Report Name: Microsoft Patch Tuesday, April 2025
Generated: 2025-05-12 13:37:11
| Product Name | Prevalence | U | C | H | M | L | A | Comment |
|---|---|---|---|---|---|---|---|---|
| Windows Kernel | 0.9 | 2 | 2 | Windows Kernel | ||||
| Windows TCP/IP | 0.9 | 1 | 1 | Windows component | ||||
| Windows Win32k | 0.9 | 2 | 2 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | ||||
| BitLocker | 0.8 | 1 | 1 | A full volume encryption feature included with Microsoft Windows versions starting with Windows Vista | ||||
| Chromium | 0.8 | 1 | 1 | 5 | 9 | 16 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| DirectX Graphics Kernel | 0.8 | 1 | 1 | DirectX Graphics Kernel | ||||
| Microsoft DWM Core Library | 0.8 | 4 | 4 | Windows component | ||||
| Microsoft Edge | 0.8 | 3 | 3 | Web browser | ||||
| Microsoft Office | 0.8 | 7 | 7 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | ||||
| Microsoft OpenSSH for Windows | 0.8 | 1 | 1 | Windows component | ||||
| Microsoft Streaming Service | 0.8 | 1 | 1 | Windows component | ||||
| Windows Admin Center in Azure Portal | 0.8 | 1 | 1 | Windows component | ||||
| Windows Bluetooth Service | 0.8 | 1 | 1 | Windows component | ||||
| Windows Common Log File System Driver | 0.8 | 1 | 1 | Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs | ||||
| Windows Cryptographic Services | 0.8 | 1 | 1 | Windows component | ||||
| Windows DWM Core Library | 0.8 | 1 | 1 | Windows component | ||||
| Windows Defender Application Control | 0.8 | 1 | 1 | Windows component | ||||
| Windows Digital Media | 0.8 | 3 | 1 | 4 | Windows component | |||
| Windows Graphics Component | 0.8 | 1 | 1 | Windows component | ||||
| Windows Hello | 0.8 | 1 | 1 | 2 | Windows component | |||
| Windows Installer | 0.8 | 1 | 1 | Windows component | ||||
| Windows Kerberos | 0.8 | 2 | 2 | Windows component | ||||
| Windows Kernel-Mode Driver | 0.8 | 1 | 1 | Windows component | ||||
| Windows Lightweight Directory Access Protocol (LDAP) | 0.8 | 3 | 3 | Windows component | ||||
| Windows Local Security Authority (LSA) | 0.8 | 2 | 2 | Windows component | ||||
| Windows Local Session Manager (LSM) | 0.8 | 1 | 1 | Windows component | ||||
| Windows Mark of the Web | 0.8 | 1 | 1 | Windows component | ||||
| Windows Media | 0.8 | 2 | 2 | Windows component | ||||
| Windows Mobile Broadband Driver | 0.8 | 1 | 1 | Windows component | ||||
| Windows NTFS | 0.8 | 4 | 1 | 5 | The default file system of the Windows NT family | |||
| