Chromium: CVE-2025-12728 Inappropriate implementation in Omnibox
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12728
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12728
Chromium: CVE-2025-12729 Inappropriate implementation in Omnibox
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12729
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12729
Chromium: CVE-2025-13042 Inappropriate implementation in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13042
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13042
Chromium: CVE-2025-13223 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information. Google is aware that an exploit for CVE-2025-13223 exists in the wild.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13223
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information. Google is aware that an exploit for CVE-2025-13223 exists in the wild.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13223
Chromium: CVE-2025-13224 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13224
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13224
CVE-2025-62209 Windows License Manager Information Disclosure Vulnerability
Updated the build numbers. This is an informational update only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62209
Updated the build numbers. This is an informational update only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62209
CVE-2025-62208 Windows License Manager Information Disclosure Vulnerability
Updated the build numbers. This is an informational update only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62208
Updated the build numbers. This is an informational update only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62208
CVE-2025-54099 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54099
Acknowledgement added. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54099
CVE-2025-64657 Azure Application Gateway Elevation of Privilege Vulnerability
Stack-based buffer overflow in Software for Open Networking in the Cloud (SONiC) allows an unauthorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64657
Stack-based buffer overflow in Software for Open Networking in the Cloud (SONiC) allows an unauthorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64657
CVE-2025-62459 Microsoft Defender Portal Spoofing Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62459
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62459
CVE-2025-64660 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64660
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64660
CVE-2025-62207 Azure Monitor Elevation of Privilege Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62207
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62207
CVE-2025-49752 Azure Bastion Elevation of Privilege Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49752
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49752
CVE-2025-59245 Microsoft SharePoint Online Elevation of Privilege Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59245
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59245
CVE-2025-64655 Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability
Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64655
Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64655
CVE-2025-64656 Application Gateway Elevation of Privilege Vulnerability
Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64656
Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64656
CVE-2025-54114 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
Updated Security Impact values. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54114
Updated Security Impact values. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54114
CVE-2025-59286 Copilot Spoofing Vulnerability
Updated information to include CVSS scores. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59286
Updated information to include CVSS scores. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59286
CVE-2025-59272 Copilot Spoofing Vulnerability
Updated information to include CVSS scores. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59272
Updated information to include CVSS scores. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59272
CVE-2025-59252 M365 Copilot Spoofing Vulnerability
Updated information to include CVSS scores. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59252
Updated information to include CVSS scores. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59252
CVE-2022-24735 Lua scripts can be manipulated to overcome ACL rules in Redis
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24735
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24735