-a-specific-version-of-the-agent 12264 Maybe Security Update 1.49 https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-release-notes#version-149---february-2025 12264 Release Notes Sharan Patil with <a href="https://consulting.withsecure.com/">WithSecure Consulting</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Microsoft SQL Server Information Disclosure Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the following table, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Version</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5065220</td> <td>Security update for SQL Server 2022 CU20+GDR</td> <td>16.0.4212.1</td> <td>16.0.4003.1 - 16.0.4210.1</td> <td>KB 5063814 - SQL2022 RTM CU20</td> </tr> <tr> <td>5065221</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1150.1</td> <td>16.0.1000.6 - 16.0.1145.1</td> <td>KB 5063756 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5065222</td> <td>Security update for SQL Server 2019 CU32+GDR</td> <td>15.0.4445.1</td> <td>15.0.4003.23 - 15.0.4440.1</td> <td>KB 5063757 - Previous SQL2019 RTM CU32 GDR</td> </tr> <tr> <td>5065223</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2145.1</td> <td>15.0.2000.5 - 15.0.2140.1</td> <td>KB 5063758 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5065225</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3505.1</td> <td>14.0.3006.16 - 14.0.3500.1</td> <td>KB 5063759 - Previous SQL2017 RTM CU31 GDR</td> </tr> <tr> <td>5065224</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.2085.1</td> <td>14.0.1000.169 - 14.0.2080.1</td> <td>KB 5063760 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5065227</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7065.1</td> <td>13.0.7000.253 - 13.0.7060.1</td> <td>KB 5063761 - Previous SQL2016 Azure Connect Feature Pack GDR</td> </tr> <tr> <td>5065226</td> <td>Security update for SQL Server 2016 SP3 RTM+GDR</td> <td>13.0.6470.1</td> <td>13.0.6300.2 - 13.0.6465.1</td> <td>KB 5063762 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then choose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2025-47997 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Exposure of Sensitive Information to an Unauthorized Actor 11478 11821 12048 12053 12145 12147 16793 16785 Information Disclosure 11478 Information Disclosure 11821 Information Disclosure 12048 Information Disclosure 12053 Information Disclosure 12145 Information Disclosure 12147 Information Disclosure 16793 Information Disclosure 16785 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 16793 Important 16785 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11478 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11821 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12048 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12053 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12145 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12147 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 16793 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 16785 5065224 https://www.microsoft.com/en-us/download/details.aspx?id=108376 11478 Maybe Security Update 14.0.2085.1 https://support.microsoft.com/help/5065224 11478 5065224 5065223 https://www.microsoft.com/en-us/download/details.aspx?id=108374 11821 Maybe Security Update 15.0.2145.1 https://support.microsoft.com/help/5065223 11821 5065223 5065226 https://www.microsoft.com/en-us/download/details.aspx?id=108375 12048 Maybe Security Update 13.0.6470.1 https://support.microsoft.com/help/5065226 12048 5065226 5065227 https://www.microsoft.com/en-us/download/details.aspx?id=108377 12053 Maybe Security Update 13.0.7065.1 https://support.microsoft.com/help/5065227 12053 5065227 5065225 https://www.microsoft.com/en-us/download/details.aspx?id=108378 12145 Maybe Security Update 14.0.3505.1 https://support.microsoft.com/help/5065225 12145 5065225 5065221 https://www.microsoft.com/en-us/download/details.aspx?id=108371 12147 Maybe Security Update 16.0.1150.1 https://support.microsoft.com/help/5065221 12147 5065221 5065220 https://www.microsoft.com/en-us/download/details.aspx?id=108373 16793 Maybe Security Update 16.0.4212.1 https://support.microsoft.com/help/5065220 16793 5065220 5065222 https://www.microsoft.com/en-us/download/details.aspx?id=108372 16785 Maybe Security Update 15.0.4445.1 https://support.microsoft.com/help/5065222 16785 5065222 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-53796 Buffer Over-read 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12436 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 Anonymous 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Imaging Component Information Disclosure Vulnerability <p>Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Windows Imaging Component Microsoft Yes CVE-2025-53799 Use of Uninitialized Resource 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 12155 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Information Disclosure 12155 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Critical 12155 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12155 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 Release Notes https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow 12155 Maybe Security Update 16.0.19220.20000 https://support.google.com/googleplay/answer/113412?hl=en 12155 Release Notes Mark Riehm 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p>No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Graphics Component Microsoft Yes CVE-2025-53800 Incorrect Initialization of Resource 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 Anonymous 1.0 2025-09-09T00:00:00 <p>Information published.