CVE-2025-59218 Azure Entra ID Elevation of Privilege Vulnerability
Azure Entra ID Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59218
Azure Entra ID Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59218
CVE-2025-0033 AMD CVE-2025-0033: RMP Corruption During SNP Initialization
Microsoft is aware of [AMD-SB-3020 | CVE-2025-0033](http://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3020.html) disclosed by AMD on October 13, 2025. CVE-2025-0033 is a vulnerability in AMD EPYC processors using Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP). It involves a race condition during Reverse Map Table (RMP) initialization that could allow a malicious or compromised hypervisor to modify RMP entries before they are locked, potentially impacting the integrity of SEV-SNP guest memory. This issue does not expose plaintext data or secrets and requires privileged control of the hypervisor to exploit. Across Azure Confidential Computing products, multiple security guardrails are in place to prevent host compromise, combining isolation, integrity verification and continuous monitoring. All host operations follow audited and approved management pathways, with administrative access strictly controlled, limited and logged. Together, these protections reduce the risk of host compromise or unauthorized memory manipulation, helping ensure that confidential workloads and customer VMs maintain their confidentiality and integrity on Azure hosts.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0033
Microsoft is aware of [AMD-SB-3020 | CVE-2025-0033](http://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3020.html) disclosed by AMD on October 13, 2025. CVE-2025-0033 is a vulnerability in AMD EPYC processors using Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP). It involves a race condition during Reverse Map Table (RMP) initialization that could allow a malicious or compromised hypervisor to modify RMP entries before they are locked, potentially impacting the integrity of SEV-SNP guest memory. This issue does not expose plaintext data or secrets and requires privileged control of the hypervisor to exploit. Across Azure Confidential Computing products, multiple security guardrails are in place to prevent host compromise, combining isolation, integrity verification and continuous monitoring. All host operations follow audited and approved management pathways, with administrative access strictly controlled, limited and logged. Together, these protections reduce the risk of host compromise or unauthorized memory manipulation, helping ensure that confidential workloads and customer VMs maintain their confidentiality and integrity on Azure hosts.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0033
CVE-2025-58724 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability
Affected software updated with new package information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58724
Affected software updated with new package information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58724
CVE-2025-0033 AMD CVE-2025-0033: RMP Corruption During SNP Initialization
Corrected security updates table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0033
Corrected security updates table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0033
CVE-2025-59227 Microsoft Office Remote Code Execution Vulnerability
Updated acknowledgment.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59227
Updated acknowledgment.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59227
CVE-2025-59233 Microsoft Excel Remote Code Execution Vulnerability
Updated acknowledgment. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59233
Updated acknowledgment. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59233
CVE-2025-50154 Microsoft Windows File Explorer Spoofing Vulnerability
Updated an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50154
Updated an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50154
CVE-2025-53784 Microsoft Word Remote Code Execution Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53784
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53784
CVE-2025-53740 Microsoft Office Remote Code Execution Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53740
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53740
CVE-2025-53739 Microsoft Excel Remote Code Execution Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53739
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53739
CVE-2025-53738 Microsoft Word Remote Code Execution Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53738
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53738
CVE-2025-53737 Microsoft Excel Remote Code Execution Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53737
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53737
CVE-2025-53736 Microsoft Word Information Disclosure Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53736
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53736
CVE-2025-53735 Microsoft Excel Remote Code Execution Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53735
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53735
CVE-2025-53733 Microsoft Word Remote Code Execution Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53733
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53733
CVE-2025-53731 Microsoft Office Remote Code Execution Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53731
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53731
CVE-2025-53761 Microsoft PowerPoint Remote Code Execution Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53761
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53761
CVE-2025-53760 Microsoft SharePoint Elevation of Privilege Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53760
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53760
CVE-2025-53759 Microsoft Excel Remote Code Execution Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53759
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53759
CVE-2025-53741 Microsoft Excel Remote Code Execution Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53741
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53741
Chromium: CVE-2025-11756 Use after free in Safe Browsing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11756
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11756