Microsoft CVE Summary

This report contains detail for the following vulnerabilities:

CVE Issued by Tag CVE ID CVE Title
MicrosoftAzure - Networking CVE-2025-54914 Azure Networking Elevation of Privilege Vulnerability
MicrosoftAzure Arc CVE-2025-55316 Azure Arc Elevation of Privilege Vulnerability
MicrosoftAzure Bot Service CVE-2025-55244 Azure Bot Service Elevation of Privilege Vulnerability
MicrosoftAzure Entra CVE-2025-55241 Azure Entra Elevation of Privilege Vulnerability
MicrosoftAzure Windows Virtual Machine Agent CVE-2025-49692 Azure Connected Machine Agent Elevation of Privilege Vulnerability
MicrosoftCapability Access Management Service (camsvc) CVE-2025-54108 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
MicrosoftDynamics 365 FastTrack Implementation Assets CVE-2025-55238 Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
MicrosoftGraphics Kernel CVE-2025-55236 Graphics Kernel Remote Code Execution Vulnerability
MicrosoftGraphics Kernel CVE-2025-55223 DirectX Graphics Kernel Elevation of Privilege Vulnerability
MicrosoftGraphics Kernel CVE-2025-55226 Graphics Kernel Remote Code Execution Vulnerability
LinuxMariner CVE-2025-38705 drm/amd/pm: fix null pointer access
LinuxMariner CVE-2025-38679 media: venus: Fix OOB read due to missing payload bound check
LinuxMariner CVE-2025-38699 scsi: bfa: Double-free fix
LinuxMariner CVE-2025-38724 nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
LinuxMariner CVE-2025-38687 comedi: fix race between polling and detaching
LinuxMariner CVE-2025-38702 fbdev: fix potential buffer overflow in do_register_framebuffer()
LinuxMariner CVE-2025-38725 net: usb: asix_devices: add phy_mask for ax88772 mdio bus
LinuxMariner CVE-2025-38717 net: kcm: Fix race condition in kcm_unattach()
LinuxMariner CVE-2025-38704 rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access
LinuxMariner CVE-2025-38701 ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
LinuxMariner CVE-2025-38706 ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()
LinuxMariner CVE-2025-38692 exfat: add cluster chain loop check for dir
LinuxMariner CVE-2025-38721 netfilter: ctnetlink: fix refcount leak on table dump
LinuxMariner CVE-2025-38712 hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
LinuxMariner CVE-2025-38711 smb/server: avoid deadlock when linking with ReplaceIfExists
LinuxMariner CVE-2025-38722 habanalabs: fix UAF in export_dmabuf()
LinuxMariner CVE-2025-38703 drm/xe: Make dma-fences compliant with the safe access rules
LinuxMariner CVE-2025-38696 MIPS: Don't crash in stack_top() for tasks without ABI or vDSO
LinuxMariner CVE-2025-38685 fbdev: Fix vmalloc out-of-bounds write in fast_imageblit
LinuxMariner CVE-2025-38691 pNFS: Fix uninited ptr deref in block/scsi layout
LinuxMariner CVE-2025-38680 media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()
LinuxMariner CVE-2025-38729 ALSA: usb-audio: Validate UAC3 power domain descriptors, too
LinuxMariner CVE-2025-38723 LoongArch: BPF: Fix jump offset calculation in tailcall
LinuxMariner CVE-2025-39730 NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
LinuxMariner CVE-2025-39732 wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()
redhatMariner CVE-2025-7039 Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()
LinuxMariner CVE-2025-38718 sctp: linearize cloned gso packets in sctp_rcv
LinuxMariner CVE-2025-38688 iommufd: Prevent ALIGN() overflow
LinuxMariner CVE-2025-38710 gfs2: Validate i_depth for exhash directories
LinuxMariner CVE-2025-38714 hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
LinuxMariner CVE-2025-38730 io_uring/net: commit partial buffers on retry
LinuxMariner CVE-2025-38697 jfs: upper bound check of tree index in dbAllocAG
LinuxMariner CVE-2025-38716 hfs: fix general protection fault in hfs_find_init()
LinuxMariner CVE-2025-38684 net/sched: ets: use old 'nbands' while purging unused classes
LinuxMariner CVE-2025-38715 hfs: fix slab-out-of-bounds in hfs_bnode_read()
LinuxMariner CVE-2025-38681 mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()
LinuxMariner CVE-2025-38709 loop: Avoid updating block size under exclusive owner
LinuxMariner CVE-2025-38695 scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure
LinuxMariner CVE-2025-38708 drbd: add missing kref_get in handle_write_conflicts
LinuxMariner CVE-2025-38698 jfs: Regular file corruption check
LinuxMariner CVE-2025-38713 hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
LinuxMariner CVE-2025-39673 ppp: fix race conditions in ppp_fill_forward_path
LinuxMariner CVE-2025-39715 parisc: Revise gateway LWS calls to probe user read access
LinuxMariner CVE-2025-39675 drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session()
LinuxMariner CVE-2025-38732 netfilter: nf_reject: don't leak dst refcount for loopback packets
LinuxMariner CVE-2025-39716 parisc: Revise __get_user() to probe user read access
LinuxMariner CVE-2025-39682 tls: fix handling of zero-length records on the rx_list
LinuxMariner CVE-2025-39706 drm/amdkfd: Destroy KFD debugfs after destroy KFD wq
LinuxMariner CVE-2025-39677 net/sched: Fix backlog accounting in qdisc_dequeue_internal
LinuxMariner CVE-2025-39707 drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities
LinuxMariner CVE-2025-39701 ACPI: pfr_update: Fix the driver update version check
LinuxMariner CVE-2025-38734 net/smc: fix UAF on smcsk after smc_listen_out()
LinuxMariner CVE-2025-38736 net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization
LinuxMariner CVE-2025-39683 tracing: Limit access to parser->buffer when trace_get_user failed
LinuxMariner CVE-2025-39681 x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper
redhatMariner CVE-2025-9566 Podman: podman kube play command may overwrite host files
mitreMariner CVE-2025-57052 cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.
LinuxMariner CVE-2025-39676 scsi: qla4xxx: Prevent a potential error pointer dereference
LinuxMariner CVE-2025-39719 iio: imu: bno055: fix OOB access of hw_xlate array
LinuxMariner CVE-2025-39691 fs/buffer: fix use-after-free when call bh_read() helper
LinuxMariner CVE-2025-39714 media: usbtv: Lock resolution while streaming
LinuxMariner CVE-2025-39679 drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor().
LinuxMariner CVE-2025-39713 media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
LinuxMariner CVE-2025-39702 ipv6: sr: Fix MAC comparison to be constant-time
LinuxMariner CVE-2025-39686 comedi: Make insn_rw_emulate_bits() do insn->n samples
LinuxMariner CVE-2025-39710 media: venus: Add a check for packet size after reading from shared memory
LinuxMariner CVE-2025-38735 gve: prevent ethtool ops after shutdown
LinuxMariner CVE-2025-39718 vsock/virtio: Validate length in packet header before skb_put()
LinuxMariner CVE-2025-39685 comedi: pcl726: Prevent invalid irq number
LinuxMariner CVE-2025-39703 net, hsr: reject HSR frame if skb can't hold tag
LinuxMariner CVE-2025-38700 scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
LinuxMariner CVE-2025-39697 NFS: Fix a race when updating an existing write
LinuxMariner CVE-2025-39726 s390/ism: fix concurrency management in ism_cmd()
LinuxMariner CVE-2025-39709 media: venus: protect against spurious interrupts during probe
LinuxMariner CVE-2025-39687 iio: light: as73211: Ensure buffer holes are zeroed
LinuxMariner CVE-2025-39721 crypto: qat - flush misc workqueue during device shutdown
LinuxMariner CVE-2025-39694 s390/sclp: Fix SCCB present check
LinuxMariner CVE-2025-39705 drm/amd/display: fix a Null pointer dereference vulnerability
LinuxMariner CVE-2025-39693 drm/amd/display: Avoid a NULL pointer dereference
LinuxMariner CVE-2025-39711 media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls
LinuxMariner CVE-2025-39692 smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy()
LinuxMariner CVE-2025-39684 comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()
LinuxMariner CVE-2025-39724 serial: 8250: fix panic due to PSLVERR
LinuxMariner CVE-2025-39720 ksmbd: fix refcount leak causing resource not released
LinuxMariner CVE-2025-39689 ftrace: Also allocate and copy hash for reading of filter files
LinuxMariner CVE-2025-38678 netfilter: nf_tables: reject duplicate device on updates
redhatMariner CVE-2025-9901 Libsoup: improper handling of http vary header in libsoup caching
LinuxMariner CVE-2025-38707 fs/ntfs3: Add sanity check for file name
LinuxMariner CVE-2025-39731 f2fs: vm_unmap_ram() may be called from an invalid context
LinuxMariner CVE-2025-38728 smb3: fix for slab out of bounds on mount to ksmbd
MicrosoftMicrosoft AutoUpdate (MAU) CVE-2025-55317 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
MicrosoftMicrosoft Brokering File System CVE-2025-54105 Microsoft Brokering File System Elevation of Privilege Vulnerability
ChromeMicrosoft Edge (Chromium-based) CVE-2025-9866 Chromium: CVE-2025-9866 Inappropriate implementation in Extensions
ChromeMicrosoft Edge (Chromium-based) CVE-2025-9867 Chromium: CVE-2025-9867 Inappropriate implementation in Downloads
MicrosoftMicrosoft Edge (Chromium-based) CVE-2025-53791 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
ChromeMicrosoft Edge (Chromium-based) CVE-2025-9864 Chromium: CVE-2025-9864 Use after free in V8
ChromeMicrosoft Edge (Chromium-based) CVE-2025-9865 Chromium: CVE-2025-9865 Inappropriate implementation in Toolbar
MicrosoftMicrosoft Graphics Component CVE-2025-53807 Windows Graphics Component Elevation of Privilege Vulnerability
MicrosoftMicrosoft Graphics Component CVE-2025-53800 Windows Graphics Component Elevation of Privilege Vulnerability
MicrosoftMicrosoft High Performance Compute Pack (HPC) CVE-2025-55232 Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
MicrosoftMicrosoft Office CVE-2025-54910 Microsoft Office Remote Code Execution Vulnerability
MicrosoftMicrosoft Office CVE-2025-55243 Microsoft OfficePlus Spoofing Vulnerability
MicrosoftMicrosoft Office CVE-2025-54906 Microsoft Office Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Excel CVE-2025-54902 Microsoft Excel Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Excel CVE-2025-54899 Microsoft Excel Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Excel CVE-2025-54904 Microsoft Excel Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Excel CVE-2025-54903 Microsoft Excel Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Excel CVE-2025-54898 Microsoft Excel Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Excel CVE-2025-54896 Microsoft Excel Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Excel CVE-2025-54900 Microsoft Excel Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Excel CVE-2025-54901 Microsoft Excel Information Disclosure Vulnerability
MicrosoftMicrosoft Office PowerPoint CVE-2025-54908 Microsoft PowerPoint Remote Code Execution Vulnerability
MicrosoftMicrosoft Office SharePoint CVE-2025-54897 Microsoft SharePoint Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Visio CVE-2025-54907 Microsoft Office Visio Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Word CVE-2025-54905 Microsoft Word Information Disclosure Vulnerability
MicrosoftMicrosoft Virtual Hard Drive CVE-2025-54112 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
MicrosoftRole: Windows Hyper-V CVE-2025-54092 Windows Hyper-V Elevation of Privilege Vulnerability
MicrosoftRole: Windows Hyper-V CVE-2025-54091 Windows Hyper-V Elevation of Privilege Vulnerability
MicrosoftRole: Windows Hyper-V CVE-2025-54115 Windows Hyper-V Elevation of Privilege Vulnerability
MicrosoftRole: Windows Hyper-V CVE-2025-54098 Windows Hyper-V Elevation of Privilege Vulnerability
MicrosoftSQL Server CVE-2025-47997 Microsoft SQL Server Information Disclosure Vulnerability
MicrosoftSQL Server CVE-2025-55227 Microsoft SQL Server Elevation of Privilege Vulnerability
VulnCheckSQL Server CVE-2024-21907 VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json
MicrosoftWindows Ancillary Function Driver for WinSock CVE-2025-54099 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
MicrosoftWindows BitLocker CVE-2025-54911 Windows BitLocker Elevation of Privilege Vulnerability
MicrosoftWindows BitLocker CVE-2025-54912 Windows BitLocker Elevation of Privilege Vulnerability
MicrosoftWindows Bluetooth Service CVE-2025-53802 Windows Bluetooth Service Elevation of Privilege Vulnerability
MicrosoftWindows Connected Devices Platform Service CVE-2025-54102 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
MicrosoftWindows Connected Devices Platform Service CVE-2025-54114 Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
MicrosoftWindows Defender Firewall Service CVE-2025-53810 Windows Defender Firewall Service Elevation of Privilege Vulnerability
MicrosoftWindows Defender Firewall Service CVE-2025-53808 Windows Defender Firewall Service Elevation of Privilege Vulnerability
MicrosoftWindows Defender Firewall Service CVE-2025-54094 Windows Defender Firewall Service Elevation of Privilege Vulnerability
MicrosoftWindows Defender Firewall Service CVE-2025-54915 Windows Defender Firewall Service Elevation of Privilege Vulnerability
MicrosoftWindows Defender Firewall Service CVE-2025-54109 Windows Defender Firewall Service Elevation of Privilege Vulnerability
MicrosoftWindows Defender Firewall Service CVE-2025-54104 Windows Defender Firewall Service Elevation of Privilege Vulnerability
MicrosoftWindows DWM CVE-2025-53801 Microsoft DWM Core Library Elevation of Privilege Vulnerability
MicrosoftWindows Imaging Component CVE-2025-53799 Windows Imaging Component Information Disclosure Vulnerability
MicrosoftWindows Internet Information Services CVE-2025-53805 HTTP.sys Denial of Service Vulnerability
MicrosoftWindows Kernel CVE-2025-53803 Windows Kernel Memory Information Disclosure Vulnerability
MicrosoftWindows Kernel CVE-2025-53804 Windows Kernel-Mode Driver Information Disclosure Vulnerability
MicrosoftWindows Kernel CVE-2025-54110 Windows Kernel Elevation of Privilege Vulnerability
MicrosoftWindows Local Security Authority Subsystem Service (LSASS) CVE-2025-54894 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
MicrosoftWindows Local Security Authority Subsystem Service (LSASS) CVE-2025-53809 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
MicrosoftWindows Management Services CVE-2025-54103 Windows Management Service Elevation of Privilege Vulnerability
MicrosoftWindows MapUrlToZone CVE-2025-54107 MapUrlToZone Security Feature Bypass Vulnerability
MicrosoftWindows MapUrlToZone CVE-2025-54917 MapUrlToZone Security Feature Bypass Vulnerability
MicrosoftWindows MultiPoint Services CVE-2025-54116 Windows MultiPoint Services Elevation of Privilege Vulnerability
MicrosoftWindows NTFS CVE-2025-54916 Windows NTFS Remote Code Execution Vulnerability
MicrosoftWindows NTLM CVE-2025-54918 Windows NTLM Elevation of Privilege Vulnerability
MicrosoftWindows PowerShell CVE-2025-49734 PowerShell Direct Elevation of Privilege Vulnerability
MicrosoftWindows Routing and Remote Access Service (RRAS) CVE-2025-54095 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
MicrosoftWindows Routing and Remote Access Service (RRAS) CVE-2025-54096 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
MicrosoftWindows Routing and Remote Access Service (RRAS) CVE-2025-53797 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
MicrosoftWindows Routing and Remote Access Service (RRAS) CVE-2025-53796 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
MicrosoftWindows Routing and Remote Access Service (RRAS) CVE-2025-54106 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
MicrosoftWindows Routing and Remote Access Service (RRAS) CVE-2025-54097 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
MicrosoftWindows Routing and Remote Access Service (RRAS) CVE-2025-53798 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
MicrosoftWindows Routing and Remote Access Service (RRAS) CVE-2025-54113 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
MicrosoftWindows Routing and Remote Access Service (RRAS) CVE-2025-55225 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
MicrosoftWindows Routing and Remote Access Service (RRAS) CVE-2025-53806 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
MicrosoftWindows SMB CVE-2025-55234 Windows SMB Elevation of Privilege Vulnerability
MicrosoftWindows SMBv3 Client CVE-2025-54101 Windows SMB Client Remote Code Execution Vulnerability
MicrosoftWindows SPNEGO Extended Negotiation CVE-2025-54895 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege Vulnerability
MicrosoftWindows TCP/IP CVE-2025-54093 Windows TCP/IP Driver Elevation of Privilege Vulnerability
MicrosoftWindows UI XAML Maps MapControlSettings CVE-2025-54913 Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability
MicrosoftWindows UI XAML Phone DatePickerFlyout CVE-2025-54111 Windows UI XAML Phone DatePickerFlyout Elevation of Privilege Vulnerability
MicrosoftWindows Win32K - GRFX CVE-2025-55224 Windows Hyper-V Remote Code Execution Vulnerability
MicrosoftWindows Win32K - GRFX CVE-2025-55228 Windows Graphics Component Remote Code Execution Vulnerability
MicrosoftWindows Win32K - GRFX CVE-2025-54919 Windows Graphics Component Remote Code Execution Vulnerability
MicrosoftXbox CVE-2025-55242 Xbox Certification Bug Copilot Djando Information Disclosure Vulnerability
MicrosoftXBox Gaming Services CVE-2025-55245 Xbox Gaming Services Elevation of Privilege Vulnerability

