Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2025-60720: Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability

Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.

Microsoft Security Response Center
#vulnerability#windows#auth#Windows TDX.sys#Security Vulnerability
CVE-2025-62204: Microsoft SharePoint Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2025-62208: Windows License Manager Information Disclosure Vulnerability

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.

CVE-2025-62452: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?** Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.