CVE-2025-11460: Chromium: CVE-2025-11460 Use after free in Storage

CVE-2025-11458: Chromium: CVE-2025-11458 Heap buffer overflow in Sync

CVE-2025-59286: Copilot Spoofing Vulnerability

CVE-2025-59247: Azure PlayFab Elevation of Privilege Vulnerability

CVE-2025-59246: Azure Entra ID Elevation of Privilege Vulnerability

**How could an attacker exploit this vulnerability?**

An attacker authenticated on the domain could exploit this vulnerability by tricking a domain-joined user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.

Headline

CVE-2025-53720: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Microsoft Security Response Center: Latest News