CVE-2025-49734 - PowerShell Direct Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-49734
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: PowerShell Direct Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited the vulnerability?

The attacker, initially a non-admin user on the host, could hijack the PowerShell Direct session intended for communication between the admin user on host and a guest VM. This unauthorized access enables the attacker to impersonate the admin host user in communications with the guest, potentially manipulating or controlling guest-side operations.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


Why am I getting login failure events on my unpatched guest VM?

To ensure compatibility with unpatched guests, the new client attempts a login. This will produce an event in the Security Event log with event id 4625. The username will be ?‹PSDirectVMLegacy> and the domain will be 䕖卒佉N.

This event should stop when you patch your guest.

Note: The ?‹PSDirectVMLegacy> and 䕖卒佉N text is verbatim - this is what the user sees.


Where can I find information about additional mitigation steps?

There are edge case affecting hotpatched devices that have installed the September 2025 updates . These devices may experience failures with PowerShell Direct (PSDirect) connections when the host and guest virtual machines (VMs) are both not fully updated.

If your hotpatched device is experiencing issues with PSDirect connection, we recommend updating both the host and guest VM with these updates.

Additional information can be found in the Knowledge Base articles below.

KB Article Product
5065306 Windows Server 2022 Hotpatch
5065426 Windows 11, version 24H2
5065432 Windows Server 2022
5065474 Windows Server 2025 Hotpatch
5066359 PowerShell
5066360 PowerShell

Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-49734
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-49734

QWangWang

CVE-2025-53797 - Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-53797
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.


FAQ:

What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.


According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?

Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-53797
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Information Disclosure 5063947
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Information Disclosure 5063947
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Information Disclosure 5063906
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Information Disclosure 5063906
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Information Disclosure 5063950
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Information Disclosure 5063950
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063880

5063812		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063880

5063812		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Information Disclosure 5063899
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-53797 Anonymous

CVE-2025-53798 - Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-53798
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.


FAQ:

According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?

Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.


What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-53798
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Information Disclosure 5063947
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Information Disclosure 5063947
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Information Disclosure 5063906
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Information Disclosure 5063906
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Information Disclosure 5063950
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Information Disclosure 5063950
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063880

5063812		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063880

5063812		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Information Disclosure 5063899
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-53798 Anonymous

CVE-2025-54095 - Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54095
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.


FAQ:

According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?

Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.


What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54095
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Information Disclosure 5063947
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Information Disclosure 5063947
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Information Disclosure 5063906
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Information Disclosure 5063906
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Information Disclosure 5063950
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Information Disclosure 5063950
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063880

5063812		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063880

5063812		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Information Disclosure 5063899
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54095 Anonymous

CVE-2025-54096 - Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54096
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.


FAQ:

What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.


According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?

Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54096
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Information Disclosure 5063947
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Information Disclosure 5063947
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Information Disclosure 5063906
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Information Disclosure 5063906
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Information Disclosure 5063950
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Information Disclosure 5063950
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063880

5063812		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063880

5063812		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Information Disclosure 5063899
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54096 Anonymous

CVE-2025-54097 - Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54097
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.


FAQ:

According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?

Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.


What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54097
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Information Disclosure 5063947
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Information Disclosure 5063947
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Information Disclosure 5063906
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Information Disclosure 5063906
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Information Disclosure 5063950
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Information Disclosure 5063950
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063880

5063812		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063880

5063812		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Information Disclosure 5063899
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54097 Anonymous

CVE-2025-54099 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54099
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.


FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54099
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54099 Angelboy (@scwuaptx) with DEVCORE

CVE-2025-54101 - Windows SMB Client Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54101
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows SMB Client Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:4.8/TemporalScore:4.2
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network.


FAQ:

According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are low (PR:L). What does that mean for this vulnerability?

Exploitation of this vulnerability requires an authorized attacker on the domain to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54101
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Remote Code Execution 5063889
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Remote Code Execution 5063889
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Remote Code Execution 5063871
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Remote Code Execution 5063871
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Remote Code Execution 5063877
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Remote Code Execution 5063877
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Remote Code Execution 5063709
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Remote Code Execution 5063709
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Remote Code Execution 5063709
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Remote Code Execution 5063709
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Remote Code Execution 5063709
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Remote Code Execution 5063709
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Remote Code Execution 5063875
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Remote Code Execution 5063875
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Remote Code Execution 5063875
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Remote Code Execution 5063875
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Remote Code Execution 5063906
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Remote Code Execution 5063906
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Remote Code Execution 5063950
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Remote Code Execution 5063950
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Remote Code Execution 5063871
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Remote Code Execution 5063871
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Remote Code Execution 5063877
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Remote Code Execution 5063877
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063880

5063812		 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063880

5063812		 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Remote Code Execution 5063899
 Base: 4.8
Temporal: 4.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54101 Anonymous

CVE-2025-54102 - Windows Connected Devices Platform Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54102
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54102
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54102 Zhang WangJunJie, He YiSheng with Hillstone Network Security Research Institute

CVE-2025-54106 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54106
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.


FAQ:

According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?

Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.


How could an attacker exploit this vulnerability?

An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54106
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Remote Code Execution 5063950
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Remote Code Execution 5063950
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Remote Code Execution 5063871
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Remote Code Execution 5063871
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Remote Code Execution 5063877
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Remote Code Execution 5063877
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063880

5063812		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063880

5063812		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Remote Code Execution 5063899
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063878

5064010		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063878

5064010		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54106 Anonymous

CVE-2025-54110 - Windows Kernel Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54110
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

This vulnerability could lead to a contained execution environment escape. Please refer to AppContainer Isolation for more information.


How could an attacker exploit this vulnerability?

An attacker could exploit this vulnerability by sending specially crafted input from a sandboxed user-mode process to trigger an integer overflow, resulting in a buffer overflow in the kernel and enabling privilege escalation or sandbox escape.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54110
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54110 goodbyeselene

CVE-2025-54111 - Windows UI XAML Phone DatePickerFlyout Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54111
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows UI XAML Phone DatePickerFlyout Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

This vulnerability could lead to a contained execution environment escape. Please refer to AppContainer Isolation for more information.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54111
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54111 Zhiniang Peng with HUST & R4nger with CyberKunLun

CVE-2025-54894 - Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54894
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54894
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54894 Anonymous

CVE-2025-54895 - SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54895
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

This vulnerability could lead to a contained execution environment escape. Please refer to AppContainer Isolation for more information.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54895
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54895 Erik Egsgard with Field Effect

CVE-2025-54896 - Microsoft Excel Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54896
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.


FAQ:

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.


How could an attacker exploit the vulnerability?

An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

A user needs to be tricked into running malicious files.


Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Are the updates for the Microsoft Office LTSC for Mac currently available?

The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54896
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Excel 2016 (32-bit edition) 5002782 (Security Update) Important Remote Code Execution 5002758
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft Excel 2016 (64-bit edition) 5002782 (Security Update) Important Remote Code Execution 5002758
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC for Mac 2021 Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown Unknown None
Microsoft Office LTSC for Mac 2024 Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown Unknown None
Office Online Server 5002776 (Security Update) Important Remote Code Execution 5002752
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.10417.20047
 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54896 wh1tc with Kunlun Lab & Zhiniang Peng with HUST


CVE-2025-54897 - Microsoft SharePoint Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54897
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.


FAQ:

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.


I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.


According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?

The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54897
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft SharePoint Enterprise Server 2016 5002778 (Security Update) Important Remote Code Execution 5002771
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft SharePoint Server 2019 5002775 (Security Update) Important Remote Code Execution 5002769
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.10417.20047
 Maybe None
Microsoft SharePoint Server Subscription Edition 5002784 (Security Update) Important Remote Code Execution 5002773
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.19127.20100
 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54897 zcgonvh's cat Vanilla

CVE-2025-54898 - Microsoft Excel Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54898
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.


FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

A user needs to be tricked into running malicious files.


Are the updates for the Microsoft Office LTSC for Mac currently available?

The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54898
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Excel 2016 (32-bit edition) 5002782 (Security Update) Important Remote Code Execution 5002758
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft Excel 2016 (64-bit edition) 5002782 (Security Update) Important Remote Code Execution 5002758
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC for Mac 2021 Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown Unknown None
Microsoft Office LTSC for Mac 2024 Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown Unknown None
Office Online Server 5002776 (Security Update) Important Remote Code Execution 5002752
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.10417.20047
 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54898 wh1tc in Kunlun lab & devoke & Zhiniang Peng with HUST


cdbb6164ddfda2b210fd348442322115

CVE-2025-54899 - Microsoft Excel Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54899
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally.


FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker must send the user a malicious file and convince them to open it.


Are the updates for the Microsoft Office LTSC for Mac currently available?

The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.


Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54899
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Excel 2016 (32-bit edition) 5002782 (Security Update) Important Remote Code Execution 5002758
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft Excel 2016 (64-bit edition) 5002782 (Security Update) Important Remote Code Execution 5002758
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC for Mac 2021 Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown Unknown None
Microsoft Office LTSC for Mac 2024 Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54899 HAO LI with Venustech

CVE-2025-54902 - Microsoft Excel Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54902
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.


FAQ:

Are the updates for the Microsoft Office LTSC for Mac currently available?

The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker must send the user a malicious file and convince them to open it.


Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54902
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Excel 2016 (32-bit edition) 5002782 (Security Update) Important Remote Code Execution 5002758
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft Excel 2016 (64-bit edition) 5002782 (Security Update) Important Remote Code Execution 5002758
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC for Mac 2021 Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown Unknown None
Microsoft Office LTSC for Mac 2024 Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown Unknown None
Office Online Server 5002776 (Security Update) Important Remote Code Execution 5002752
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.10417.20047
 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54902 Quan Jin with DBAPPSecurity

CVE-2025-54903 - Microsoft Excel Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54903
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.


FAQ:

Are the updates for the Microsoft Office LTSC for Mac currently available?

The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker must send the user a malicious file and convince them to open it.


Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54903
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Excel 2016 (32-bit edition) 5002782 (Security Update) Important Remote Code Execution 5002758
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft Excel 2016 (64-bit edition) 5002782 (Security Update) Important Remote Code Execution 5002758
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC for Mac 2021 Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown Unknown None
Microsoft Office LTSC for Mac 2024 Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown Unknown None
Office Online Server 5002776 (Security Update) Important Remote Code Execution 5002752
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.10417.20047
 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54903 Quan Jin with DBAPPSecurity

CVE-2025-54904 - Microsoft Excel Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54904
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.


FAQ:

Are the updates for the Microsoft Office LTSC for Mac currently available?

The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker must send the user a malicious file and convince them to open it.


Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54904
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Excel 2016 (32-bit edition) 5002782 (Security Update) Important Remote Code Execution 5002758
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft Excel 2016 (64-bit edition) 5002782 (Security Update) Important Remote Code Execution 5002758
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC for Mac 2021 Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown Unknown None
Microsoft Office LTSC for Mac 2024 Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown Unknown None
Office Online Server 5002776 (Security Update) Important Remote Code Execution 5002752
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.10417.20047
 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54904 Quan Jin with DBAPPSecurity

CVE-2025-54905 - Microsoft Word Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54905
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft Word Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

Yes, the Preview Pane is an attack vector.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker must send the user a malicious file and convince them to open it.


What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.


There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?

Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.


Are the updates for the Microsoft Office LTSC for Mac currently available?

The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54905
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Information Disclosure Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Information Disclosure Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Information Disclosure Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Information Disclosure Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Information Disclosure Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Information Disclosure Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 32-bit editions Click to Run (Security Update) Important Information Disclosure Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 64-bit editions Click to Run (Security Update) Important Information Disclosure Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC for Mac 2021 Important Information Disclosure None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
 Unknown Unknown None
Microsoft Office LTSC for Mac 2024 Important Information Disclosure None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
 Unknown Unknown None
Microsoft SharePoint Enterprise Server 2016 5002778 (Security Update)
5002777 (Security Update)		 Important Information Disclosure 5002771

5002772		 Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft SharePoint Server 2019 5002775 (Security Update)
5002774 (Security Update)		 Important Information Disclosure 5002769

5002770		 Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
 16.0.10417.20047
 Maybe None
Microsoft Word 2016 (32-bit edition) 5002780 (Security Update) Important Information Disclosure 5002763
 Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft Word 2016 (64-bit edition) 5002780 (Security Update) Important Information Disclosure 5002763
 Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54905 Quan Jin with DBAPPSecurity

CVE-2025-54906 - Microsoft Office Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54906
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.


FAQ:

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker must send the user a malicious file and convince them to open it.


Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?

Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.


Are the updates for the Microsoft Office LTSC for Mac currently available?

The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54906
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office 2016 (32-bit edition) 5002781 (Security Update)
5002576 (Security Update)
5002766 (Security Update)		 Important Remote Code Execution 5002756

5002469
5002635		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft Office 2016 (64-bit edition) 5002781 (Security Update)
5002576 (Security Update)
5002766 (Security Update)		 Important Remote Code Execution 5002756

5002469
5002635		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC for Mac 2021 Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown Unknown None
Microsoft Office LTSC for Mac 2024 Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown Unknown None
Microsoft SharePoint Enterprise Server 2016 5002778 (Security Update) Important Remote Code Execution 5002771
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft SharePoint Server 2019 5002775 (Security Update) Important Remote Code Execution 5002769
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.10417.20047
 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54906 wh1tc in Kunlun lab & devoke & Zhiniang Peng with HUST

CVE-2025-54907 - Microsoft Office Visio Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54907
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft Office Visio Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally.


FAQ:

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.


Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54907
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54907 Li Shuang, willJ and Guang Gong with Vulnerability Research Institute

CVE-2025-54908 - Microsoft PowerPoint Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54908
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft PowerPoint Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.


FAQ:

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker must send the user a malicious file and convince them to open it.


Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54908
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft PowerPoint 2016 (32-bit edition) 5002779 (Security Update) Important Remote Code Execution 5002765
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft PowerPoint 2016 (64-bit edition) 5002779 (Security Update) Important Remote Code Execution 5002765
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54908 anonymous

CVE-2025-54913 - Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54913
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


How could an attacker exploit this vulnerability?

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

This vulnerability could lead to a contained execution environment escape. Please refer to AppContainer Isolation for more information.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54913
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54913 Zhiniang Peng with HUST & R4nger with CyberKunLun

CVE-2025-54916 - Windows NTFS Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54916
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows NTFS Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.


FAQ:

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54916
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Remote Code Execution 5063889
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Remote Code Execution 5063889
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Remote Code Execution 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Remote Code Execution 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Remote Code Execution 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Remote Code Execution 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Remote Code Execution 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Remote Code Execution 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Remote Code Execution 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Remote Code Execution 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Remote Code Execution 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Remote Code Execution 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Remote Code Execution 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Remote Code Execution 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Remote Code Execution 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Remote Code Execution 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Remote Code Execution 5063888
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Remote Code Execution 5063888
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Remote Code Execution 5063888
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Remote Code Execution 5063888
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Remote Code Execution 5063947
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Remote Code Execution 5063947
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Remote Code Execution 5063906
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Remote Code Execution 5063906
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Remote Code Execution 5063950
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Remote Code Execution 5063950
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Remote Code Execution 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Remote Code Execution 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Remote Code Execution 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Remote Code Execution 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Remote Code Execution 5063899
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54916 Sergey Tarasov with Positive Technologies

CVE-2025-54918 - Windows NTLM Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54918
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows NTLM Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.


FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?

The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Critical Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54918
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Critical Elevation of Privilege 5063889
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Critical Elevation of Privilege 5063889
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Critical Elevation of Privilege 5063871
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Critical Elevation of Privilege 5063871
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Critical Elevation of Privilege 5063877
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Critical Elevation of Privilege 5063877
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Critical Elevation of Privilege 5063709
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Critical Elevation of Privilege 5063709
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Critical Elevation of Privilege 5063709
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Critical Elevation of Privilege 5063709
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Critical Elevation of Privilege 5063709
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Critical Elevation of Privilege 5063709
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Critical Elevation of Privilege 5063875
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Critical Elevation of Privilege 5063875
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Critical Elevation of Privilege 5063875
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Critical Elevation of Privilege 5063875
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Elevation of Privilege 5063878

5064010		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Elevation of Privilege 5063878

5064010		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Critical Elevation of Privilege 5063888
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Critical Elevation of Privilege 5063888
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Critical Elevation of Privilege 5063888
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Critical Elevation of Privilege 5063888
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Critical Elevation of Privilege 5063947
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Critical Elevation of Privilege 5063947
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Critical Elevation of Privilege 5063906
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Critical Elevation of Privilege 5063906
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Critical Elevation of Privilege 5063950
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Critical Elevation of Privilege 5063950
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Critical Elevation of Privilege 5063871
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Critical Elevation of Privilege 5063871
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Critical Elevation of Privilege 5063877
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Critical Elevation of Privilege 5063877
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Critical Elevation of Privilege 5063880

5063812		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Critical Elevation of Privilege 5063880

5063812		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Critical Elevation of Privilege 5063899
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Elevation of Privilege 5063878

5064010		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Elevation of Privilege 5063878

5064010		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54918 Bryan De Houwer with Crimson7

CVE-2025-54919 - Windows Graphics Component Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54919
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Graphics Component Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.


FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. The vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an attacker needs to execute code from the local machine to exploit the vulnerability.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.


According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?

An authorized attacker with privileges could send controlled inputs to exploit this vulnerability.


According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54919
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Remote Code Execution 5063877
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Remote Code Execution 5063877
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Remote Code Execution 5063709
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Remote Code Execution 5063709
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Remote Code Execution 5063709
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Remote Code Execution 5063709
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Remote Code Execution 5063709
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Remote Code Execution 5063709
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Remote Code Execution 5063875
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Remote Code Execution 5063875
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Remote Code Execution 5063875
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Remote Code Execution 5063875
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063878

5064010		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063878

5064010		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2019 5065428 (Security Update) Important Remote Code Execution 5063877
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Remote Code Execution 5063877
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063880

5063812		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063880

5063812		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Remote Code Execution 5063899
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063878

5064010		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063878

5064010		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54919 cyanbamboo

CVE-2025-55223 - DirectX Graphics Kernel Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-55223
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.


FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-55223
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-55223 b2ahex


cyanbamboo

CVE-2025-55225 - Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-55225
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.


FAQ:

What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.


According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?

Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-55225
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Information Disclosure 5063947
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Information Disclosure 5063947
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Information Disclosure 5063906
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Information Disclosure 5063906
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Information Disclosure 5063950
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Information Disclosure 5063950
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063880

5063812		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063880

5063812		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Information Disclosure 5063899
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-55225 Anonymous

CVE-2025-55226 - Graphics Kernel Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-55226
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Graphics Kernel Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.7/TemporalScore:5.8
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally.


FAQ:

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.


According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?

An authorized attacker with privileges could send controlled inputs to exploit this vulnerability.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-55226
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Critical Remote Code Execution 5063889
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Critical Remote Code Execution 5063889
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Critical Remote Code Execution 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Critical Remote Code Execution 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Critical Remote Code Execution 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Critical Remote Code Execution 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Critical Remote Code Execution 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Critical Remote Code Execution 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Critical Remote Code Execution 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Critical Remote Code Execution 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Critical Remote Code Execution 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Critical Remote Code Execution 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Critical Remote Code Execution 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Critical Remote Code Execution 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Critical Remote Code Execution 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Critical Remote Code Execution 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Critical Remote Code Execution 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Critical Remote Code Execution 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Critical Remote Code Execution 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Critical Remote Code Execution 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Critical Remote Code Execution 5063947
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Critical Remote Code Execution 5063947
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Critical Remote Code Execution 5063906
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Critical Remote Code Execution 5063906
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Critical Remote Code Execution 5063950
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Critical Remote Code Execution 5063950
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Critical Remote Code Execution 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Critical Remote Code Execution 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Critical Remote Code Execution 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Critical Remote Code Execution 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063880

5063812		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063880

5063812		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Critical Remote Code Execution 5063899
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-55226 b2ahex

CVE-2025-55228 - Windows Graphics Component Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-55228
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Graphics Component Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.


FAQ:

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. The vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an attacker needs to execute code from the local machine to exploit the vulnerability.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


How could an attacker exploit this vulnerability?

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-55228
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Critical Remote Code Execution 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Critical Remote Code Execution 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Critical Remote Code Execution 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Critical Remote Code Execution 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Critical Remote Code Execution 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Critical Remote Code Execution 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Critical Remote Code Execution 5063899
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-55228 b2ahex


cyanbamboo

CVE-2025-55232 - Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-55232
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:8.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network.


FAQ:

What do customers need to do to mitigate this vulnerability?

If you are currently using HPC Pack 2019 Update 2, you need to upgrade to HPC Pack 2019 Update 3 (Build 6.3.8328) and then apply the QFE patch (Build 6.3.8352).

If you are currently using HPC Pack 2016, you must migrate to 2019 to receive a fix, as there is no in-place update from 2016 to 2019.


How could an attacker exploit the vulnerability?

An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.


Mitigations:

Customers should make sure the HPC Pack clusters are running in a trusted network secured by firewall rules especially for the TCP port 5999.


Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-55232
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft HPC Pack 2019 Release Notes (Security Update) Important Remote Code Execution Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.8352 Quick Fix QFE
 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-55232 None

CVE-2025-55236 - Graphics Kernel Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-55236
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Graphics Kernel Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.


FAQ:

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.


According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?

An authorized attacker with privileges could send controlled inputs to exploit this vulnerability.