</p> Microsoft DWM Core Library Elevation of Privilege Vulnerability <p>Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Microsoft Yes CVE-2025-53801 Untrusted Pointer Dereference 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 namnp with <a href="https://x.com/vcslab">Viettel Cyber Security</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Bluetooth Service Elevation of Privilege Vulnerability <p>Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Bluetooth Service Microsoft Yes CVE-2025-53802 Use After Free 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 Hwiwon Lee (hwiwonl), SEC-agent team <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37), SEC-agent team</a> with <a href="https://www.enki.co.kr/">ENKI WhiteHat</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Kernel Memory Information Disclosure Vulnerability <p>Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> Windows Kernel Microsoft Yes CVE-2025-53803 Generation of Error Message Containing Sensitive Information 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 <a href="https://x.com/m4x_1997">Aobo Wang</a> <a href="https://twitter.com/lewislee53">Lewis Lee</a>, <a href="https://twitter.com/ver0759">Chunyang Han</a> and <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> with HUST <a href="https://twitter.com/lewislee53">Lewis Lee</a>, <a href="https://twitter.com/ver0759">Chunyang Han</a> and <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> with HUST Anonymous <a href="https://x.com/m4x_1997">Aobo Wang</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Kernel-Mode Driver Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> Windows Kernel Microsoft Yes CVE-2025-53804 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 <a href="https://twitter.com/lewislee53">Lewis Lee</a> <a href="https://twitter.com/ver0759">Chunyang Han</a> <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> HTTP.sys Denial of Service Vulnerability <p>Out-of-bounds read in Windows Internet Information Services allows an unauthorized attacker to deny service over a network.</p> Windows Internet Information Services Microsoft Yes CVE-2025-53805 Out-of-bounds Read 11923 11924 12085 12086 12437 12242 12243 12244 12389 12390 12436 Denial of Service 11923 Denial of Service 11924 Denial of Service 12085 Denial of Service 12086 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Important 11923 Important 11924 Important 12085 Important 12086 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 Rutuja Shirali with Microsoft Yesayi Hovnanyan with Microsoft Matthew Cox with Microsoft Matthew Cox with Microsoft 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-53806 Buffer Over-read Out-of-bounds Read 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12436 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 Anonymous 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Microsoft Graphics Component Microsoft Yes CVE-2025-53807 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 cyanbamboo 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Defender Firewall Service Elevation of Privilege Vulnerability <p>Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to Local Service.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges are required to exploit this vulnerability?</strong></p> <p>To successfully exploit the vulnerability, an attacker must be part of a specific user group.</p> Windows Defender Firewall Service Microsoft Yes CVE-2025-53808 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability <p>Improper input validation in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.</p> Windows Local Security Authority Subsystem Service (LSASS) Microsoft Yes CVE-2025-53809 Improper Input Validation 12437 12389 12390 12436 Denial of Service 12437 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Important 12437 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 <a href="https://x.com/skelsec">Tamas Jos (@skelsec)</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Defender Firewall Service Elevation of Privilege Vulnerability <p>Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to Local Service.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges are required to exploit this vulnerability?</strong></p> <p>To successfully exploit the vulnerability, an attacker must be part of a specific user group.</p> Windows Defender Firewall Service Microsoft Yes CVE-2025-53810 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Hyper-V Elevation of Privilege Vulnerability <p>Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Role: Windows Hyper-V Microsoft Yes CVE-2025-54091 Integer Overflow or Wraparound Heap-based Buffer Overflow 11569 11571 11572 11923 11924 11931 12085 12086 12097 12437 12242 12243 12244 12389 12390 12436 10735 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10735 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11931 Important 12085 Important 12086 Important 12097 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10735 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11931 12097 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10853 10816 10855 5065427 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 <a href="https://github.com/cbwang505">ChengBin Wang</a> with <a href="https://www.guolisec.com/">ZheJiang Guoli Security Technology</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Hyper-V Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Role: Windows Hyper-V Microsoft Yes CVE-2025-54092 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11569 11571 11572 11923 11924 11931 12085 12086 12097 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11931 Important 12085 Important 12086 Important 12097 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11931 12097 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 <a href="https://x.com/cplearns2h4ck">Chen Le Qi (@cplearns2h4ck)</a> with <a href="https://starlabs.sg/">STAR Labs SG Pte. Ltd.</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows TCP/IP Driver Elevation of Privilege Vulnerability <p>Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows TCP/IP Microsoft Yes CVE-2025-54093 Time-of-check Time-of-use (TOCTOU) Race Condition 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Defender Firewall Service Elevation of Privilege Vulnerability <p>Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to Local Service.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges are required to exploit this vulnerability?</strong></p> <p>To successfully exploit the vulnerability, an attacker must be part of a specific user group.</p> Windows Defender Firewall Service Microsoft Yes CVE-2025-54094 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Hyper-V Elevation of Privilege Vulnerability <p>Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Role: Windows Hyper-V Microsoft Yes CVE-2025-54098 Improper Access Control 11569 11571 11572 11923 11924 11931 12085 12086 12097 12437 12242 12243 12244 12389 12390 12436 10735 10853 10816 10855 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10735 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11931 Important 12085 Important 12086 Important 12097 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10735 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11931 12097 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10853 10816 10855 5065427 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 <a href="https://x.com/cplearns2h4ck">Chen Le Qi (@cplearns2h4ck)</a> with <a href="https://starlabs.sg/">STAR Labs SG Pte. Ltd.