MSRC Reports
@msrcreports
61 subscribers
2.98K links
Microsoft Security Response Center Reports
(Unofficial).

Reports usually come in bursts, because that's just how Microsoft releases them.
Download Telegram
About
Blog
Apps
Platform
Join
MSRC Reports
61 subscribers
MSRC Reports
Chromium: CVE-2025-5419 Out of bounds read and write in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information. Google is aware that an exploit for CVE-2025-5419 exists in the wild.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5419
32 views
MSRC Reports
Chromium: CVE-2025-5068 Use after free in Blink

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5068
32 views
MSRC Reports
CVE-2025-21204 Windows Process Activation Elevation of Privilege Vulnerability

Added an FAQ to explain the remediation steps customers need to take to be protected from CVE-2025-21204. This includes a link to a script to aid in completing the remediation steps. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21204
37 views
MSRC Reports
CVE-2025-47966 Power Automate Elevation of Privilege Vulnerability

Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47966
42 views
MSRC Reports
CVE-2025-33073 Windows SMB Client Elevation of Privilege Vulnerability

Acknowledgement added. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33073
30 views
MSRC Reports
CVE-2025-32711 M365 Copilot Information Disclosure Vulnerability

Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32711
28 views
MSRC Reports
CVE-2025-47172 Microsoft SharePoint Server Remote Code Execution Vulnerability

Updated acknowledgment. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47172
32 views
MSRC Reports
CVE-2024-28923 Secure Boot Security Feature Bypass Vulnerability

Added an acknowledgement. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28923
32 views
MSRC Reports
Chromium: CVE-2025-5958 Use after free in Media

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5958
43 views
MSRC Reports
Chromium: CVE-2025-5959 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5959
50 views
MSRC Reports
CVE-2025-21264 Visual Studio Code Security Feature Bypass Vulnerability

In the Security Updates Table, added Microsoft Visual Studio CoPilot Chat Extension as it is also affected by this vulnerability. Microsoft recommends that customers install the update to be fully protected from the vulnerability.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21264
43 views
MSRC Reports
CVE-2025-33053 Internet Shortcut Files Remote Code Execution Vulnerability

Corrected the CVE description and title. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053
37 views
MSRC Reports
CVE-2025-47963 Microsoft Edge (Chromium-based) Spoofing Vulnerability

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47963
27 views
MSRC Reports
Chromium: CVE-2025-6557 Insufficient data validation in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6557
29 views
MSRC Reports
Chromium: CVE-2025-6556 Insufficient policy enforcement in Loader

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6556
27 views
MSRC Reports
CVE-2025-47964 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47964
33 views
MSRC Reports
Chromium: CVE-2025-6555 Use after free in Animation

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6555
35 views
MSRC Reports
CVE-2025-47182 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47182
37 views
MSRC Reports
Chromium: CVE-2025-6554 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information. Google is aware that an exploit for CVE-2025-6554 exists in the wild.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6554
28 views
MSRC Reports
CVE-2025-49741 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49741
31 views
MSRC Reports
CVE-2025-49713 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49713
34 views