According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-55236
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Critical Remote Code Execution 5063877
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Critical Remote Code Execution 5063877
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Critical Remote Code Execution 5063709
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Critical Remote Code Execution 5063709
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Critical Remote Code Execution 5063709
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Critical Remote Code Execution 5063709
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Critical Remote Code Execution 5063709
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Critical Remote Code Execution 5063709
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Critical Remote Code Execution 5063875
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Critical Remote Code Execution 5063875
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Critical Remote Code Execution 5063875
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Critical Remote Code Execution 5063875
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063878

5064010		 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063878

5064010		 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2019 5065428 (Security Update) Critical Remote Code Execution 5063877
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Critical Remote Code Execution 5063877
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063880

5063812		 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063880

5063812		 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Critical Remote Code Execution 5063899
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063878

5064010		 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063878

5064010		 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-55236 None

CVE-2025-55245 - Xbox Gaming Services Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-55245
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Xbox Gaming Services Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Improper link resolution before file access ('link following') in Xbox allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker would be able to delete targeted files on a system.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-55245
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Xbox Gaming Services Release Notes (Microsoft App Store) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 30.104.13001.0.
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-55245 Bighound

CVE-2025-55243 - Microsoft OfficePlus Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-55243
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft OfficePlus Spoofing Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Exposure of sensitive information to an unauthorized actor in Microsoft Office Plus allows an unauthorized attacker to perform spoofing over a network.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-55243
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft OfficePLUS Release Notes (Security Update) Important Spoofing Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 3.10.0.26585
 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-55243 Zhiniang Peng with HUST

CVE-2025-55316 - Azure Arc Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-55316
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Azure Arc Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally.


FAQ:

**What privileges could be gained by an attacker who successfully exploited this vulnerability? **

An attacker can deploy VM Extensions on compromised Servers


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-55316
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Connected Machine Agent Release Notes (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 1.56
 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-55316 Sharan Patil with REVERSEC

CVE-2025-55317 - Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-55317
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploits this vulnerability could elevate their privileges to perform commands as Root in the target environment.


How could an attacker exploit this vulnerability?

A user can download an installer and before the user runs the installer, the attacker could replace it with a malicious installer. When the victim runs the malicious installer the attacker could elevate their privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-55317
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft AutoUpdate for Mac MAU (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 4.80
 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-55317 None

CVE-2025-49692 - Azure Connected Machine Agent Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-49692
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.


FAQ:

What actions do customers need to take to protect themselves from this vulnerability?

Customers should update their Azure Connected Machine Agent to the latest version. For more information, see What's new with Azure Connected Machine agent.


What privileges could an attacker gain with successful exploitation?

An attacker who successfully exploited the vulnerability could elevate their privileges as ‘NT AUTHORITY\SYSTEM’ user and perform arbitrary code execution.


According to the CVSS metric, the attack vector is local (AV:L) and privileges required is low (PR:L). What does this mean in the context of this elevation of privilege vulnerability?

An attacker needs to be authorized as a standard user on the localhost to execute this attack. They could then elevate their privileges to perform unauthorized operations.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-49692
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Connected Machine Agent Release Notes (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 1.49
 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-49692 Sharan Patil with WithSecure Consulting

CVE-2025-47997 - Microsoft SQL Server Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-47997
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft SQL Server Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.


I am running SQL Server on my system. What action do I need to take?

Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.

There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?

  • First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components.
  • Second, in the following table, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.

Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product to apply this and future security updates.

Update Number Title Version Apply if current product version is… This security update also includes servicing releases up through…
5065220 Security update for SQL Server 2022 CU20+GDR 16.0.4212.1 16.0.4003.1 - 16.0.4210.1 KB 5063814 - SQL2022 RTM CU20
5065221 Security update for SQL Server 2022 RTM+GDR 16.0.1150.1 16.0.1000.6 - 16.0.1145.1 KB 5063756 - Previous SQL2022 RTM GDR
5065222 Security update for SQL Server 2019 CU32+GDR 15.0.4445.1 15.0.4003.23 - 15.0.4440.1 KB 5063757 - Previous SQL2019 RTM CU32 GDR
5065223 Security update for SQL Server 2019 RTM+GDR 15.0.2145.1 15.0.2000.5 - 15.0.2140.1 KB 5063758 - Previous SQL2019 RTM GDR
5065225 Security update for SQL Server 2017 CU31+GDR 14.0.3505.1 14.0.3006.16 - 14.0.3500.1 KB 5063759 - Previous SQL2017 RTM CU31 GDR
5065224 Security update for SQL Server 2017 RTM+GDR 14.0.2085.1 14.0.1000.169 - 14.0.2080.1 KB 5063760 - Previous SQL2017 RTM GDR
5065227 Security update for SQL 2016 Azure Connect Feature Pack 13.0.7065.1 13.0.7000.253 - 13.0.7060.1 KB 5063761 - Previous SQL2016 Azure Connect Feature Pack GDR
5065226 Security update for SQL Server 2016 SP3 RTM+GDR 13.0.6470.1 13.0.6300.2 - 13.0.6465.1 KB 5063762 - Previous SQL2016 RTM GDR

What are the GDR and CU update designations and how do they differ?

The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.

  • GDR updates – cumulatively only contain security updates for the given baseline.
  • CU updates – cumulatively contain all functional fixes and security updates for the given baseline.

For any given baseline, either the GDR or CU updates could be options (see below).

  • If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.
  • If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.
  • If SQL Server installation has intentionally installed previous CU updates, then choose to install the CU security update package.

Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.

Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?

Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-47997
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) 5065226 (Security Update) Important Information Disclosure Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 13.0.6470.1
 Maybe None
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack 5065227 (Security Update) Important Information Disclosure Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 13.0.7065.1
 Maybe None
Microsoft SQL Server 2017 for x64-based Systems (CU 31) 5065225 (Security Update) Important Information Disclosure Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 14.0.3505.1
 Maybe None
Microsoft SQL Server 2017 for x64-based Systems (GDR) 5065224 (Security Update) Important Information Disclosure Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 14.0.2085.1
 Maybe None
Microsoft SQL Server 2019 for x64-based Systems (CU 32) 5065222 (Security Update) Important Information Disclosure Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 15.0.4445.1
 Maybe None
Microsoft SQL Server 2019 for x64-based Systems (GDR) 5065223 (Security Update) Important Information Disclosure Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 15.0.2145.1
 Maybe None
Microsoft SQL Server 2022 for x64-based Systems (CU 20) 5065220 (Security Update) Important Information Disclosure Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 16.0.4212.1
 Maybe None
Microsoft SQL Server 2022 for x64-based Systems (GDR) 5065221 (Security Update) Important Information Disclosure Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 16.0.1150.1
 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-47997 None

CVE-2025-53796 - Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-53796
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.


FAQ:

According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?

Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.


What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-53796
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Information Disclosure 5063947
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Information Disclosure 5063947
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Information Disclosure 5063906
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Information Disclosure 5063906
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Information Disclosure 5063950
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Information Disclosure 5063950
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063880

5063812		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063880

5063812		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Information Disclosure 5063899
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-53796 Anonymous

CVE-2025-53799 - Windows Imaging Component Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-53799
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Imaging Component Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.


FAQ:

What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker must send the user a malicious file and convince them to open it.


Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Critical Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-53799
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Office for Android Release Notes (Security Update) Critical Information Disclosure Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 16.0.19220.20000
 Maybe None
Windows 10 for 32-bit Systems 5065430 (Security Update) Critical Information Disclosure 5063889
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Critical Information Disclosure 5063889
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Critical Information Disclosure 5063871
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Critical Information Disclosure 5063871
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Critical Information Disclosure 5063877
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Critical Information Disclosure 5063877
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Critical Information Disclosure 5063709
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Critical Information Disclosure 5063709
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Critical Information Disclosure 5063709
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Critical Information Disclosure 5063709
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Critical Information Disclosure 5063709
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Critical Information Disclosure 5063709
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Critical Information Disclosure 5063875
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Critical Information Disclosure 5063875
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Critical Information Disclosure 5063875
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Critical Information Disclosure 5063875
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Information Disclosure 5063878

5064010		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Information Disclosure 5063878

5064010		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Critical Information Disclosure 5063888
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Critical Information Disclosure 5063888
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Critical Information Disclosure 5063888
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Critical Information Disclosure 5063888
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Critical Information Disclosure 5063947
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Critical Information Disclosure 5063947
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Critical Information Disclosure 5063906
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Critical Information Disclosure 5063906
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Critical Information Disclosure 5063950
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Critical Information Disclosure 5063950
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Critical Information Disclosure 5063871
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Critical Information Disclosure 5063871
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Critical Information Disclosure 5063877
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Critical Information Disclosure 5063877
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Critical Information Disclosure 5063880

5063812		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Critical Information Disclosure 5063880

5063812		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Critical Information Disclosure 5063899
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Information Disclosure 5063878

5064010		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Information Disclosure 5063878

5064010		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-53799 None

CVE-2025-53800 - Windows Graphics Component Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-53800
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Graphics Component Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Critical Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-53800
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Critical Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Critical Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Critical Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Critical Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Critical Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Critical Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Critical Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Critical Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Critical Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Critical Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Critical Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Critical Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Critical Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Critical Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2016 5065427 (Security Update) Critical Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Critical Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Critical Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Critical Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Critical Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Critical Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Critical Elevation of Privilege 5063899
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-53800 Anonymous

CVE-2025-53801 - Microsoft DWM Core Library Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-53801
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-53801
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-53801 namnp with Viettel Cyber Security

CVE-2025-53802 - Windows Bluetooth Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-53802
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Bluetooth Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-53802
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-53802 Hwiwon Lee (hwiwonl), SEC-agent team


Jongseong Kim (nevul37), SEC-agent team with ENKI WhiteHat

CVE-2025-53803 - Windows Kernel Memory Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-53803
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Kernel Memory Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.


FAQ:

What type of information could be disclosed by this vulnerability?

Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-53803
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Information Disclosure 5063889
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Information Disclosure 5063889
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Information Disclosure 5063709
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Information Disclosure 5063709
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Information Disclosure 5063709
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Information Disclosure 5063709
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Information Disclosure 5063709
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Information Disclosure 5063709
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Information Disclosure 5063875
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Information Disclosure 5063875
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Information Disclosure 5063875
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Information Disclosure 5063875
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Information Disclosure 5063906
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Information Disclosure 5063906
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Information Disclosure 5063950
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Information Disclosure 5063950
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063880

5063812		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063880

5063812		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Information Disclosure 5063899
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-53803 Aobo Wang


Lewis Lee, Chunyang Han and Zhiniang Peng with HUST


Lewis Lee, Chunyang Han and Zhiniang Peng with HUST


Anonymous


Aobo Wang

CVE-2025-53804 - Windows Kernel-Mode Driver Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-53804
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Kernel-Mode Driver Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.


FAQ:

What type of information could be disclosed by this vulnerability?

Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-53804
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Information Disclosure 5063889
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Information Disclosure 5063889
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Information Disclosure 5063709
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Information Disclosure 5063709
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Information Disclosure 5063709
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Information Disclosure 5063709
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Information Disclosure 5063709
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Information Disclosure 5063709
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Information Disclosure 5063875
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Information Disclosure 5063875
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Information Disclosure 5063875
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Information Disclosure 5063875
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Information Disclosure 5063906
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Information Disclosure 5063906
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Information Disclosure 5063950
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Information Disclosure 5063950
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063880

5063812		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063880

5063812		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Information Disclosure 5063899
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-53804 Lewis Lee

CVE-2025-53805 - HTTP.sys Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-53805
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: HTTP.sys Denial of Service Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Out-of-bounds read in Windows Internet Information Services allows an unauthorized attacker to deny service over a network.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-53805
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Denial of Service 5063875
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Denial of Service 5063875
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Denial of Service 5063875
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Denial of Service 5063875
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Denial of Service 5063878

5064010		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Denial of Service 5063878

5064010		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Denial of Service 5063880

5063812		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Denial of Service 5063880

5063812		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Denial of Service 5063899
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Denial of Service 5063878

5064010		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Denial of Service 5063878

5064010		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-53805 Rutuja Shirali with Microsoft


Yesayi Hovnanyan with Microsoft


Matthew Cox with Microsoft


Matthew Cox with Microsoft

CVE-2025-53806 - Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-53806
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.


FAQ:

According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?

Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.


What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-53806
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Information Disclosure 5063888
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Information Disclosure 5063947
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Information Disclosure 5063947
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Information Disclosure 5063906
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Information Disclosure 5063906
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Information Disclosure 5063950
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Information Disclosure 5063950
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Information Disclosure 5063871
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Information Disclosure 5063877
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063880

5063812		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063880

5063812		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Information Disclosure 5063899
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Information Disclosure 5063878

5064010		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-53806 Anonymous

CVE-2025-53807 - Windows Graphics Component Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-53807
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Graphics Component Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-53807
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-53807 cyanbamboo

CVE-2025-53808 - Windows Defender Firewall Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-53808
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Defender Firewall Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.7/TemporalScore:5.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to Local Service.


According to the CVSS metric, privileges required is high (PR:H). What privileges are required to exploit this vulnerability?

To successfully exploit the vulnerability, an attacker must be part of a specific user group.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-53808
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-53808 k0shl with Kunlun Lab

CVE-2025-53809 - Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-53809
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Improper input validation in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-53809
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Denial of Service 5063878

5064010		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Denial of Service 5063878

5064010		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Denial of Service 5063878

5064010		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Denial of Service 5063878

5064010		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-53809 Tamas Jos (@skelsec)

CVE-2025-53810 - Windows Defender Firewall Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-53810
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Defender Firewall Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.7/TemporalScore:5.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to Local Service.


According to the CVSS metric, privileges required is high (PR:H). What privileges are required to exploit this vulnerability?