</a> <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Management Service Elevation of Privilege Vulnerability <p>Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Management Services Microsoft Yes CVE-2025-54103 Use After Free 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 Taewoo (Tae_ω02) 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Defender Firewall Service Elevation of Privilege Vulnerability <p>Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to Local Service.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges are required to exploit this vulnerability?</strong></p> <p>To successfully exploit the vulnerability, an attacker must be part of a specific user group.</p> Windows Defender Firewall Service Microsoft Yes CVE-2025-54104 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Microsoft Brokering File System Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Brokering File System Microsoft Yes CVE-2025-54105 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 12437 12244 12389 12390 12436 Elevation of Privilege 12437 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 12437 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 ChenJian with <a href="https://www.sea.com/security">Sea Security Orca Team</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> MapUrlToZone Security Feature Bypass Vulnerability <p>Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method.</p> <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted directory or file path to be compromised by the attacker.</p> Windows MapUrlToZone Microsoft Yes CVE-2025-54107 Improper Resolution of Path Equivalence 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11568 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11569 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11571 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11572 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11923 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11924 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11929 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11930 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11931 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12085 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12086 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12097 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12098 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12099 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12437 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12242 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12243 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12244 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12389 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12390 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12436 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10729 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10735 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10852 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10853 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10816 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10855 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9312 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10287 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9318 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9344 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10051 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10049 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10378 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10379 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10483 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065435 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065435 5060996 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Yes IE Cumulative 1.000 https://support.microsoft.com/help/5065435 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 5065435 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 Eric Lawrence with Microsoft Defender for Endpoint Eric Lawrence with Microsoft Defender for Endpoint 1.0 2025-09-09T00:00:00 <p>Information published.</p> Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Capability Access Management Service (camsvc) Microsoft Yes CVE-2025-54108 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 12437 12389 12390 12436 Elevation of Privilege 12437 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 12437 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Defender Firewall Service Elevation of Privilege Vulnerability <p>Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to Local Service.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges are required to exploit this vulnerability?</strong></p> <p>To successfully exploit the vulnerability, an attacker must be part of a specific user group.</p> Windows Defender Firewall Service Microsoft Yes CVE-2025-54109 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability <p>Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user.</p> Microsoft Virtual Hard Drive Microsoft Yes CVE-2025-54112 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 <a href="https://x.com/her0m4nt">her0m4nt</a> pwnky 1.0 2025-09-09T00:00:00 <p>Information published.</p> 1.1 2025-10-14T00:00:00 <p>Added an acknowledgement. This is an informational change only.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-54113 Heap-based Buffer Overflow 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12436 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 Anonymous 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Connected Devices Platform Service Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Connected Devices Platform Service Microsoft Yes CVE-2025-54114 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Untrusted Pointer Dereference 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 <a href="https://twitter.com/hillstone_lab">Zhang WangJunJie, He YiSheng</a> with <a href="https://www.hillstonenet.com/">Hillstone Networks Security Research Institute</a> 1.1 2025-11-21T00:00:00 <p>Updated Security Impact values. This is an informational change only.