CVE-2025-53782
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53782
Tagged: Cybersecurity Alert
CVE-2025-54603
An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users. More information : https://claroty.com
CVE-2025-55240
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55240
CVE-2025-55247
Improper link resolution before file access (‘link following’) in .NET allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55247
CVE-2025-55248
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55248
CVE-2025-55315
Inconsistent interpretation of http requests (‘http request/response smuggling’) in ASP.NET Core allows an authorized attacker to bypass a security feature over a network. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315
CVE-2025-50175
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50175
CVE-2025-53139
Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53139
CVE-2025-53150
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53150
CVE-2025-53717
Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53717
CVE-2025-53768
Use after free in Xbox allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53768
CVE-2025-50174
Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50174
CVE-2025-47979
Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47979
CVE-2025-47989
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47989