To successfully exploit the vulnerability, an attacker must be part of a specific user group.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-53810
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-53810 k0shl with Kunlun Lab

CVE-2025-54091 - Windows Hyper-V Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54091
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Hyper-V Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54091
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for x64-based Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54091 ChengBin Wang with ZheJiang Guoli Security Technology

CVE-2025-54092 - Windows Hyper-V Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54092
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Hyper-V Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54092
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54092 Chen Le Qi (@cplearns2h4ck) with STAR Labs SG Pte. Ltd.

CVE-2025-54093 - Windows TCP/IP Driver Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54093
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows TCP/IP Driver Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54093
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54093 Angelboy (@scwuaptx) with DEVCORE

CVE-2025-54094 - Windows Defender Firewall Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54094
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Defender Firewall Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.7/TemporalScore:5.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to Local Service.


According to the CVSS metric, privileges required is high (PR:H). What privileges are required to exploit this vulnerability?

To successfully exploit the vulnerability, an attacker must be part of a specific user group.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54094
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54094 k0shl with Kunlun Lab

CVE-2025-54098 - Windows Hyper-V Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54098
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Hyper-V Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54098
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for x64-based Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54098 Chen Le Qi (@cplearns2h4ck) with STAR Labs SG Pte. Ltd.


Angelboy (@scwuaptx) with DEVCORE

CVE-2025-54103 - Windows Management Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54103
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Management Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.4/TemporalScore:6.4
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54103
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54103 Taewoo (Tae_ω02)

CVE-2025-54104 - Windows Defender Firewall Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54104
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Defender Firewall Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.7/TemporalScore:5.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to Local Service.


According to the CVSS metric, privileges required is high (PR:H). What privileges are required to exploit this vulnerability?

To successfully exploit the vulnerability, an attacker must be part of a specific user group.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54104
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54104 k0shl with Kunlun Lab

CVE-2025-54105 - Microsoft Brokering File System Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54105
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft Brokering File System Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.


FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54105
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54105 ChenJian with Sea Security Orca Team

CVE-2025-54107 - MapUrlToZone Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54107
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: MapUrlToZone Security Feature Bypass Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityLow
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.


FAQ:

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method.


The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?

While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.

To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.


According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted directory or file path to be compromised by the attacker.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54107
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Security Feature Bypass 5063889
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Security Feature Bypass 5063889
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Security Feature Bypass 5063871
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Security Feature Bypass 5063871
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Security Feature Bypass 5063877
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Security Feature Bypass 5063877
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Security Feature Bypass 5063709
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Security Feature Bypass 5063709
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Security Feature Bypass 5063709
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Security Feature Bypass 5063709
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Security Feature Bypass 5063709
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Security Feature Bypass 5063709
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Security Feature Bypass 5063875
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Security Feature Bypass 5063875
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Security Feature Bypass 5063875
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Security Feature Bypass 5063875
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Security Feature Bypass 5063878

5064010		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Security Feature Bypass 5063878

5064010		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)
5065435 (IE Cumulative)		 Important Security Feature Bypass 5063888

5060996		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529

1.000		 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)
5065435 (IE Cumulative)		 Important Security Feature Bypass 5063888

5060996		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529

1.000		 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)
5065435 (IE Cumulative)		 Important Security Feature Bypass 5063888

5060996		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529

1.000		 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)
5065435 (IE Cumulative)		 Important Security Feature Bypass 5063888

5060996		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529

1.000		 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065435 (IE Cumulative)
5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Security Feature Bypass 5060996

5063947		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 1.000

6.1.7601.27929		 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065435 (IE Cumulative)
5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Security Feature Bypass 5060996

5063947		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 1.000

6.1.7601.27929		 Yes None
Windows Server 2012 5065435 (IE Cumulative)
5065509 (Monthly Rollup)		 Important Security Feature Bypass 5060996

5063906		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 1.000

6.2.9200.25675		 Yes None
Windows Server 2012 (Server Core installation) 5065435 (IE Cumulative)
5065509 (Monthly Rollup)		 Important Security Feature Bypass 5060996

5063906		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 1.000

6.2.9200.25675		 Yes None
Windows Server 2012 R2 5065435 (IE Cumulative)
5065507 (Monthly Rollup)		 Important Security Feature Bypass 5060996

5063950		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 1.000

6.3.9600.22774		 Yes None
Windows Server 2012 R2 (Server Core installation) 5065435 (IE Cumulative)
5065507 (Monthly Rollup)		 Important Security Feature Bypass 5060996

5063950		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 1.000

6.3.9600.22774		 Yes None
Windows Server 2016 5065427 (Security Update) Important Security Feature Bypass 5063871
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Security Feature Bypass 5063871
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Security Feature Bypass 5063877
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Security Feature Bypass 5063877
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Security Feature Bypass 5063880

5063812		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Security Feature Bypass 5063880

5063812		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Security Feature Bypass 5063899
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Security Feature Bypass 5063878

5064010		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Security Feature Bypass 5063878

5064010		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54107 Eric Lawrence with Microsoft Defender for Endpoint


Eric Lawrence with Microsoft Defender for Endpoint

CVE-2025-54108 - Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54108
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54108
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54108 Azure Yang with Kunlun Lab

CVE-2025-54109 - Windows Defender Firewall Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54109
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Defender Firewall Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.7/TemporalScore:5.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to Local Service.


According to the CVSS metric, privileges required is high (PR:H). What privileges are required to exploit this vulnerability?

To successfully exploit the vulnerability, an attacker must be part of a specific user group.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54109
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54109 k0shl with Kunlun Lab

CVE-2025-54112 - Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54112
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.


FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54112
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54112 her0m4nt

CVE-2025-54113 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54113
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.


FAQ:

According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?

Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.


How could an attacker exploit this vulnerability?

An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54113
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Remote Code Execution 5063888
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Remote Code Execution 5063888
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Remote Code Execution 5063888
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Remote Code Execution 5063888
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Remote Code Execution 5063947
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Remote Code Execution 5063947
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Remote Code Execution 5063906
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Remote Code Execution 5063906
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Remote Code Execution 5063950
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Remote Code Execution 5063950
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Remote Code Execution 5063871
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Remote Code Execution 5063871
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Remote Code Execution 5063877
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Remote Code Execution 5063877
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063880

5063812		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063880

5063812		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Remote Code Execution 5063899
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063878

5064010		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Remote Code Execution 5063878

5064010		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54113 Anonymous

CVE-2025-54114 - Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54114
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to deny service locally.


FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54114
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Denial of Service 5063871
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Denial of Service 5063871
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Denial of Service 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Denial of Service 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Denial of Service 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Denial of Service 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Denial of Service 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Denial of Service 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Denial of Service 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Denial of Service 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Denial of Service 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Denial of Service 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Denial of Service 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Denial of Service 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2016 5065427 (Security Update) Important Denial of Service 5063871
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Denial of Service 5063871
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Denial of Service 5063880

5063812		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Denial of Service 5063880

5063812		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Denial of Service 5063899
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Denial of Service 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Denial of Service 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54114 Zhang WangJunJie, He YiSheng with Hillstone Networks Security Research Institute

CVE-2025-54115 - Windows Hyper-V Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54115
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Hyper-V Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54115
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54115 hazard

CVE-2025-54116 - Windows MultiPoint Services Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54116
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows MultiPoint Services Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker would be able to delete any system files.


According to the CVSS metric, user interaction is required (UI:R) and privileges required  is low (PR:L). What does that mean for this vulnerability?

An authorized attacker must send the user a malicious file and convince the user to open it.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54116
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54116 BochengXiang(@Crispr) with FDU

CVE-2025-54900 - Microsoft Excel Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54900
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.


FAQ:

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

A user needs to be tricked into running malicious files.


Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Are the updates for the Microsoft Office LTSC for Mac currently available?

The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54900
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Excel 2016 (32-bit edition) 5002782 (Security Update) Important Remote Code Execution 5002758
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft Excel 2016 (64-bit edition) 5002782 (Security Update) Important Remote Code Execution 5002758
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC for Mac 2021 Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown Unknown None
Microsoft Office LTSC for Mac 2024 Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown Unknown None
Office Online Server 5002776 (Security Update) Important Remote Code Execution 5002752
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.10417.20047
 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54900 wh1tc with Kunlun lab & devoke & Zhiniang Peng with HUST

CVE-2025-54901 - Microsoft Excel Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54901
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft Excel Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.


FAQ:

Are the updates for the Microsoft Office LTSC for Mac currently available?

The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker must send the user a malicious file and convince them to open it.


What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.


Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54901
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Information Disclosure Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Information Disclosure Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Excel 2016 (32-bit edition) 5002762 (Security Update) Important Information Disclosure 5002695
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft Excel 2016 (64-bit edition) 5002762 (Security Update) Important Information Disclosure 5002695
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Information Disclosure Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Information Disclosure Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Information Disclosure Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Information Disclosure Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 32-bit editions Click to Run (Security Update) Important Information Disclosure Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 64-bit editions Click to Run (Security Update) Important Information Disclosure Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC for Mac 2021 Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Unknown Unknown None
Microsoft Office LTSC for Mac 2024 Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Unknown Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54901 Quan Jin with DBAPPSecurity

CVE-2025-54910 - Microsoft Office Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54910
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.4/TemporalScore:7.3
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.


FAQ:

Are the updates for the Microsoft Office LTSC for Mac currently available?

The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.


Is the Preview Pane an attack vector for this vulnerability?

Yes, the Preview Pane is an attack vector.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.


How could an attacker exploit the vulnerability?

An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54910
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Critical Remote Code Execution Base: 8.4
Temporal: 7.3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Critical Remote Code Execution Base: 8.4
Temporal: 7.3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office 2016 (32-bit edition) 5002781 (Security Update) Critical Remote Code Execution 5002756
 Base: 8.4
Temporal: 7.3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft Office 2016 (64-bit edition) 5002781 (Security Update) Critical Remote Code Execution 5002756
 Base: 8.4
Temporal: 7.3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.5517.1000
 Maybe None
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Critical Remote Code Execution Base: 8.4
Temporal: 7.3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Critical Remote Code Execution Base: 8.4
Temporal: 7.3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Critical Remote Code Execution Base: 8.4
Temporal: 7.3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Critical Remote Code Execution Base: 8.4
Temporal: 7.3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 32-bit editions Click to Run (Security Update) Critical Remote Code Execution Base: 8.4
Temporal: 7.3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC 2024 for 64-bit editions Click to Run (Security Update) Critical Remote Code Execution Base: 8.4
Temporal: 7.3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 https://aka.ms/OfficeSecurityReleases
 No None
Microsoft Office LTSC for Mac 2021 Critical Remote Code Execution None Base: 8.4
Temporal: 7.3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown Unknown None
Microsoft Office LTSC for Mac 2024 Critical Remote Code Execution None Base: 8.4
Temporal: 7.3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54910 Li Shuang, willJ and Guang Gong with Vulnerability Research Institute

CVE-2025-54911 - Windows BitLocker Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54911
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows BitLocker Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?

An authorized attacker with privileges could send controlled inputs to exploit this vulnerability.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54911
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54911 Hussein Alrubaye with Microsoft

CVE-2025-54912 - Windows BitLocker Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54912
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows BitLocker Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54912
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54912 Hussein Alrubaye with Microsoft

CVE-2025-54915 - Windows Defender Firewall Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54915
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Defender Firewall Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.7/TemporalScore:5.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.


FAQ:

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to Local Service.


According to the CVSS metric, privileges required is high (PR:H). What privileges are required to exploit this vulnerability?

To successfully exploit the vulnerability, an attacker must be part of a specific user group.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54915
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54915 k0shl with Kunlun Lab

CVE-2025-54917 - MapUrlToZone Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54917
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: MapUrlToZone Security Feature Bypass Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityLow
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.


FAQ:

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted drive path to be compromised by the attacker.


The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?

While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.

To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.


According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54917
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Security Feature Bypass 5063889
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Security Feature Bypass 5063889
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Security Feature Bypass 5063871
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Security Feature Bypass 5063871
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Security Feature Bypass 5063877
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Security Feature Bypass 5063877
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Security Feature Bypass 5063709
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Security Feature Bypass 5063709
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Security Feature Bypass 5063709
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Security Feature Bypass 5063709
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Security Feature Bypass 5063709
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Security Feature Bypass 5063709
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Security Feature Bypass 5063875
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Security Feature Bypass 5063875
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Security Feature Bypass 5063875
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Security Feature Bypass 5063875
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Security Feature Bypass 5063878

5064010		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Security Feature Bypass 5063878

5064010		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)
5065435 (IE Cumulative)		 Important Security Feature Bypass 5063888

5060996		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529

1.000		 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)
5065435 (IE Cumulative)		 Important Security Feature Bypass 5063888

5060996		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529

1.000		 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)
5065435 (IE Cumulative)		 Important Security Feature Bypass 5063888

5060996		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529

1.000		 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)
5065435 (IE Cumulative)		 Important Security Feature Bypass 5063888

5060996		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 6.0.6003.23529

1.000		 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065435 (IE Cumulative)
5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Security Feature Bypass 5060996

5063947		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 1.000

6.1.7601.27929		 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065435 (IE Cumulative)
5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Security Feature Bypass 5060996

5063947		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 1.000

6.1.7601.27929		 Yes None
Windows Server 2012 5065435 (IE Cumulative)
5065509 (Monthly Rollup)		 Important Security Feature Bypass 5060996

5063906		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 1.000

6.2.9200.25675		 Yes None
Windows Server 2012 (Server Core installation) 5065435 (IE Cumulative)
5065509 (Monthly Rollup)		 Important Security Feature Bypass 5060996

5063906		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 1.000

6.2.9200.25675		 Yes None
Windows Server 2012 R2 5065435 (IE Cumulative)
5065507 (Monthly Rollup)		 Important Security Feature Bypass 5060996

5063950		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 1.000

6.3.9600.22774		 Yes None
Windows Server 2012 R2 (Server Core installation) 5065435 (IE Cumulative)
5065507 (Monthly Rollup)		 Important Security Feature Bypass 5060996

5063950		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 1.000

6.3.9600.22774		 Yes None
Windows Server 2016 5065427 (Security Update) Important Security Feature Bypass 5063871
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Security Feature Bypass 5063871
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Security Feature Bypass 5063877
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Security Feature Bypass 5063877
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Security Feature Bypass 5063880

5063812		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Security Feature Bypass 5063880

5063812		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Security Feature Bypass 5063899
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Security Feature Bypass 5063878

5064010		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Security Feature Bypass 5063878

5064010		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54917 Ben Lichtman


George Hughey with MSRC Vulnerabilities & Mitigations

CVE-2025-55224 - Windows Hyper-V Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-55224
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.