</p> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Hyper-V Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Role: Windows Hyper-V Microsoft Yes CVE-2025-54115 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11569 11571 11572 11923 11924 11931 12085 12086 12097 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11931 Important 12085 Important 12086 Important 12097 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11931 12097 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 hazard 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows MultiPoint Services Elevation of Privilege Vulnerability <p>Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker would be able to delete any system files.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker must send the user a malicious file and convince the user to open it.</p> Windows MultiPoint Services Microsoft Yes CVE-2025-54116 Improper Access Control 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 <a href="https://twitter.com/crispr56338851">BochengXiang(@Crispr)</a> with <a href="https://secsys.fudan.edu.cn/">FDU</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user needs to be tricked into running malicious files.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of September 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Excel Microsoft Yes CVE-2025-54900 Heap-based Buffer Overflow 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002776 https://www.microsoft.com/en-us/download/details.aspx?id=108364 5002752 10836 Maybe Security Update 16.0.10417.20047 https://support.microsoft.com/help/5002776 10836 5002776 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.101.25091314 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002782 https://www.microsoft.com/en-us/download/details.aspx?id=108360 5002758 10739 10740 Maybe Security Update 16.0.5517.1000 https://support.microsoft.com/help/5002782 10739 10740 5002782 <a href="https://twitter.com/edwardzpeng">wh1tc with Kunlun lab &amp; devoke &amp; Zhiniang Peng</a> with HUST 2.0 2025-09-16T00:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Microsoft Excel Information Disclosure Vulnerability <p>Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of September 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2025-54901 Buffer Over-read 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Information Disclosure 11573 Information Disclosure 11574 Information Disclosure 11762 Information Disclosure 11763 Information Disclosure 11951 Information Disclosure 11952 Information Disclosure 11953 Information Disclosure 12420 Information Disclosure 12421 Information Disclosure 12440 Information Disclosure 10739 Information Disclosure 10740 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11573 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11574 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11762 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11763 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11951 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11952 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11953 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12420 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12421 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12440 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10739 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10740 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.101.25091314 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002762 https://www.microsoft.com/en-us/download/details.aspx?id=108356 5002695 10739 10740 Maybe Security Update 16.0.5517.1000 https://support.microsoft.com/kb/5002762 10739 10740 5002762 <a href="https://twitter.com/jq0904">Quan Jin</a> with DBAPPSecurity 2.0 2025-09-16T00:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Microsoft Office Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of September 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.</p> Microsoft Office Microsoft Yes CVE-2025-54910 Heap-based Buffer Overflow 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10753 10754 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12420 Critical 12421 Critical 12440 Critical 10753 Critical 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.101.25091314 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002781 https://www.microsoft.com/en-us/download/details.aspx?id=108361 5002756 10753 10754 Maybe Security Update 16.0.5517.1000 https://support.microsoft.com/help/5002781 10753 10754 5002781 Li Shuang, willJ and Guang Gong with Vulnerability Research Institute 2.0 2025-09-16T00:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows BitLocker Elevation of Privilege Vulnerability <p>Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker with privileges could send controlled inputs to exploit this vulnerability.</p> Windows BitLocker Microsoft Yes CVE-2025-54911 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 Hussein Alrubaye with <a href="https://www.linkedin.com/in/halrubaye/">Microsoft</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows BitLocker Elevation of Privilege Vulnerability <p>Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.</p> Windows BitLocker Microsoft Yes CVE-2025-54912 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 Hussein Alrubaye with Microsoft 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Defender Firewall Service Elevation of Privilege Vulnerability <p>Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to Local Service.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges are required to exploit this vulnerability?</strong></p> <p>To successfully exploit the vulnerability, an attacker must be part of a specific user group.</p> Windows Defender Firewall Service Microsoft Yes CVE-2025-54915 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-09-09T00:00:00 <p>Information published.</p> MapUrlToZone Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted drive path to be compromised by the attacker.