#Security Vulnerability

CVE-2025-49756: Office Developer Platform Security Feature Bypass Vulnerability

Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.

5 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #auth #Office Developer Platform #Security Vulnerability

CVE-2025-49723: Windows StateRepository API Server file Tampering Vulnerability

**According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.

5 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #Windows StateRepository API #Security Vulnerability

CVE-2025-49721: Windows Fast FAT File System Driver Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?** An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.

5 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #Windows Fast FAT Driver #Security Vulnerability

CVE-2025-49735: Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability

Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.

5 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #rce #auth #Windows KDC Proxy Service (KPSSVC)#Security Vulnerability

CVE-2025-49731: Microsoft Teams Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

5 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #microsoft #Microsoft Teams #Security Vulnerability

CVE-2025-49753: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?** Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.

5 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #rce #auth #Windows Routing and Remote Access Service (RRAS)#Security Vulnerability

CVE-2025-47178: Microsoft Configuration Manager Remote Code Execution Vulnerability

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.

5 months ago

Microsoft Security Response Center

Open in Source

#sql #vulnerability #microsoft #rce #auth #Microsoft Configuration Manager #Security Vulnerability

CVE-2025-47975: Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability

Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

5 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #auth #Windows SSDP Service #Security Vulnerability

CVE-2025-49726: Windows Notification Elevation of Privilege Vulnerability

Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.