FAQ:

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. The vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an attacker needs to execute code from the local machine to exploit the vulnerability.


How could an attacker exploit this vulnerability?

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-55224
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Critical Remote Code Execution 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Critical Remote Code Execution 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Critical Remote Code Execution 5063709
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Critical Remote Code Execution 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Critical Remote Code Execution 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Critical Remote Code Execution 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Critical Remote Code Execution 5063875
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2019 5065428 (Security Update) Critical Remote Code Execution 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Critical Remote Code Execution 5063877
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063880

5063812		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Critical Remote Code Execution 5063899
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Critical Remote Code Execution 5063878

5064010		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-55224 b2ahex


cyanbamboo

CVE-2025-55227 - Microsoft SQL Server Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-55227
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft SQL Server Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.


FAQ:

How could an attacker exploit the vulnerability?

An authorized attacker could inject SQL code and run it with elevated privileges at table creation.


What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could gain sysadmin privileges.


I am running SQL Server on my system. What action do I need to take?

Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.

There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?

  • First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components.
  • Second, in the following table, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.

Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product to apply this and future security updates.

Update Number Title Version Apply if current product version is… This security update also includes servicing releases up through…
5065220 Security update for SQL Server 2022 CU20+GDR 16.0.4212.1 16.0.4003.1 - 16.0.4210.1 KB 5063814 - SQL2022 RTM CU20
5065221 Security update for SQL Server 2022 RTM+GDR 16.0.1150.1 16.0.1000.6 - 16.0.1145.1 KB 5063756 - Previous SQL2022 RTM GDR
5065222 Security update for SQL Server 2019 CU32+GDR 15.0.4445.1 15.0.4003.23 - 15.0.4440.1 KB 5063757 - Previous SQL2019 RTM CU32 GDR
5065223 Security update for SQL Server 2019 RTM+GDR 15.0.2145.1 15.0.2000.5 - 15.0.2140.1 KB 5063758 - Previous SQL2019 RTM GDR
5065225 Security update for SQL Server 2017 CU31+GDR 14.0.3505.1 14.0.3006.16 - 14.0.3500.1 KB 5063759 - Previous SQL2017 RTM CU31 GDR
5065224 Security update for SQL Server 2017 RTM+GDR 14.0.2085.1 14.0.1000.169 - 14.0.2080.1 KB 5063760 - Previous SQL2017 RTM GDR
5065227 Security update for SQL 2016 Azure Connect Feature Pack 13.0.7065.1 13.0.7000.253 - 13.0.7060.1 KB 5063761 - Previous SQL2016 Azure Connect Feature Pack GDR
5065226 Security update for SQL Server 2016 SP3 RTM+GDR 13.0.6470.1 13.0.6300.2 - 13.0.6465.1 KB 5063762 - Previous SQL2016 RTM GDR

What are the GDR and CU update designations and how do they differ?

The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.

  • GDR updates – cumulatively only contain security updates for the given baseline.
  • CU updates – cumulatively contain all functional fixes and security updates for the given baseline.

For any given baseline, either the GDR or CU updates could be options (see below).

  • If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.
  • If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.
  • If SQL Server installation has intentionally installed previous CU updates, then choose to install the CU security update package.

Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.

Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?

Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-55227
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) 5065226 (Security Update) Important Elevation of Privilege Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 13.0.6470.1
 Maybe None
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack 5065227 (Security Update) Important Elevation of Privilege Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 13.0.7065.1
 Maybe None
Microsoft SQL Server 2017 for x64-based Systems (CU 31) 5065225 (Security Update) Important Elevation of Privilege Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 14.0.3505.1
 Maybe None
Microsoft SQL Server 2017 for x64-based Systems (GDR) 5065224 (Security Update) Important Elevation of Privilege Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 14.0.2085.1
 Maybe None
Microsoft SQL Server 2019 for x64-based Systems (CU 32) 5065222 (Security Update) Important Elevation of Privilege Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 15.0.4445.1
 Maybe None
Microsoft SQL Server 2019 for x64-based Systems (GDR) 5065223 (Security Update) Important Elevation of Privilege Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 15.0.2145.1
 Maybe None
Microsoft SQL Server 2022 for x64-based Systems (CU 20) 5065220 (Security Update) Important Elevation of Privilege Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.4212.1
 Maybe None
Microsoft SQL Server 2022 for x64-based Systems (GDR) 5065221 (Security Update) Important Elevation of Privilege Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 16.0.1150.1
 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-55227 Martin Rakhmanov and Albin Vattakattu

CVE-2025-55234 - Windows SMB Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-55234
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Windows SMB Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks.

The SMB Server already supports mechanisms for hardening against relay attacks:

  • SMB Server signing
  • SMB Server Extended Protection for Authentication (EPA)

Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks.

If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks:


FAQ:

Are there any further actions I need to take to be protected from relay attacks?

The security updates released on September 9, 2025 enable support for auditing SMB client compatibility for SMB Server signing as well as SMB Server EPA. This allows customers to assess their environment and identify any potential device or software incompatibility issues before deploying the hardening measures that are already supported by SMB Server. Please see https://support.microsoft.com/help/5066913 for more information.


What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could gain the privileges of the compromised user.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-55234
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 for x64-based Systems 5065430 (Security Update) Important Elevation of Privilege 5063889
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.10240.21128
 Yes None
Windows 10 Version 1607 for 32-bit Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1607 for x64-based Systems 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows 10 Version 1809 for 32-bit Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 1809 for x64-based Systems 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 21H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19044.6332
 Yes None
Windows 10 Version 22H2 for 32-bit Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for ARM64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 10 Version 22H2 for x64-based Systems 5065429 (Security Update) Important Elevation of Privilege 5063709
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.19045.6332
 Yes None
Windows 11 Version 22H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 22H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22621.5909
 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 23H2 for x64-based Systems 5065431 (Security Update) Important Elevation of Privilege 5063875
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.22631.5909
 Yes None
Windows 11 Version 24H2 for ARM64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows 11 Version 24H2 for x64-based Systems 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5065508 (Monthly Rollup)
5065511 (Security Only)		 Important Elevation of Privilege 5063888
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.0.6003.23529
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5065468 (Monthly Rollup)
5065510 (Security Only)		 Important Elevation of Privilege 5063947
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.1.7601.27929
 Yes None
Windows Server 2012 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 (Server Core installation) 5065509 (Monthly Rollup) Important Elevation of Privilege 5063906
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.2.9200.25675
 Yes None
Windows Server 2012 R2 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2012 R2 (Server Core installation) 5065507 (Monthly Rollup) Important Elevation of Privilege 5063950
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 6.3.9600.22774
 Yes None
Windows Server 2016 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2016 (Server Core installation) 5065427 (Security Update) Important Elevation of Privilege 5063871
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.14393.8422
 Yes None
Windows Server 2019 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2019 (Server Core installation) 5065428 (Security Update) Important Elevation of Privilege 5063877
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.17763.7792
 Yes None
Windows Server 2022 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022 (Server Core installation) 5065432 (Security Update)
5065306 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063880

5063812		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.20348.4171

10.0.20348.4106		 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5065425 (Security Update) Important Elevation of Privilege 5063899
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.25398.1849
 Yes None
Windows Server 2025 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None
Windows Server 2025 (Server Core installation) 5065426 (Security Update)
5065474 (SecurityHotpatchUpdate)		 Important Elevation of Privilege 5063878

5064010		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 10.0.26100.6584

10.0.26100.6508		 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-55234 Anonymous


Anonymous

CVE-2024-21907 - VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-21907
MITRE
NVD

Issuing CNA: VulnCheck

 CVE Title: VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json
CVSS:
None
Executive Summary:

CVE-2024-21907 addresses a mishandling of exceptional conditions vulnerability in Newtonsoft.Json before version 13.0.1. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition. The documented SQL Server updates incorporate updates in Newtonsoft.Json which address this vulnerability.

Please see CVE-2024-21907 for more information.


FAQ:

I am running SQL Server on my system. What action do I need to take?

Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.

There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?

  • First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components.
  • Second, in the following table, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.

Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product to apply this and future security updates.

Update Number Title Version Apply if current product version is… This security update also includes servicing releases up through…
5065220 Security update for SQL Server 2022 CU20+GDR 16.0.4212.1 16.0.4003.1 - 16.0.4210.1 KB 5063814 - SQL2022 RTM CU20
5065221 Security update for SQL Server 2022 RTM+GDR 16.0.1150.1 16.0.1000.6 - 16.0.1145.1 KB 5063756 - Previous SQL2022 RTM GDR
5065222 Security update for SQL Server 2019 CU32+GDR 15.0.4445.1 15.0.4003.23 - 15.0.4440.1 KB 5063757 - Previous SQL2019 RTM CU32 GDR
5065223 Security update for SQL Server 2019 RTM+GDR 15.0.2145.1 15.0.2000.5 - 15.0.2140.1 KB 5063758 - Previous SQL2019 RTM GDR
5065225 Security update for SQL Server 2017 CU31+GDR 14.0.3505.1 14.0.3006.16 - 14.0.3500.1 KB 5063759 - Previous SQL2017 RTM CU31 GDR
5065224 Security update for SQL Server 2017 RTM+GDR 14.0.2085.1 14.0.1000.169 - 14.0.2080.1 KB 5063760 - Previous SQL2017 RTM GDR
5065227 Security update for SQL 2016 Azure Connect Feature Pack 13.0.7065.1 13.0.7000.253 - 13.0.7060.1 KB 5063761 - Previous SQL2016 Azure Connect Feature Pack GDR
5065226 Security update for SQL Server 2016 SP3 RTM+GDR 13.0.6470.1 13.0.6300.2 - 13.0.6465.1 KB 5063762 - Previous SQL2016 RTM GDR

What are the GDR and CU update designations and how do they differ?

The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.

  • GDR updates – cumulatively only contain security updates for the given baseline.
  • CU updates – cumulatively contain all functional fixes and security updates for the given baseline.

For any given baseline, either the GDR or CU updates could be options (see below).

  • If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.
  • If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.
  • If SQL Server installation has intentionally installed previous CU updates, then choose to install the CU security update package.

Note: You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.

Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?

Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.


Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-21907
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) 5065226 (Security Update) Unknown Unknown Base: N/A
Temporal: N/A
Vector: N/A
 13.0.6470.1
 Maybe None
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack 5065227 (Security Update) Unknown Unknown Base: N/A
Temporal: N/A
Vector: N/A
 13.0.7065.1
 Maybe None
Microsoft SQL Server 2017 for x64-based Systems (CU 31) 5065225 (Security Update) Unknown Unknown Base: N/A
Temporal: N/A
Vector: N/A
 14.0.3505.1
 Maybe None
Microsoft SQL Server 2017 for x64-based Systems (GDR) 5065224 (Security Update) Unknown Unknown Base: N/A
Temporal: N/A
Vector: N/A
 14.0.2085.1
 Maybe None
Microsoft SQL Server 2019 for x64-based Systems (CU 32) 5065222 (Security Update) Unknown Unknown Base: N/A
Temporal: N/A
Vector: N/A
 15.0.4445.1
 Maybe None
Microsoft SQL Server 2019 for x64-based Systems (GDR) 5065223 (Security Update) Unknown Unknown Base: N/A
Temporal: N/A
Vector: N/A
 15.0.2145.1
 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-21907 None

CVE-2025-9867 - Chromium: CVE-2025-9867 Inappropriate implementation in Downloads

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-9867
MITRE
NVD

Issuing CNA: Chrome

 CVE Title: Chromium: CVE-2025-9867 Inappropriate implementation in Downloads
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
140.0.3485.54 09/05/2025 140.0.7339.80/.81

Mitigations:
None
Workarounds:
None
Revision:
1.0    05-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-9867
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown Base: N/A
Temporal: N/A
Vector: N/A
 140.0.3485.54
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-9867 None

CVE-2025-9866 - Chromium: CVE-2025-9866 Inappropriate implementation in Extensions

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-9866
MITRE
NVD

Issuing CNA: Chrome

 CVE Title: Chromium: CVE-2025-9866 Inappropriate implementation in Extensions
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
140.0.3485.54 09/05/2025 140.0.7339.80/.81

Mitigations:
None
Workarounds:
None
Revision:
1.0    05-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-9866
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown Base: N/A
Temporal: N/A
Vector: N/A
 140.0.3485.54
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-9866 None

CVE-2025-9865 - Chromium: CVE-2025-9865 Inappropriate implementation in Toolbar

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-9865
MITRE
NVD

Issuing CNA: Chrome

 CVE Title: Chromium: CVE-2025-9865 Inappropriate implementation in Toolbar
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
140.0.3485.54 09/05/2025 140.0.7339.80/.81

Mitigations:
None
Workarounds:
None
Revision:
1.0    05-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-9865
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown Base: N/A
Temporal: N/A
Vector: N/A
 140.0.3485.54
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-9865 None

CVE-2025-9864 - Chromium: CVE-2025-9864 Use after free in V8

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-9864
MITRE
NVD

Issuing CNA: Chrome

 CVE Title: Chromium: CVE-2025-9864 Use after free in V8
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
140.0.3485.54 09/05/2025 140.0.7339.80/.81

Mitigations:
None
Workarounds:
None
Revision:
1.0    05-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-9864
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown Base: N/A
Temporal: N/A
Vector: N/A
 140.0.3485.54
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-9864 None

CVE-2025-53791 - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-53791
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.1
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.