</p> <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> Windows MapUrlToZone Microsoft Yes CVE-2025-54917 Protection Mechanism Failure 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11568 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11569 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11571 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11572 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11923 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11924 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11929 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11930 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11931 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12085 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12086 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12097 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12098 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12099 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12437 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12242 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12243 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12244 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12389 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12390 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12436 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10729 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10735 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10852 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10853 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10816 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10855 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9312 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10287 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9318 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9344 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10051 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10049 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10378 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10379 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10483 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065435 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065435 5060996 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Yes IE Cumulative 1.000 https://support.microsoft.com/help/5065435 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 5065435 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 Ben Lichtman <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities &amp; Mitigations 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows Hyper-V Remote Code Execution Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. The vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an attacker needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Win32K - GRFX Microsoft Yes CVE-2025-55224 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11569 11571 11572 11923 11924 11931 12085 12086 12097 12437 12242 12243 12244 12389 12390 12436 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11931 12097 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 <a href="https://twitter.com/b2ahex">b2ahex</a> cyanbamboo 1.0 2025-09-09T00:00:00 <p>Information published.</p> Microsoft SQL Server Elevation of Privilege Vulnerability <p>Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An authorized attacker could inject SQL code and run it with elevated privileges at table creation.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain sysadmin privileges.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the following table, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Version</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5065220</td> <td>Security update for SQL Server 2022 CU20+GDR</td> <td>16.0.4212.1</td> <td>16.0.4003.1 - 16.0.4210.1</td> <td>KB 5063814 - SQL2022 RTM CU20</td> </tr> <tr> <td>5065221</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1150.1</td> <td>16.0.1000.6 - 16.0.1145.1</td> <td>KB 5063756 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5065222</td> <td>Security update for SQL Server 2019 CU32+GDR</td> <td>15.0.4445.1</td> <td>15.0.4003.23 - 15.0.4440.1</td> <td>KB 5063757 - Previous SQL2019 RTM CU32 GDR</td> </tr> <tr> <td>5065223</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2145.1</td> <td>15.0.2000.5 - 15.0.2140.1</td> <td>KB 5063758 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5065225</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3505.1</td> <td>14.0.3006.16 - 14.0.3500.1</td> <td>KB 5063759 - Previous SQL2017 RTM CU31 GDR</td> </tr> <tr> <td>5065224</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.2085.1</td> <td>14.0.1000.169 - 14.0.2080.1</td> <td>KB 5063760 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5065227</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7065.1</td> <td>13.0.7000.253 - 13.0.7060.1</td> <td>KB 5063761 - Previous SQL2016 Azure Connect Feature Pack GDR</td> </tr> <tr> <td>5065226</td> <td>Security update for SQL Server 2016 SP3 RTM+GDR</td> <td>13.0.6470.1</td> <td>13.0.6300.2 - 13.0.6465.1</td> <td>KB 5063762 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then choose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2025-55227 Improper Neutralization of Special Elements used in a Command ('Command Injection') 11478 11821 12048 12053 12145 12147 16785 16793 Elevation of Privilege 11478 Elevation of Privilege 11821 Elevation of Privilege 12048 Elevation of Privilege 12053 Elevation of Privilege 12145 Elevation of Privilege 12147 Elevation of Privilege 16785 Elevation of Privilege 16793 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 16785 Important 16793 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16785 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16793 5065224 https://www.microsoft.com/en-us/download/details.aspx?id=108376 11478 Maybe Security Update 14.0.2085.1 https://support.microsoft.com/help/5065224 11478 5065224 5065223 https://www.microsoft.com/en-us/download/details.aspx?id=108374 11821 Maybe Security Update 15.0.2145.1 https://support.microsoft.com/help/5065223 11821 5065223 5065226 https://www.microsoft.com/en-us/download/details.aspx?id=108375 12048 Maybe Security Update 13.0.6470.1 https://support.microsoft.com/help/5065226 12048 5065226 5065227 https://www.microsoft.com/en-us/download/details.aspx?id=108377 12053 Maybe Security Update 13.0.7065.1 https://support.microsoft.com/help/5065227 12053 5065227 5065225 https://www.microsoft.com/en-us/download/details.aspx?id=108378 12145 Maybe Security Update 14.0.3505.1 https://support.microsoft.com/help/5065225 12145 5065225 5065221 https://www.microsoft.com/en-us/download/details.aspx?id=108371 12147 Maybe Security Update 16.0.1150.1 https://support.microsoft.com/help/5065221 12147 5065221 5065222 https://www.microsoft.com/en-us/download/details.aspx?id=108372 16785 Maybe Security Update 15.0.4445.1 https://support.microsoft.com/help/5065222 16785 5065222 5065220 https://www.microsoft.com/en-us/download/details.aspx?id=108373 16793 Maybe Security Update 16.0.4212.1 https://support.microsoft.com/help/5065220 16793 5065220 Martin Rakhmanov and Albin Vattakattu 1.0 2025-09-09T00:00:00 <p>Information published.