Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Remote Code Execution
CVE-2025-60716
DirectX Graphics Kernel
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-60724
GDI+
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
Remote Code Execution
CVE-2025-62214
Visual Studio
Improper neutralization of special elements used in a command (‘command injection’) in Visual Studio allows an authorized attacker to execute code locally.
Remote Code Execution
CVE-2025-30398
Nuance PowerScribe 360
Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network.
Information Disclosure
CVE-2025-59504
Azure Monitor Agent
Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.
Remote Code Execution
CVE-2025-59505
Windows Smart Card Reader
Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-59506
DirectX Graphics Kernel
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows DirectX allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-59507
Windows Speech Runtime
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Speech allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-59508
Windows Speech Recognition
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Speech allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-59509
Windows Speech Recognition
Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.
Information Disclosure
CVE-2025-59510
Windows Routing and Remote Access Service (RRAS)
Improper link resolution before file access (‘link following’) in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.
Denial of Service
CVE-2025-59511
Windows WLAN Service
External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-59512
Customer Experience Improvement Program (CEIP)
Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-59513
Windows Bluetooth RFCOM Protocol Driver
Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally.
Information Disclosure
CVE-2025-60703
Windows Remote Desktop Services
Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-60704
Windows Kerberos
Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.
Elevation of Privilege
CVE-2025-60705
Windows Client-Side Caching
Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-60706
Windows Hyper-V
Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally.
Information Disclosure
CVE-2025-60707
Multimedia Class Scheduler Service (MMCSS) Driver
Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-60708
Storvsp.sys Driver
Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally.
Denial of Service
CVE-2025-60709
Windows Common Log File System Driver
Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-60710
Host Process for Windows Tasks
Improper link resolution before file access (‘link following’) in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-60726
Microsoft Excel
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Information Disclosure
CVE-2025-60727
Microsoft Excel
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Remote Code Execution
CVE-2025-60728
Microsoft Excel
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
Information Disclosure
CVE-2025-62206
Microsoft Dynamics 365 (On-Premises)
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.
Information Disclosure
CVE-2025-62210
Dynamics 365 Field Service (online)
Improper neutralization of input during web page generation (‘cross-site scripting’) in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
Spoofing
CVE-2025-62216
Microsoft Office
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Remote Code Execution
CVE-2025-60719
Windows Ancillary Function Driver for WinSock
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-60722
Microsoft OneDrive for Android
Improper limitation of a pathname to a restricted directory (‘path traversal’) in OneDrive for Android allows an authorized attacker to elevate privileges over a network.
Elevation of Privilege
CVE-2025-62217
Windows Ancillary Function Driver for WinSock
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-62218
Microsoft Wireless Provisioning System
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-62219
Microsoft Wireless Provisioning System
Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-62220
Windows Subsystem for Linux GUI
Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network.
Remote Code Execution
CVE-2025-62452
Windows Routing and Remote Access Service (RRAS)
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Remote Code Execution
CVE-2025-59240
Microsoft Excel
Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Information Disclosure
CVE-2025-47179
Configuration Manager
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-59514
Microsoft Streaming Service Proxy
Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-59515
Windows Broadcast DVR User Service
Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-60713
Windows Routing and Remote Access Service (RRAS)
Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-60714
Windows OLE
Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally.
Remote Code Execution
CVE-2025-60715
Windows Routing and Remote Access Service (RRAS)
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Remote Code Execution
CVE-2025-60717
Windows Broadcast DVR User Service
Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-60718
Windows Administrator Protection
Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-60720
Windows Transport Driver Interface (TDI) Translation Driver
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-60723
DirectX Graphics Kernel
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows DirectX allows an authorized attacker to deny service over a network.
Denial of Service
CVE-2025-62200
Microsoft Excel
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Remote Code Execution
CVE-2025-62201
Microsoft Excel
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Remote Code Execution
CVE-2025-62202
Microsoft Excel
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Information Disclosure
CVE-2025-62203
Microsoft Excel
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Remote Code Execution
CVE-2025-62204
Microsoft SharePoint
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Remote Code Execution
CVE-2025-62205
Microsoft Office
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Remote Code Execution
CVE-2025-62208
Windows License Manager
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.
Information Disclosure
CVE-2025-62209
Windows License Manager
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.
Information Disclosure
CVE-2025-59499
Microsoft SQL Server
Improper neutralization of special elements used in an sql command (‘sql injection’) in SQL Server allows an authorized attacker to elevate privileges over a network.
Elevation of Privilege
CVE-2025-62211
Dynamics 365 Field Service (online)
Improper neutralization of input during web page generation (‘cross-site scripting’) in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
Spoofing
CVE-2025-62215
Windows Kernel
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel allows an authorized attacker to elevate privileges locally. (Zero-day, exploited)
Elevation of Privilege
CVE-2025-62213
Windows Ancillary Function Driver for WinSock
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-62222
Agentic AI and Visual Studio Code
Improper neutralization of special elements used in a command (‘command injection’) in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network.
Remote Code Execution
CVE-2025-62449
Microsoft Visual Studio Code CoPilot Chat Extension
Improper limitation of a pathname to a restricted directory (‘path traversal’) in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.
Security Feature Bypass
CVE-2025-60721
Windows Administrator Protection
Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.
Elevation of Privilege
CVE-2025-62453
GitHub Copilot and Visual Studio Code
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.