FAQ:

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? **

Successful exploitation of this vulnerability requires an attacker to enable Edge Split Screen mode, have a specific configuration, and run multiple pages.


**According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), some loss of integrity (I:L) but have no effect on availability (A:N). What is the impact of this vulnerability? **

An attacker who successfully exploited the vulnerability could:

  • Run scripts intended to get the read token from the parent webpage DOM (Confidentiality)
  • Make changes to the javascript in the parent window (Integrity)
  • But cannot limit access to the resource (Availability)

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? **

The user would have to open a web page that contained a malicious iframe.


What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
140.0.3485.54 09/05/2025 140.0.7339.80/.81

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? **

In this case, a successful attack could break the iframe sandbox and allow an iframe to interact with the parent DOM.


Mitigations:
None
Workarounds:
None
Revision:
1.0    05-Sep-25    

Information published.


 Moderate Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-53791
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Moderate Security Feature Bypass Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
 140.0.3485.54
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-53791 Mingi Jung with WebSec

CVE-2025-55241 - Azure Entra Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-55241
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Azure Entra Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:9.0/TemporalScore:7.8
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Azure Entra Elevation of Privilege Vulnerability


FAQ:

Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.


Mitigations:
None
Workarounds:
None
Revision:
1.0    04-Sep-25    

Information published.


 Critical Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-55241
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Entra ID Critical Elevation of Privilege None Base: 9.0
Temporal: 7.8
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-55241 Dirk-jan Mollema with Outsider Security


Dirk-jan Mollema with Outsider Security

CVE-2025-55242 - Xbox Certification Bug Copilot Djando Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-55242
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Xbox Certification Bug Copilot Djando Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.


FAQ:

Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.


Mitigations:
None
Workarounds:
None
Revision:
1.0    04-Sep-25    

Information published.


 Critical Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-55242
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Xbox Gaming Services Critical Information Disclosure None Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Unknown Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-55242 cixtor.com with Big Tech

CVE-2025-54914 - Azure Networking Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-54914
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Azure Networking Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:10.0/TemporalScore:8.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.


Mitigations:
None
Workarounds:
None
Revision:
1.0    04-Sep-25    

Information published.


 Critical Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-54914
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Networking Critical Elevation of Privilege None Base: 10.0
Temporal: 8.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-54914 Ziv Somech with Microsoft


Shimi Gersner with Microsoft


Shahar Zelig with Microsoft


Stav Nir with Microsoft

CVE-2025-55238 - Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-55238
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.


Mitigations:
None
Workarounds:
None
Revision:
1.0    04-Sep-25    

Information published.


 Critical Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-55238
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Dynamics 365 FastTrack Implementation Critical Information Disclosure None Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Unknown Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-55238

CVE-2025-55244 - Azure Bot Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-55244
MITRE
NVD

Issuing CNA: Microsoft

 CVE Title: Azure Bot Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:9.0/TemporalScore:7.8
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.


Mitigations:
None
Workarounds:
None
Revision:
1.0    04-Sep-25    

Information published.


 Critical Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-55244
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Bot Service Critical Elevation of Privilege None Base: 9.0
Temporal: 7.8
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-55244 bountyplz

CVE-2025-38678 - netfilter: nf_tables: reject duplicate device on updates

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38678
MITRE
NVD

Issuing CNA: Linux

 CVE Title: netfilter: nf_tables: reject duplicate device on updates
CVSS:

CVSS:3.1 Highest BaseScore:6.0/TemporalScore:6.0
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38678
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 6.0
Temporal: 6.0
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38678 None

CVE-2025-38707 - fs/ntfs3: Add sanity check for file name

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38707
MITRE
NVD

Issuing CNA: Linux

 CVE Title: fs/ntfs3: Add sanity check for file name
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38707
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38707 None

CVE-2025-38728 - smb3: fix for slab out of bounds on mount to ksmbd

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38728
MITRE
NVD

Issuing CNA: Linux

 CVE Title: smb3: fix for slab out of bounds on mount to ksmbd
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38728
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38728 None

CVE-2025-39731 - f2fs: vm_unmap_ram() may be called from an invalid context

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39731
MITRE
NVD

Issuing CNA: Linux

 CVE Title: f2fs: vm_unmap_ram() may be called from an invalid context
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39731
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39731 None

CVE-2025-39732 - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39732
MITRE
NVD

Issuing CNA: Linux

 CVE Title: wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:7.0
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39732
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.0
Temporal: 7.0
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39732 None

CVE-2025-39730 - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39730
MITRE
NVD

Issuing CNA: Linux

 CVE Title: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39730
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39730 None

CVE-2025-7039 - Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-7039
MITRE
NVD

Issuing CNA: redhat

 CVE Title: Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()
CVSS:

CVSS:3.1 Highest BaseScore:3.7/TemporalScore:3.7
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityLow
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-7039
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 glib 2.78.6-3 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 3.7
Temporal: 3.7
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
 No None
cbl2 glib 2.71.0-5 on CBL Mariner 2.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 3.7
Temporal: 3.7
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-7039 None

CVE-2025-38688 - iommufd: Prevent ALIGN() overflow

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38688
MITRE
NVD

Issuing CNA: Linux

 CVE Title: iommufd: Prevent ALIGN() overflow
CVSS:

CVSS:3.1 Highest BaseScore:7.1/TemporalScore:7.1
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38688
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38688 None

CVE-2025-38718 - sctp: linearize cloned gso packets in sctp_rcv

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38718
MITRE
NVD

Issuing CNA: Linux

 CVE Title: sctp: linearize cloned gso packets in sctp_rcv
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.4
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38718
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.0
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38718 None

CVE-2025-38723 - LoongArch: BPF: Fix jump offset calculation in tailcall

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38723
MITRE
NVD

Issuing CNA: Linux

 CVE Title: LoongArch: BPF: Fix jump offset calculation in tailcall
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38723
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38723 None

CVE-2025-38685 - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38685
MITRE
NVD

Issuing CNA: Linux

 CVE Title: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38685
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38685 None

CVE-2025-38696 - MIPS: Don't crash in stack_top() for tasks without ABI or vDSO

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38696
MITRE
NVD

Issuing CNA: Linux

 CVE Title: MIPS: Don't crash in stack_top() for tasks without ABI or vDSO
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38696
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38696 None

CVE-2025-38691 - pNFS: Fix uninited ptr deref in block/scsi layout

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38691
MITRE
NVD

Issuing CNA: Linux

 CVE Title: pNFS: Fix uninited ptr deref in block/scsi layout
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38691
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38691 None

CVE-2025-38729 - ALSA: usb-audio: Validate UAC3 power domain descriptors, too

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38729
MITRE
NVD

Issuing CNA: Linux

 CVE Title: ALSA: usb-audio: Validate UAC3 power domain descriptors, too
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:7.0
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38729
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.0
Temporal: 7.0
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38729 None

CVE-2025-38680 - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38680
MITRE
NVD

Issuing CNA: Linux

 CVE Title: media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()
CVSS:

CVSS:3.1 Highest BaseScore:3.3/TemporalScore:3.3
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38680
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38680 None

CVE-2025-38710 - gfs2: Validate i_depth for exhash directories

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38710
MITRE
NVD

Issuing CNA: Linux

 CVE Title: gfs2: Validate i_depth for exhash directories
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.4
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38710
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.0
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38710 None

CVE-2025-38709 - loop: Avoid updating block size under exclusive owner

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38709
MITRE
NVD

Issuing CNA: Linux

 CVE Title: loop: Avoid updating block size under exclusive owner
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.4
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38709
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.0
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38709 None

CVE-2025-38681 - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38681
MITRE
NVD

Issuing CNA: Linux

 CVE Title: mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38681
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38681 None

CVE-2025-38695 - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38695
MITRE
NVD

Issuing CNA: Linux

 CVE Title: scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.4
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38695
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.0
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38695 None

CVE-2025-38698 - jfs: Regular file corruption check

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38698
MITRE
NVD

Issuing CNA: Linux

 CVE Title: jfs: Regular file corruption check
CVSS:

CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38698
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.1
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38698 None

CVE-2025-38708 - drbd: add missing kref_get in handle_write_conflicts

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38708
MITRE
NVD

Issuing CNA: Linux

 CVE Title: drbd: add missing kref_get in handle_write_conflicts
CVSS:

CVSS:3.1 Highest BaseScore:6.3/TemporalScore:6.3
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38708
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 6.3
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38708 None

CVE-2025-38715 - hfs: fix slab-out-of-bounds in hfs_bnode_read()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38715
MITRE
NVD

Issuing CNA: Linux

 CVE Title: hfs: fix slab-out-of-bounds in hfs_bnode_read()
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38715
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38715 None

CVE-2025-38730 - io_uring/net: commit partial buffers on retry

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38730
MITRE
NVD

Issuing CNA: Linux

 CVE Title: io_uring/net: commit partial buffers on retry
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38730
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38730 None

CVE-2025-38714 - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38714
MITRE
NVD

Issuing CNA: Linux

 CVE Title: hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
CVSS:

CVSS:3.1 Highest BaseScore:9.0/TemporalScore:8.2
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38714
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 9.0
Temporal: 8.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H/E:U
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38714 None

CVE-2025-38697 - jfs: upper bound check of tree index in dbAllocAG

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38697
MITRE
NVD

Issuing CNA: Linux

 CVE Title: jfs: upper bound check of tree index in dbAllocAG
CVSS:

CVSS:3.1 Highest BaseScore:7.1/TemporalScore:7.1
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38697
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38697 None

CVE-2025-38684 - net/sched: ets: use old 'nbands' while purging unused classes

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38684
MITRE
NVD

Issuing CNA: Linux

 CVE Title: net/sched: ets: use old 'nbands' while purging unused classes
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:7.0
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38684
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.0
Temporal: 7.0
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38684 None

CVE-2025-38716 - hfs: fix general protection fault in hfs_find_init()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38716
MITRE
NVD

Issuing CNA: Linux

 CVE Title: hfs: fix general protection fault in hfs_find_init()
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38716
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38716 None

CVE-2025-38699 - scsi: bfa: Double-free fix

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38699
MITRE
NVD

Issuing CNA: Linux

 CVE Title: scsi: bfa: Double-free fix
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38699
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38699 None

CVE-2025-38705 - drm/amd/pm: fix null pointer access

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38705
MITRE
NVD

Issuing CNA: Linux

 CVE Title: drm/amd/pm: fix null pointer access
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38705
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38705 None

CVE-2025-38724 - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38724
MITRE
NVD

Issuing CNA: Linux

 CVE Title: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
CVSS:

CVSS:3.1 Highest BaseScore:6.8/TemporalScore:6.8
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38724
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 6.8
Temporal: 6.8
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38724 None

CVE-2025-38702 - fbdev: fix potential buffer overflow in do_register_framebuffer()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38702
MITRE
NVD

Issuing CNA: Linux

 CVE Title: fbdev: fix potential buffer overflow in do_register_framebuffer()
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.1
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38702
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.8
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38702 None

CVE-2025-38687 - comedi: fix race between polling and detaching

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38687
MITRE
NVD

Issuing CNA: Linux

 CVE Title: comedi: fix race between polling and detaching
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38687
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38687 None

CVE-2025-38679 - media: venus: Fix OOB read due to missing payload bound check

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38679
MITRE
NVD

Issuing CNA: Linux

 CVE Title: media: venus: Fix OOB read due to missing payload bound check
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38679
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38679 None

CVE-2025-38712 - hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38712
MITRE
NVD

Issuing CNA: Linux

 CVE Title: hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38712
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38712 None

CVE-2025-38721 - netfilter: ctnetlink: fix refcount leak on table dump

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38721
MITRE
NVD

Issuing CNA: Linux

 CVE Title: netfilter: ctnetlink: fix refcount leak on table dump
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38721
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38721 None

