CVE-2025-54914 Azure Networking Elevation of Privilege Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54914
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54914
CVE-2025-55242 Xbox Certification Bug Copilot Djando Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55242
Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55242
CVE-2025-55244 Azure Bot Service Elevation of Privilege Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55244
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55244
CVE-2025-53791 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53791
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53791
Chromium: CVE-2025-9864 Use after free in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9864
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9864
Chromium: CVE-2025-9865 Inappropriate implementation in Toolbar
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9865
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9865
Chromium: CVE-2025-9866 Inappropriate implementation in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9866
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9866
Chromium: CVE-2025-9867 Inappropriate implementation in Downloads
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9867
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9867
Chromium: CVE-2025-10200 Use after free in Serviceworker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10200
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10200
Chromium: CVE-2025-10201 Inappropriate implementation in Mojo
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10201
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10201
CVE-2025-55319 Agentic AI and Visual Studio Code Remote Code Execution Vulnerability
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55319
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55319
CVE-2025-54910 Microsoft Office Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54910
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54910
CVE-2025-54901 Microsoft Excel Information Disclosure Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54901
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54901
CVE-2025-54900 Microsoft Excel Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54900
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54900
CVE-2025-49728 Microsoft PC Manager Security Feature Bypass Vulnerability
Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49728
Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49728
CVE-2025-47967 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47967
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47967
CVE-2025-50154 Microsoft Windows File Explorer Spoofing Vulnerability
Updated one or more CVSS scores for the affected products. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50154
Updated one or more CVSS scores for the affected products. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50154
CVE-2025-59220 Windows Bluetooth Service Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59220
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59220
CVE-2025-59216 Windows Graphics Component Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59216
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59216
CVE-2025-55241 Azure Entra Elevation of Privilege Vulnerability
The CVSS score for this vulnerability has been updated to reflect a change in the **Attack Complexity** metric from **High** to **Low**.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55241
The CVSS score for this vulnerability has been updated to reflect a change in the **Attack Complexity** metric from **High** to **Low**.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55241
CVE-2025-59215 Windows Graphics Component Elevation of Privilege Vulnerability
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59215
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59215