</p> Windows SMB Elevation of Privilege Vulnerability <p>SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks.</p> <p>The SMB Server already supports mechanisms for hardening against relay attacks:</p> <ul> <li>SMB Server signing</li> <li>SMB Server Extended Protection for Authentication (EPA)</li> </ul> <p>Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks.</p> <p>If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks:</p> <ul> <li>Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See <a href="https://support.microsoft.com/help/5066913">Support for Audit Events to deploy SMB Server Hardening—SMB Server Signing &amp; SMB Server EPA</a>.</li> <li>Adopt appropriate SMB Server hardening measures.</li> </ul> <p><strong>Are there any further actions I need to take to be protected from relay attacks?</strong></p> <p>The security updates released on September 9, 2025 enable support for auditing SMB client compatibility for SMB Server signing as well as SMB Server EPA. This allows customers to assess their environment and identify any potential device or software incompatibility issues before deploying the hardening measures that are already supported by SMB Server. Please see <a href="https://support.microsoft.com/help/5066913">https://support.microsoft.com/help/5066913</a> for more information.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain the privileges of the compromised user.</p> Windows SMB Microsoft Yes CVE-2025-55234 Improper Authentication 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11568 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11568 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065430 5063889 10729 10735 Yes Security Update 10.0.10240.21128 https://support.microsoft.com/help/5065430 10729 10735 5065430 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10852 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10852 10853 10816 10855 5065427 5065508 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065508 5063888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23529 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065508 5065508 https://support.microsoft.com/help/5065508 9312 10287 9318 9344 5065511 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065511 9312 10287 9318 9344 Yes Security Only 6.0.6003.23529 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065511 5065511 https://support.microsoft.com/help/5065511 9312 10287 9318 9344 5065468 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065468 5063947 10051 10049 Yes Monthly Rollup 6.1.7601.27929 https://support.microsoft.com/help/5065468 10051 10049 5065468 5065510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065510 10051 10049 Yes Security Only 6.1.7601.27929 https://support.microsoft.com/help/5065510 10051 10049 5065510 5065509 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065509 5063906 10378 10379 Yes Monthly Rollup 6.2.9200.25675 https://support.microsoft.com/help/5065509 10378 10379 5065509 5065507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065507 5063950 10483 10543 Yes Monthly Rollup 6.3.9600.22774 https://support.microsoft.com/help/5065507 10483 10543 5065507 Anonymous Anonymous 1.0 2025-09-09T00:00:00 <p>Information published.</p> VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json <p><a href="https://www.cve.org/CVERecord?id=CVE-2024-21907">CVE-2024-21907</a> addresses a mishandling of exceptional conditions vulnerability in Newtonsoft.Json before version 13.0.1. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition. The documented SQL Server updates incorporate updates in Newtonsoft.Json which address this vulnerability.</p> <p>Please see <a href="https://www.cve.org/CVERecord?id=CVE-2024-21907">CVE-2024-21907</a> for more information.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the following table, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Version</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5065220</td> <td>Security update for SQL Server 2022 CU20+GDR</td> <td>16.0.4212.1</td> <td>16.0.4003.1 - 16.0.4210.1</td> <td>KB 5063814 - SQL2022 RTM CU20</td> </tr> <tr> <td>5065221</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1150.1</td> <td>16.0.1000.6 - 16.0.1145.1</td> <td>KB 5063756 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5065222</td> <td>Security update for SQL Server 2019 CU32+GDR</td> <td>15.0.4445.1</td> <td>15.0.4003.23 - 15.0.4440.1</td> <td>KB 5063757 - Previous SQL2019 RTM CU32 GDR</td> </tr> <tr> <td>5065223</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2145.1</td> <td>15.0.2000.5 - 15.0.2140.1</td> <td>KB 5063758 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5065225</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3505.1</td> <td>14.0.3006.16 - 14.0.3500.1</td> <td>KB 5063759 - Previous SQL2017 RTM CU31 GDR</td> </tr> <tr> <td>5065224</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.2085.1</td> <td>14.0.1000.169 - 14.0.2080.1</td> <td>KB 5063760 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5065227</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7065.1</td> <td>13.0.7000.253 - 13.0.7060.1</td> <td>KB 5063761 - Previous SQL2016 Azure Connect Feature Pack GDR</td> </tr> <tr> <td>5065226</td> <td>Security update for SQL Server 2016 SP3 RTM+GDR</td> <td>13.0.6470.1</td> <td>13.0.6300.2 - 13.0.6465.1</td> <td>KB 5063762 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then choose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server VulnCheck Yes CVE-2024-21907 Dependency on Vulnerable Third-Party Component 11478 11821 12048 12053 12145 16785 11478 11821 12048 12053 12145 16785 11478 11821 12048 12053 12145 16785 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely 5065224 https://www.microsoft.com/en-us/download/details.aspx?id=108376 11478 Maybe Security Update 14.0.2085.1 https://support.microsoft.com/help/5065224 11478 5065224 5065223 https://www.microsoft.com/en-us/download/details.aspx?id=108374 11821 Maybe Security Update 15.0.2145.1 https://support.microsoft.com/help/5065223 11821 5065223 5065226 https://www.microsoft.com/en-us/download/details.aspx?id=108375 12048 Maybe Security Update 13.0.6470.1 https://support.microsoft.com/help/5065226 12048 5065226 5065227 https://www.microsoft.com/en-us/download/details.aspx?id=108377 12053 Maybe Security Update 13.0.7065.1 https://support.microsoft.com/help/5065227 12053 5065227 5065225 https://www.microsoft.com/en-us/download/details.aspx?id=108378 12145 Maybe Security Update 14.0.3505.1 https://support.microsoft.com/help/5065225 12145 5065225 5065222 https://www.microsoft.com/en-us/download/details.aspx?id=108372 16785 Maybe Security Update 15.0.4445.1 https://support.microsoft.com/help/5065222 16785 5065222 1.0 2025-09-09T00:00:00 <p>Information published.