CVE-2025-38711 - smb/server: avoid deadlock when linking with ReplaceIfExists

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38711
MITRE
NVD

Issuing CNA: Linux

 CVE Title: smb/server: avoid deadlock when linking with ReplaceIfExists
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38711
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38711 None

CVE-2025-38703 - drm/xe: Make dma-fences compliant with the safe access rules

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38703
MITRE
NVD

Issuing CNA: Linux

 CVE Title: drm/xe: Make dma-fences compliant with the safe access rules
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38703
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38703 None

CVE-2025-38722 - habanalabs: fix UAF in export_dmabuf()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38722
MITRE
NVD

Issuing CNA: Linux

 CVE Title: habanalabs: fix UAF in export_dmabuf()
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38722
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38722 None

CVE-2025-38692 - exfat: add cluster chain loop check for dir

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38692
MITRE
NVD

Issuing CNA: Linux

 CVE Title: exfat: add cluster chain loop check for dir
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:7.0
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38692
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.0
Temporal: 7.0
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38692 None

CVE-2025-38717 - net: kcm: Fix race condition in kcm_unattach()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38717
MITRE
NVD

Issuing CNA: Linux

 CVE Title: net: kcm: Fix race condition in kcm_unattach()
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38717
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38717 None

CVE-2025-38725 - net: usb: asix_devices: add phy_mask for ax88772 mdio bus

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38725
MITRE
NVD

Issuing CNA: Linux

 CVE Title: net: usb: asix_devices: add phy_mask for ax88772 mdio bus
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38725
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38725 None

CVE-2025-38704 - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38704
MITRE
NVD

Issuing CNA: Linux

 CVE Title: rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38704
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38704 None

CVE-2025-38706 - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38706
MITRE
NVD

Issuing CNA: Linux

 CVE Title: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()
CVSS:

CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38706
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 4.7
Temporal: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38706 None

CVE-2025-38701 - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38701
MITRE
NVD

Issuing CNA: Linux

 CVE Title: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.4
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38701
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.0
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38701 None

CVE-2025-38713 - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38713
MITRE
NVD

Issuing CNA: Linux

 CVE Title: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
CVSS:

CVSS:3.1 Highest BaseScore:6.1/TemporalScore:6.1
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38713
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 6.1
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38713 None

CVE-2025-38700 - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38700
MITRE
NVD

Issuing CNA: Linux

 CVE Title: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
CVSS:

CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38700
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 4.7
Temporal: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38700 None

CVE-2025-39703 - net, hsr: reject HSR frame if skb can't hold tag

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39703
MITRE
NVD

Issuing CNA: Linux

 CVE Title: net, hsr: reject HSR frame if skb can't hold tag
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.4
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39703
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.0
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39703 None

CVE-2025-39697 - NFS: Fix a race when updating an existing write

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39697
MITRE
NVD

Issuing CNA: Linux

 CVE Title: NFS: Fix a race when updating an existing write
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39697
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39697 None

CVE-2025-39709 - media: venus: protect against spurious interrupts during probe

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39709
MITRE
NVD

Issuing CNA: Linux

 CVE Title: media: venus: protect against spurious interrupts during probe
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39709
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39709 None

CVE-2025-39726 - s390/ism: fix concurrency management in ism_cmd()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39726
MITRE
NVD

Issuing CNA: Linux

 CVE Title: s390/ism: fix concurrency management in ism_cmd()
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39726
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39726 None

CVE-2025-39685 - comedi: pcl726: Prevent invalid irq number

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39685
MITRE
NVD

Issuing CNA: Linux

 CVE Title: comedi: pcl726: Prevent invalid irq number
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39685
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39685 None

CVE-2025-39686 - comedi: Make insn_rw_emulate_bits() do insn->n samples

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39686
MITRE
NVD

Issuing CNA: Linux

 CVE Title: comedi: Make insn_rw_emulate_bits() do insn->n samples
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39686
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39686 None

CVE-2025-39702 - ipv6: sr: Fix MAC comparison to be constant-time

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39702
MITRE
NVD

Issuing CNA: Linux

 CVE Title: ipv6: sr: Fix MAC comparison to be constant-time
CVSS:

CVSS:3.1 Highest BaseScore:7.1/TemporalScore:7.1
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39702
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39702 None

CVE-2025-39710 - media: venus: Add a check for packet size after reading from shared memory

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39710
MITRE
NVD

Issuing CNA: Linux

 CVE Title: media: venus: Add a check for packet size after reading from shared memory
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39710
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: N/A
Temporal: N/A
Vector: N/A
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39710 None

CVE-2025-39718 - vsock/virtio: Validate length in packet header before skb_put()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39718
MITRE
NVD

Issuing CNA: Linux

 CVE Title: vsock/virtio: Validate length in packet header before skb_put()
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39718
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39718 None

CVE-2025-38735 - gve: prevent ethtool ops after shutdown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38735
MITRE
NVD

Issuing CNA: Linux

 CVE Title: gve: prevent ethtool ops after shutdown
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:7.0
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38735
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.0
Temporal: 7.0
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38735 None

CVE-2025-39684 - comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39684
MITRE
NVD

Issuing CNA: Linux

 CVE Title: comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39684
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39684 None

CVE-2025-39692 - smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39692
MITRE
NVD

Issuing CNA: Linux

 CVE Title: smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy()
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39692
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39692 None

CVE-2025-39724 - serial: 8250: fix panic due to PSLVERR

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39724
MITRE
NVD

Issuing CNA: Linux

 CVE Title: serial: 8250: fix panic due to PSLVERR
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39724
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39724 None

CVE-2025-39689 - ftrace: Also allocate and copy hash for reading of filter files

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39689
MITRE
NVD

Issuing CNA: Linux

 CVE Title: ftrace: Also allocate and copy hash for reading of filter files
CVSS:

CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39689
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.1
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39689 None

CVE-2025-39720 - ksmbd: fix refcount leak causing resource not released

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39720
MITRE
NVD

Issuing CNA: Linux

 CVE Title: ksmbd: fix refcount leak causing resource not released
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39720
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39720 None

CVE-2025-39711 - media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39711
MITRE
NVD

Issuing CNA: Linux

 CVE Title: media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:7.0
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39711
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.0
Temporal: 7.0
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39711 None

CVE-2025-39721 - crypto: qat - flush misc workqueue during device shutdown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39721
MITRE
NVD

Issuing CNA: Linux

 CVE Title: crypto: qat - flush misc workqueue during device shutdown
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:7.0
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39721
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.0
Temporal: 7.0
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39721 None

CVE-2025-39687 - iio: light: as73211: Ensure buffer holes are zeroed

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39687
MITRE
NVD

Issuing CNA: Linux

 CVE Title: iio: light: as73211: Ensure buffer holes are zeroed
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39687
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39687 None

CVE-2025-39694 - s390/sclp: Fix SCCB present check

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39694
MITRE
NVD

Issuing CNA: Linux

 CVE Title: s390/sclp: Fix SCCB present check
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:7.0
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39694
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.0
Temporal: 7.0
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39694 None

CVE-2025-39693 - drm/amd/display: Avoid a NULL pointer dereference

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39693
MITRE
NVD

Issuing CNA: Linux

 CVE Title: drm/amd/display: Avoid a NULL pointer dereference
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39693
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39693 None

CVE-2025-39705 - drm/amd/display: fix a Null pointer dereference vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39705
MITRE
NVD

Issuing CNA: Linux

 CVE Title: drm/amd/display: fix a Null pointer dereference vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39705
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39705 None

CVE-2025-39677 - net/sched: Fix backlog accounting in qdisc_dequeue_internal

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39677
MITRE
NVD

Issuing CNA: Linux

 CVE Title: net/sched: Fix backlog accounting in qdisc_dequeue_internal
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.4
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39677
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.0
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39677 None

CVE-2025-39706 - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39706
MITRE
NVD

Issuing CNA: Linux

 CVE Title: drm/amdkfd: Destroy KFD debugfs after destroy KFD wq
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39706
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39706 None

CVE-2025-39707 - drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39707
MITRE
NVD

Issuing CNA: Linux

 CVE Title: drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39707
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39707 None

CVE-2025-38734 - net/smc: fix UAF on smcsk after smc_listen_out()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38734
MITRE
NVD

Issuing CNA: Linux

 CVE Title: net/smc: fix UAF on smcsk after smc_listen_out()
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38734
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38734 None

CVE-2025-39701 - ACPI: pfr_update: Fix the driver update version check

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39701
MITRE
NVD

Issuing CNA: Linux

 CVE Title: ACPI: pfr_update: Fix the driver update version check
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39701
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: N/A
Temporal: N/A
Vector: N/A
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39701 None

CVE-2025-39682 - tls: fix handling of zero-length records on the rx_list

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39682
MITRE
NVD

Issuing CNA: Linux

 CVE Title: tls: fix handling of zero-length records on the rx_list
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39682
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39682 None

CVE-2025-39715 - parisc: Revise gateway LWS calls to probe user read access

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39715
MITRE
NVD

Issuing CNA: Linux

 CVE Title: parisc: Revise gateway LWS calls to probe user read access
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39715
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39715 None

CVE-2025-39673 - ppp: fix race conditions in ppp_fill_forward_path

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39673
MITRE
NVD

Issuing CNA: Linux

 CVE Title: ppp: fix race conditions in ppp_fill_forward_path
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:7.0
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39673
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.0
Temporal: 7.0
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39673 None

CVE-2025-39675 - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39675
MITRE
NVD

Issuing CNA: Linux

 CVE Title: drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session()
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39675
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39675 None

CVE-2025-39716 - parisc: Revise __get_user() to probe user read access

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39716
MITRE
NVD

Issuing CNA: Linux

 CVE Title: parisc: Revise __get_user() to probe user read access
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39716
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39716 None

CVE-2025-38732 - netfilter: nf_reject: don't leak dst refcount for loopback packets

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38732
MITRE
NVD

Issuing CNA: Linux

 CVE Title: netfilter: nf_reject: don't leak dst refcount for loopback packets
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:7.0
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38732
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.0
Temporal: 7.0
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38732 None

CVE-2025-39691 - fs/buffer: fix use-after-free when call bh_read() helper

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39691
MITRE
NVD

Issuing CNA: Linux

 CVE Title: fs/buffer: fix use-after-free when call bh_read() helper
CVSS:

CVSS:3.1 Highest BaseScore:7.1/TemporalScore:7.1
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39691
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39691 None

CVE-2025-39719 - iio: imu: bno055: fix OOB access of hw_xlate array

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39719
MITRE
NVD

Issuing CNA: Linux

 CVE Title: iio: imu: bno055: fix OOB access of hw_xlate array
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39719
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39719 None

CVE-2025-39714 - media: usbtv: Lock resolution while streaming

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39714
MITRE
NVD

Issuing CNA: Linux

 CVE Title: media: usbtv: Lock resolution while streaming
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39714
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39714 None

CVE-2025-39713 - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39713
MITRE
NVD

Issuing CNA: Linux

 CVE Title: media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
CVSS:

CVSS:3.1 Highest BaseScore:7.0/TemporalScore:7.0
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39713
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.0
Temporal: 7.0
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39713 None

CVE-2025-39679 - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor().

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39679
MITRE
NVD

Issuing CNA: Linux

 CVE Title: drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor().
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39679
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39679 None

CVE-2025-39676 - scsi: qla4xxx: Prevent a potential error pointer dereference

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39676
MITRE
NVD

Issuing CNA: Linux

 CVE Title: scsi: qla4xxx: Prevent a potential error pointer dereference
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39676
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39676 None

CVE-2025-39683 - tracing: Limit access to parser->buffer when trace_get_user failed

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39683
MITRE
NVD

Issuing CNA: Linux

 CVE Title: tracing: Limit access to parser->buffer when trace_get_user failed
CVSS:

CVSS:3.1 Highest BaseScore:7.1/TemporalScore:7.1
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39683
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39683 None

CVE-2025-38736 - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-38736
MITRE
NVD

Issuing CNA: Linux

 CVE Title: net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-38736
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-38736 None

CVE-2025-39681 - x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-39681
MITRE
NVD

Issuing CNA: Linux

 CVE Title: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-39681
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-39681 None

CVE-2025-57052 - cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-57052
MITRE
NVD

Issuing CNA: mitre

 CVE Title: cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-57052
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 ceph 18.2.2-10 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-57052 None

CVE-2025-9566 - Podman: podman kube play command may overwrite host files

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-9566
MITRE
NVD

Issuing CNA: redhat

 CVE Title: Podman: podman kube play command may overwrite host files
CVSS:

CVSS:3.1 Highest BaseScore:8.1/TemporalScore:8.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-9566
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 libcontainers-common 20240213-3 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-9566 None

CVE-2025-9901 - Libsoup: improper handling of http vary header in libsoup caching

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-9901
MITRE
NVD

Issuing CNA: redhat

 CVE Title: Libsoup: improper handling of http vary header in libsoup caching
CVSS:

CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.6
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityProof-of-Concept

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07-Sep-25    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-9901
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
azl3 libsoup 3.4.4-9 on Azure Linux 3.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.9
Temporal: 5.6
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P
 No None
cbl2 libsoup 3.0.4-7 on CBL Mariner 2.0 CBL-Mariner Releases (Security Update) Unknown Unknown Base: 5.9
Temporal: 5.6
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P
 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-9901 None