Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

Microsoft Patch Tuesday for November 2025 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for November 2025, which includes 63 vulnerabilities affecting a range of products, including 5 that Microsoft marked as “critical.”

TALOS
Open in Source
#vulnerability#web#windows#microsoft#cisco#intel#rce#buffer_overflow#auth
Patch now: Samsung zero-day lets attackers take over your phone

A critical vulnerability that affects Samsung mobile devices was exploited in the wild to distribute LANDFALL spyware.

CVE-2025-62222: Agentic AI and Visual Studio Code Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?** A remote (AV:N) attacker could create a specially crafted GitHub issue within a user's repository. To exploit this, the user must enable a particular mode on the attacker’s crafted issue, which would execute the issue’s description and enable remote code execution by the attacker.

CVE-2025-62203: Microsoft Excel Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

CVE-2025-62204: Microsoft SharePoint Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2025-62214: Visual Studio Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.

CVE-2025-62201: Microsoft Excel Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.