CVE-2025-55319 Agentic AI and Visual Studio Code Remote Code Execution Vulnerability
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55319
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55319
CVE-2025-54910 Microsoft Office Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54910
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54910
CVE-2025-54901 Microsoft Excel Information Disclosure Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54901
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54901
CVE-2025-54900 Microsoft Excel Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54900
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54900
CVE-2025-49728 Microsoft PC Manager Security Feature Bypass Vulnerability
Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49728
Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49728
CVE-2025-47967 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47967
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47967
CVE-2025-50154 Microsoft Windows File Explorer Spoofing Vulnerability
Updated one or more CVSS scores for the affected products. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50154
Updated one or more CVSS scores for the affected products. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50154
CVE-2025-59220 Windows Bluetooth Service Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59220
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59220
CVE-2025-59216 Windows Graphics Component Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59216
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59216
CVE-2025-55241 Azure Entra Elevation of Privilege Vulnerability
The CVSS score for this vulnerability has been updated to reflect a change in the **Attack Complexity** metric from **High** to **Low**.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55241
The CVSS score for this vulnerability has been updated to reflect a change in the **Attack Complexity** metric from **High** to **Low**.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55241
CVE-2025-59215 Windows Graphics Component Elevation of Privilege Vulnerability
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59215
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59215
Chromium: CVE-2025-10500 Use after free in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10500
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10500
Chromium: CVE-2025-10502 Heap buffer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10502
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10502
Chromium: CVE-2025-10585 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information. Google is aware that an exploit for CVE-2025-10585 exists in the wild.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10585
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information. Google is aware that an exploit for CVE-2025-10585 exists in the wild.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10585
Chromium: CVE-2025-10501 Use after free in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10501
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10501
CVE-2025-55322 OmniParser Remote Code Execution Vulnerability
Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55322
Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55322
CVE-2025-55232 Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
Added an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55232
Added an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55232
CVE-2025-59251 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59251
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59251
Chromium: CVE-2025-10892 Integer overflow in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10892
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10892
Chromium: CVE-2025-10891 Integer overflow in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10891
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10891
Chromium: CVE-2025-10890 Side-channel information leakage in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10890
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10890