MSRC Reports
@msrcreports
61 subscribers
2.93K links
Microsoft Security Response Center Reports
(Unofficial).

Reports usually come in bursts, because that's just how Microsoft releases them.
Download Telegram
About
Blog
Apps
Platform
Join
MSRC Reports
61 subscribers
MSRC Reports
CVE-2025-49728 Microsoft PC Manager Security Feature Bypass Vulnerability

Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49728
36 views
MSRC Reports
CVE-2025-47967 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47967
33 views
MSRC Reports
CVE-2025-50154 Microsoft Windows File Explorer Spoofing Vulnerability

Updated one or more CVSS scores for the affected products. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50154
34 views
MSRC Reports
CVE-2025-59220 Windows Bluetooth Service Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59220
31 views
MSRC Reports
CVE-2025-59216 Windows Graphics Component Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59216
31 views
MSRC Reports
CVE-2025-55241 Azure Entra Elevation of Privilege Vulnerability

The CVSS score for this vulnerability has been updated to reflect a change in the **Attack Complexity** metric from **High** to **Low**.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55241
30 views
MSRC Reports
CVE-2025-59215 Windows Graphics Component Elevation of Privilege Vulnerability

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59215
34 views
MSRC Reports
Chromium: CVE-2025-10500 Use after free in Dawn

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10500
33 views
MSRC Reports
Chromium: CVE-2025-10502 Heap buffer overflow in ANGLE

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10502
40 views
MSRC Reports
Chromium: CVE-2025-10585 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information. Google is aware that an exploit for CVE-2025-10585 exists in the wild.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10585
48 views
MSRC Reports
Chromium: CVE-2025-10501 Use after free in WebRTC

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10501
47 views
MSRC Reports
CVE-2025-55322 OmniParser Remote Code Execution Vulnerability

Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55322
34 views
MSRC Reports
CVE-2025-55232 Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability

Added an acknowledgement. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55232
33 views
MSRC Reports
CVE-2025-59251 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59251
34 views
MSRC Reports
Chromium: CVE-2025-10892 Integer overflow in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10892
38 views
MSRC Reports
Chromium: CVE-2025-10891 Integer overflow in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10891
42 views
MSRC Reports
Chromium: CVE-2025-10890 Side-channel information leakage in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10890
43 views
MSRC Reports
CVE-2025-53132 Win32k Elevation of Privilege Vulnerability

Updated information to include CVSS scores. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53132
30 views
MSRC Reports
Chromium: CVE-2025-11212 Inappropriate implementation in Media

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11212
28 views
MSRC Reports
Chromium: CVE-2025-11219 Use after free in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11219
29 views
MSRC Reports
Chromium: CVE-2025-11206 Heap buffer overflow in Video

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11206
25 views