</p> Chromium: CVE-2025-9867 Inappropriate implementation in Downloads <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>140.0.3485.54</td> <td>09/05/2025</td> <td>140.0.7339.80/.81</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-9867 11655 11655 11655 Release Notes 11655 No Security Update 140.0.3485.54 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-09-05T00:00:17 <p>Information published.</p> Chromium: CVE-2025-9866 Inappropriate implementation in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>140.0.3485.54</td> <td>09/05/2025</td> <td>140.0.7339.80/.81</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-9866 11655 11655 11655 Release Notes 11655 No Security Update 140.0.3485.54 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-09-05T00:00:16 <p>Information published.</p> Chromium: CVE-2025-9865 Inappropriate implementation in Toolbar <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>140.0.3485.54</td> <td>09/05/2025</td> <td>140.0.7339.80/.81</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-9865 11655 11655 11655 Release Notes 11655 No Security Update 140.0.3485.54 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-09-05T00:00:15 <p>Information published.</p> Chromium: CVE-2025-9864 Use after free in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>140.0.3485.54</td> <td>09/05/2025</td> <td>140.0.7339.80/.81</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-9864 11655 11655 11655 Release Notes 11655 No Security Update 140.0.3485.54 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-09-05T00:00:12 <p>Information published.</p> Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability <p>Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to enable Edge Split Screen mode, have a specific configuration, and run multiple pages.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could:</p> <ul> <li>Run scripts intended to get the read token from the parent webpage DOM (Confidentiality)</li> <li>Make changes to the javascript in the parent window (Integrity)</li> <li>But cannot limit access to the resource (Availability)</li> </ul> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to open a web page that contained a malicious iframe.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>140.0.3485.54</td> <td>09/05/2025</td> <td>140.0.7339.80/.81</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could break the iframe sandbox and allow an iframe to interact with the parent DOM.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2025-53791 Improper Access Control 11655 Security Feature Bypass 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.7 4.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 140.0.3485.54 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://github.com/mingijunggrape">Mingi Jung</a> with <a href="https://websec-lab.github.io/">WebSec</a> 1.0 2025-09-05T00:00:00 <p>Information published.</p> Azure Entra ID Elevation of Privilege Vulnerability <p>Azure Entra ID Elevation of Privilege Vulnerability</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Entra Microsoft No CVE-2025-55241 Improper Authentication 12383 Elevation of Privilege 12383 Critical 12383 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 10.0 8.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12383 <a href="https://twitter.com/_dirkjan">Dirk-jan Mollema</a> with <a href="https://outsidersecurity.nl/">Outsider Security</a> 1.1 2025-09-18T00:00:00 <p>The CVSS score for this vulnerability has been updated to reflect a change in the <strong>Attack Complexity</strong> metric from <strong>High</strong> to <strong>Low</strong>.</p> 1.0 2025-09-04T00:00:00 <p>Information published.</p> Xbox Certification Bug Copilot Djando Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Xbox Microsoft No CVE-2025-55242 Exposure of Sensitive Information to an Unauthorized Actor 12316 Information Disclosure 12316 Critical 12316 Publicly Disclosed:No;Exploited:No 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12316 <a href="https://cixtor.com/">cixtor.com</a> with <a href="https://en.wikipedia.org/wiki/big_tech">Big Tech</a> 1.0 2025-09-04T00:00:00 <p>Information published.</p> Azure Networking Elevation of Privilege Vulnerability <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure - Networking Microsoft No CVE-2025-54914 Improper Access Control 17082 Elevation of Privilege 17082 Critical 17082 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 10.0 8.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 17082 Ziv Somech with Microsoft Shimi Gersner with Microsoft <a href="https://www.linkedin.com/in/shahar-zelig/">Shahar Zelig</a> with Microsoft Stav Nir with Microsoft 1.0 2025-09-04T00:00:00 <p>Information published.</p> Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Dynamics 365 FastTrack Implementation Assets Microsoft No CVE-2025-55238 Improper Access Control 16783 Information Disclosure 16783 Critical 16783 Publicly Disclosed:No;Exploited:No 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 16783 1.0 2025-09-04T00:00:00 <p>Information published.</p> Azure Bot Service Elevation of Privilege Vulnerability <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Bot Service Microsoft No CVE-2025-55244 Improper Access Control 19659 Elevation of Privilege 19659 Critical 19659 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 9.0 7.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 19659 bountyplz 1.0 2025-09-04T00:00:00 <p>Information published.</p> Chromium: CVE-2025-10201 Inappropriate implementation in Mojo <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>140.0.3485.66</td> <td>09/11/2025</td> <td>140.0.7339.133</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-10201 11655 11655 11655 Release Notes 11655 No Security Update 140.0.3485.66 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-09-11T11:17:25 <p>Information published.