Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54913
Access of resource using incompatible type (‘type confusion’) in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54915
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54905
Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54906
Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54907
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54908
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54910
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54900
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54901
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54902
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54903
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54904
Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54895
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54896