Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2025-8580: Chromium: CVE-2025-8580 Inappropriate implementation in Filesystems

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 139.0.3405.86 8/07/2025 139.0.7258.66/67

Microsoft Security Response Center
Open in Source
#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2025-8579: Chromium: CVE-2025-8579 Inappropriate implementation in Gemini Live in Chrome

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 139.0.3405.86 8/07/2025 139.0.7258.66/67

CVE-2025-8578: Chromium: CVE-2025-8578 Use after free in Cast

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 139.0.3405.86 8/07/2025 139.0.7258.66/67

CVE-2025-8577: Chromium: CVE-2025-8577 Inappropriate implementation in Picture In Picture

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 139.0.3405.86 8/07/2025 139.0.7258.66/67

CVE-2025-8576: Chromium: CVE-2025-8576 Use after free in Extensions

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 139.0.3405.86 8/07/2025 139.0.7258.66/67

How Google, Adidas, and more were breached in a Salesforce scam

Hackers tricked workers over the phone at Google, Adidas, and more to grant access to Salesforce data.

Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups

Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated privileges under certain conditions. The vulnerability, tracked as CVE-2025-53786, carries a CVSS score of 8.0. Dirk-jan Mollema with Outsider Security has been acknowledged for reporting the bug. "In an Exchange hybrid deployment, an

CVE-2025-53767: Azure OpenAI Elevation of Privilege Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

CVE-2025-53787: Microsoft 365 Copilot BizChat Information Disclosure Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

CVE-2025-53774: Microsoft 365 Copilot BizChat Information Disclosure Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.