CVE-2025-53771 Microsoft SharePoint Server Spoofing Vulnerability
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771
CVE-2025-49706 Microsoft SharePoint Server Spoofing Vulnerability
Updated one or more CVSS scores for the affected products. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706
Updated one or more CVSS scores for the affected products. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706
CVE-2022-44693 Microsoft SharePoint Server Remote Code Execution Vulnerability
Updated the build numbers. This is an informational update only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44693
Updated the build numbers. This is an informational update only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44693
CVE-2025-29819 Windows Admin Center in Azure Portal Information Disclosure Vulnerability
Updated acknowledgment. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29819
Updated acknowledgment. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29819
Chromium: CVE-2025-8010 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8010
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8010
Chromium: CVE-2025-8011 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8011
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8011
Chromium: CVE-2025-8292 Use after free in Media Stream
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8292
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8292
CVE-2025-53786 Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability
On April 18th 2025, Microsoft announced [Exchange Server Security Changes for Hybrid Deployments](https://techcommunity.microsoft.com/blog/exchange/exchange-server-security-changes-for-hybrid-deployments/4396833) and accompanying non-security [Hot Fix](https://techcommunity.microsoft.com/blog/exchange/released-april-2025-exchange-server-hotfix-updates/4402471). Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by taking the steps documented with the April 18th announcement. Microsoft strongly recommends reading the information, installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786
On April 18th 2025, Microsoft announced [Exchange Server Security Changes for Hybrid Deployments](https://techcommunity.microsoft.com/blog/exchange/exchange-server-security-changes-for-hybrid-deployments/4396833) and accompanying non-security [Hot Fix](https://techcommunity.microsoft.com/blog/exchange/released-april-2025-exchange-server-hotfix-updates/4402471). Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by taking the steps documented with the April 18th announcement. Microsoft strongly recommends reading the information, installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786
CVE-2025-53787 Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53787
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53787
CVE-2025-53774 Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53774
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53774
CVE-2025-53767 Azure OpenAI Elevation of Privilege Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53767
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53767
CVE-2025-53792 Azure Portal Elevation of Privilege Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53792
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53792
Chromium: CVE-2025-8577 Inappropriate implementation in Picture In Picture
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8577
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8577
Chromium: CVE-2025-8579 Inappropriate implementation in Gemini Live in Chrome
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8579
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8579
Chromium: CVE-2025-8583 Inappropriate implementation in Permissions
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8583
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8583
Chromium: CVE-2025-8576 Use after free in Extensions
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8576
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8576
Chromium: CVE-2025-8578 Use after free in Cast
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8578
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8578
Chromium: CVE-2025-8580 Inappropriate implementation in Filesystems
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8580
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8580
Chromium: CVE-2025-8581 Inappropriate implementation in Extensions
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8581
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8581
Chromium: CVE-2025-8582 Insufficient validation of untrusted input in DOM
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8582
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8582
CVE-2025-29954 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Added an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29954
Added an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29954