CVE-2025-64656 Application Gateway Elevation of Privilege Vulnerability

Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64656

CVE-2025-54114 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability

Updated Security Impact values. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54114

CVE-2025-59286 Copilot Spoofing Vulnerability

Updated information to include CVSS scores. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59286

CVE-2025-59272 Copilot Spoofing Vulnerability

Updated information to include CVSS scores. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59272

CVE-2025-59252 M365 Copilot Spoofing Vulnerability

Updated information to include CVSS scores. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59252

CVE-2022-24735 Lua scripts can be manipulated to overcome ACL rules in Redis

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24735

CVE-2022-24736 A Malformed Lua script can crash Redis

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24736

CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58183

CVE-2025-11494 GNU Binutils Linker elfxx-x86.c _bfd_x86_elf_late_size_sections out-of-bounds

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11494

CVE-2025-38597 drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38597

CVE-2025-38615 fs/ntfs3: cancle set bad inode after removing name fails

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38615

CVE-2025-38643 wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac()

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38643

CVE-2025-38626 f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38626

CVE-2025-38659 gfs2: No more self recovery

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38659

CVE-2025-12638 Path Traversal Vulnerability in keras-team/keras via Tar Archive Extraction in keras.utils.get_file()

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12638

CVE-2025-66221 Werkzeug safe_join() allows Windows special device names

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66221

CVE-2025-64506 LIBPNG is vulnerable to a heap buffer over-read in `png_write_image_8bit` with grayscale+alpha or RGB/RGBA images

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64506

CVE-2025-64505 LIBPNG is vulnerable to a heap buffer overflow in `png_do_quantize` via malformed palette index

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64505

CVE-2025-12889 TLS 1.2 Client Can Downgrade Digest Used

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12889

CVE-2025-11936 Potential DoS Vulnerability through Multiple KeyShareEntry with Same Group in TLS 1.3 ClientHello

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11936

CVE-2025-61915 OpenPrinting CUPS vulnerable to stack based out-of-bound write

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61915