CVE-2025-53132 Win32k Elevation of Privilege Vulnerability
Updated information to include CVSS scores. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53132
Updated information to include CVSS scores. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53132
Chromium: CVE-2025-11212 Inappropriate implementation in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11212
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11212
Chromium: CVE-2025-11219 Use after free in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11219
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11219
Chromium: CVE-2025-11206 Heap buffer overflow in Video
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11206
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11206
Chromium: CVE-2025-11208 Inappropriate implementation in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11208
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11208
Chromium: CVE-2025-11207 Side-channel information leakage in Storage
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11207
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11207
Chromium: CVE-2025-11210 Side-channel information leakage in Tab
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11210
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11210
Chromium: CVE-2025-11213 Inappropriate implementation in Omnibox
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11213
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11213
Chromium: CVE-2025-11205 Heap buffer overflow in WebGPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11205
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11205
Chromium: CVE-2025-11209 Inappropriate implementation in Omnibox
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11209
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11209
Chromium: CVE-2025-11211 Out of bounds read in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11211
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11211
Chromium: CVE-2025-11216 Inappropriate implementation in Storage
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11216
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11216
Chromium: CVE-2025-11215 Off by one error in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11215
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11215
CVE-2025-59489 MITRE: CVE-2025-59489 Unity Gaming Engine Editor vulnerability
[Unity](https://unity.com) announced a security vulnerability (CVE-2025-59489) that is affecting games or applications built with the Unity Gaming Engine Editor (version 2017.1 or later). You may be using a Microsoft app or playing a Microsoft game that should be uninstalled until an update is available. We are working to update games and applications that are potentially affected by this Unity vulnerability.In most cases, you can stay safe by ensuring your games and applications are up to date and Microsoft Defender is running on your device.If you have downloaded a vulnerable game or app (see list below) on one of the following platforms, you could be at risk:* Android* Windows* Linux (Desktop)* Linux (embedded)* MacOSWe have confirmed the following are not impacted:* Xbox consoles* Xbox Cloud Gaming* iOS* HoloLens **Recommended Next Steps:****For Developers**: Unity has made a fix available to developers. Organizations who believe that they have an app or game that might be impacted should reference Unity guidance and update their apps/games as soon as possible. You can learn more from Unity here.**For Players and Customers**: Microsoft security and game development teams are working to update any game or application that is potentially affected by this Unity vulnerability.If a Microsoft-owned game or application is not listed and you have installed all available updates, no further action is required. For customers who have automatic updates enabled, fixes will be deployed as they become available. If you have automatic updates turned off, please check to see if you have any updates available for your downloaded apps and games and install the latest update on your device.Customers who have an impacted app or game installed (see below list) are encouraged to take these steps:* Temporarily uninstall any impacted Microsoft apps or games until an update is available. For more guidance on how to uninstall, please see the FAQs below.* Use an up-to-date version of Microsoft Defender to detect and block attempts to exploit this vulnerability. * Follow guidance from Unity or your platform provider.* Microsoft-owned games and apps affected by this vulnerability and their requisite updates are documented in the Security Updates Table.**For Microsoft Mesh Apps Users**In response to this CVE that is affecting applications built with the Unity Gaming Engine Editor (version 2017.1 or later), Microsoft has released a required security update for the Microsoft Mesh PC applications. We strongly encourage all users with the Microsoft Mesh apps installed on their devices to promptly update to the latest version of these apps, version 5.2513.3.0 or greater. If you have automatic updates enabled for these apps on all devices, no further action is required. While we do not expect this to affect the functionality of any previously-scheduled events in Microsoft Mesh, use of the immersive spaces in Microsoft Teams meetings, or immersive events in Microsoft Teams, users will be required to update the Mesh PC apps before joining newly scheduled events in Mesh. We are informing you of this now so that you can mitigate any disruptions this may introduce to your events.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59489
[Unity](https://unity.com) announced a security vulnerability (CVE-2025-59489) that is affecting games or applications built with the Unity Gaming Engine Editor (version 2017.1 or later). You may be using a Microsoft app or playing a Microsoft game that should be uninstalled until an update is available. We are working to update games and applications that are potentially affected by this Unity vulnerability.In most cases, you can stay safe by ensuring your games and applications are up to date and Microsoft Defender is running on your device.If you have downloaded a vulnerable game or app (see list below) on one of the following platforms, you could be at risk:* Android* Windows* Linux (Desktop)* Linux (embedded)* MacOSWe have confirmed the following are not impacted:* Xbox consoles* Xbox Cloud Gaming* iOS* HoloLens **Recommended Next Steps:****For Developers**: Unity has made a fix available to developers. Organizations who believe that they have an app or game that might be impacted should reference Unity guidance and update their apps/games as soon as possible. You can learn more from Unity here.**For Players and Customers**: Microsoft security and game development teams are working to update any game or application that is potentially affected by this Unity vulnerability.If a Microsoft-owned game or application is not listed and you have installed all available updates, no further action is required. For customers who have automatic updates enabled, fixes will be deployed as they become available. If you have automatic updates turned off, please check to see if you have any updates available for your downloaded apps and games and install the latest update on your device.Customers who have an impacted app or game installed (see below list) are encouraged to take these steps:* Temporarily uninstall any impacted Microsoft apps or games until an update is available. For more guidance on how to uninstall, please see the FAQs below.* Use an up-to-date version of Microsoft Defender to detect and block attempts to exploit this vulnerability. * Follow guidance from Unity or your platform provider.* Microsoft-owned games and apps affected by this vulnerability and their requisite updates are documented in the Security Updates Table.**For Microsoft Mesh Apps Users**In response to this CVE that is affecting applications built with the Unity Gaming Engine Editor (version 2017.1 or later), Microsoft has released a required security update for the Microsoft Mesh PC applications. We strongly encourage all users with the Microsoft Mesh apps installed on their devices to promptly update to the latest version of these apps, version 5.2513.3.0 or greater. If you have automatic updates enabled for these apps on all devices, no further action is required. While we do not expect this to affect the functionality of any previously-scheduled events in Microsoft Mesh, use of the immersive spaces in Microsoft Teams meetings, or immersive events in Microsoft Teams, users will be required to update the Mesh PC apps before joining newly scheduled events in Mesh. We are informing you of this now so that you can mitigate any disruptions this may introduce to your events.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59489
CVE-2023-36038 ASP.NET Core Denial of Service Vulnerability
Corrected Article links in the Security Updates table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36038
Corrected Article links in the Security Updates table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36038
Chromium: CVE-2025-11458 Heap buffer overflow in Sync
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11458
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11458
Chromium: CVE-2025-11460 Use after free in Storage
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11460
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11460
CVE-2025-59286 Copilot Spoofing Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59286
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59286
CVE-2025-59272 Copilot Spoofing Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59272
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59272
CVE-2025-59271 Redis Enterprise Elevation of Privilege Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59271
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59271
CVE-2025-59252 M365 Copilot Spoofing Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59252
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59252