</p> Chromium: CVE-2025-10200 Use after free in Serviceworker <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>140.0.3485.66</td> <td>09/11/2025</td> <td>140.0.7339.133</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-10200 11655 11655 11655 Release Notes 11655 No Security Update 140.0.3485.66 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-09-11T11:17:22 <p>Information published.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Graphics Component Microsoft Yes CVE-2025-59216 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 12437 12389 12390 12436 Elevation of Privilege 12437 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 12437 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 <a href="https://twitter.com/b2ahex">b2ahex</a> 1.0 2025-09-18T00:00:00 <p>Information published.</p> Chromium: CVE-2025-10502 Heap buffer overflow in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>140.0.3485.81</td> <td>09/19/2025</td> <td>140.0.7339.186</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-10502 11655 11655 11655 Release Notes 11655 No Security Update 140.0.3485.81 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-09-19T00:00:24 <p>Information published.</p> Chromium: CVE-2025-10500 Use after free in Dawn <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>140.0.3485.81</td> <td>09/19/2025</td> <td>140.0.7339.186</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-10500 11655 11655 11655 Release Notes 11655 No Security Update 140.0.3485.81 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-09-19T00:00:23 <p>Information published.</p> OmniParser Remote Code Execution Vulnerability <p>Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?</strong></p> <p>While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.</p> GitHub Microsoft Yes CVE-2025-55322 Binding to an Unrestricted IP Address 20441 Remote Code Execution 20441 Important 20441 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 20441 Release Notes https://github.com/microsoft/OmniParser/archive/refs/tags/v.2.0.1.zip 20441 No Source Code (zip) 2.0.1 https://github.com/microsoft/OmniParser/releases 20441 Release Notes Release Notes https://github.com/microsoft/OmniParser/archive/refs/tags/v.2.0.1.tar.gz 20441 No Source Code (tar.gz) 2.0.1 https://github.com/microsoft/OmniParser/releases 20441 Release Notes <a href="https://www.linkedin.com/in/aonanguan/">Aonan Guan</a> <a href="https://www.linkedin.com/in/gabriellawang/">Lei Wang</a> 1.0 2025-09-24T00:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>140.0.3485.81</td> <td>09/19/2025</td> <td>140.0.7339.186</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires an authenticated client to click a link so that an unauthenticated attacker can initiate remote code execution.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view sensitive information (Confidentiality), make changes to disclosed information (Integrity), and they might be able to force a crash within the browser tab (Availability).</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2025-59251 Stack-based Buffer Overflow 11655 Remote Code Execution 11655 Important 11655 7.6 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/RC:C 11655 Release Notes 11655 No Security Update 140.0.3485.81 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-09-25T00:00:00 <p>Information published.</p> Chromium: CVE-2025-10891 Integer overflow in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>140.0.3485.94</td> <td>09/25/2025</td> <td>140.0.7339.208</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-10891 11655 11655 11655 Release Notes 11655 No Security Update 140.0.3485.94 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-09-25T00:00:37 <p>Information published.</p> Chromium: CVE-2025-10892 Integer overflow in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>140.0.3485.94</td> <td>09/25/2025</td> <td>140.0.7339.208</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-10892 11655 11655 11655 Release Notes 11655 No Security Update 140.0.3485.94 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-09-25T00:00:38 <p>Information published.</p> Windows Bluetooth Service Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Bluetooth Service Microsoft Yes CVE-2025-59220 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11929 11930 11931 Yes Security Update 10.0.19043.6332 https://support.microsoft.com/help/5065429 11929 11930 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11929 11930 11931 12097 12098 12099 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 12098 12099 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 12097 12098 12099 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 Hwiwon Lee (hwiwonl), SEC-agent team <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37), SEC-agent team</a> Zhiniang Peng with HUST &amp; R4nger with CyberKunLun 1.0 2025-09-18T00:00:00 <p>Information published. This CVE was addressed by updates that were released in September 2025, but the CVE was inadvertently omitted from the September 2025 Security Updates. This is an informational change only. Customers who have already installed the September 2025 updates do not need to take any further action.</p> 1.1 2025-10-10T00:00:00 <p>Added acknowledgements. This is an informational change only.</p> Agentic AI and Visual Studio Code Remote Code Execution Vulnerability <p>Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.</p> Agentic AI and Visual Studio Code Microsoft Yes CVE-2025-55319 Improper Neutralization of Special Elements used in a Command ('Command Injection') 11622 Remote Code Execution 11622 Important 11622 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11622 Release Notes https://code.visualstudio.com/updates/v1_104?pubDate=20250911 11622 Maybe Security Update 1.104.0 https://code.visualstudio.com/updates/v1_104?pubDate=20250911 11622 Release Notes <a href="https://www.linkedin.com/in/tarek-nakkouch/">Nakkouch Tarek</a> Ruben Gutierrez with <a href="https://www.sky.com/">Sky</a> <a href="https://www.linkedin.com/in/tarek-nakkouch/">Nakkouch Tarek</a> Talon Uptain 1.0 2025-09-11T07:00:00 <p>Information published.</p> 1.2 2025-12-23T08:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> 1.3 2026-02-20T08:00:00 <p>Updated CWE value. This is an informational change only.</p> 1.1 2025-09-12T07:00:00 <p>Added an acknowledgement. This is an informational change only.</p>