Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2025-53761: Microsoft PowerPoint Remote Code Execution Vulnerability

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#rce#auth#Microsoft Office PowerPoint#Security Vulnerability
CVE-2025-53760: Microsoft SharePoint Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.

CVE-2025-25005: Microsoft Exchange Server Tampering Vulnerability

Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.

CVE-2025-33051: Microsoft Exchange Server Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.

CVE-2025-53773: GitHub Copilot and Visual Studio Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** Exploitation of this vulnerability requires that a user trigger the payload in the application.

CVE-2025-53772: Web Deploy Remote Code Execution Vulnerability

Deserialization of untrusted data in Visual Studio allows an authorized attacker to execute code locally.

CVE-2025-49745: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network.