Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2025-12443: Chromium: CVE-2025-12433 Inappropriate implementation in V8

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 142.0.3595.53 10/31/2025 142.0.7445.59/.60

Microsoft Security Response Center
Open in Source
#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2025-59501: Microsoft Configuration Manager Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** For the vulnerability, this means the exploitation requires a specific and uncommon condition: an Active Directory user account must exist with a matching user principal name (UPN) that was not properly synchronized to Microsoft Entra ID.

CVE-2025-59273: Azure Event Grid System Elevation of Privilege Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

CVE-2025-59500: Azure Notification Service Elevation of Privilege Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

CVE-2025-59503: Azure Compute Resource Provider Elevation of Privilege Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

CVE-2025-11756: Chromium: CVE-2025-11756 Use after free in Safe Browsing

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 141.0.3537.85 10/17/2025 141.0.7390.107/.108

CVE-2025-53717: Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

CVE-2025-55326: Windows Connected Devices Platform Service (Cdpsvc) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.