#microsoft

Microsoft has released its monthly security update for August 2025, which includes 111 vulnerabilities affecting a range of products, including 13 that Microsoft marked as “critical”.   In this month's release, Microsoft observed none of the included vulnerabilities being actively exploited in the wild. Out

August “In the Trend of VM” (#18): vulnerabilities in Microsoft Windows and SharePoint. A traditional monthly roundup – this time, it’s extremely short. 🗞 Post on Habr (rus)🗒 Digest on the PT website (rus) Only two trending vulnerabilities: 🔻 Remote Code Execution – Microsoft SharePoint Server “ToolShell” (CVE-2025-53770). The vulnerability is being widely exploited; attackers […]

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: PI Integrator Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Insertion of Sensitive Information into Sent Data 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, or upload and execute files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following AVEVA products are affected: PI Integrator for Business Analytics: Versions 2020 R2 SP1 and prior. 3.2 VULNERABILITY OVERVIEW 3.2.1 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434 The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to create or access publication targets of type Text File or HDFS) to upload and persist files that could potentially be executed. CVE-2025-54460 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.6 has been calculated; the CVSS vector stri...

A vulnerability in Microsoft Exchange leaves over 29,000 servers vulnerable. Learn how this unpatched security hole could compromise…

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

**According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?** The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.

Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.