Microsoft Office Remote Code Execution Vulnerability
Critical
Remote Code Execution
Access of resource using incompatible type (‘type confusion’) in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-62557
Microsoft Office Remote Code Execution Vulnerability
Critical
Remote Code Execution
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-62454
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62456
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Important
Remote Code Execution
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.
CVE-2025-62457
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62458
Win32k Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Heap-based buffer overflow in Windows Win32K – GRFX allows an authorized attacker to elevate privileges locally.
CVE-2025-62466
Windows Client-Side Caching Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.
CVE-2025-62469
Microsoft Brokering File System Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62470
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62472
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-62473
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Important
Information Disclosure
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-62549
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Important
Remote Code Execution
Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-62561
Microsoft Excel Remote Code Execution Vulnerability
Important
Remote Code Execution
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62562
Microsoft Outlook Remote Code Execution Vulnerability
Important
Remote Code Execution
Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.
CVE-2025-62563
Microsoft Excel Remote Code Execution Vulnerability
Important
Remote Code Execution
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62564
Microsoft Excel Remote Code Execution Vulnerability
Important
Remote Code Execution
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62571
Windows Installer Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2025-62572
Application Information Service Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally.
CVE-2025-62573
DirectX Graphics Kernel Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2025-64658
Windows File Explorer Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2025-64667
Microsoft Exchange Server Spoofing Vulnerability
Important
Spoofing
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-64666
Microsoft Exchange Server Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-64670
Windows DirectX Information Disclosure Vulnerability
Important
Information Disclosure
Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information over a network.
CVE-2025-64673
Windows Storage VSP Driver Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-59516
Windows Storage VSP Driver Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-59517
Windows Storage VSP Driver Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62455
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally.
CVE-2025-62461
Windows Projected File System Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62463
DirectX Graphics Kernel Denial of Service Vulnerability
Important
Denial of Service
Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally.
CVE-2025-62462
Windows Projected File System Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62464
Windows Projected File System Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62465
DirectX Graphics Kernel Denial of Service Vulnerability
Important
Denial of Service
Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally.
CVE-2025-55233
Windows Projected File System Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62467
Windows Projected File System Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62468
Windows Defender Firewall Service Information Disclosure Vulnerability
Important
Information Disclosure
Out-of-bounds read in Windows Defender Firewall Service allows an authorized attacker to disclose information locally.
CVE-2025-62474
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network.
CVE-2025-62552
Microsoft Access Remote Code Execution Vulnerability
Important
Remote Code Execution
Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally.
CVE-2025-62553
Microsoft Excel Remote Code Execution Vulnerability
Important
Remote Code Execution
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62555
Microsoft Word Remote Code Execution Vulnerability
Important
Remote Code Execution
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-62556
Microsoft Excel Remote Code Execution Vulnerability
Important
Remote Code Execution
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62558
Microsoft Word Remote Code Execution Vulnerability
Important
Remote Code Execution
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-62559
Microsoft Word Remote Code Execution Vulnerability
Important
Remote Code Execution
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-62560
Microsoft Excel Remote Code Execution Vulnerability
Important
Remote Code Execution
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62567
Windows Hyper-V Denial of Service Vulnerability
Important
Denial of Service
Integer underflow (wrap or wraparound) in Windows Hyper-V allows an authorized attacker to deny service over a network.
CVE-2025-62569
Microsoft Brokering File System Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62570
Windows Camera Frame Server Monitor Information Disclosure Vulnerability
Important
Information Disclosure
Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally.
CVE-2025-62565
Windows File Explorer Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2025-64661
Windows Shell Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2025-64671
GitHub Copilot for Jetbrains Remote Code Execution Vulnerability
Important
Remote Code Execution
Improper neutralization of special elements used in a command (‘command injection’) in Copilot allows an unauthorized attacker to execute code locally.
CVE-2025-64672
Microsoft SharePoint Server Spoofing Vulnerability
Important
Spoofing
Improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2025-64678
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Important
Remote Code Execution
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-64679
Windows DWM Core Library Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-64680
Windows DWM Core Library Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-54100
PowerShell Remote Code Execution Vulnerability
Important
Remote Code Execution
Improper neutralization of special elements used in a command (‘command injection’) in Windows PowerShell allows an unauthorized attacker to execute code locally.
CVE-2025-62221
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Important
Elevation of Privilege
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
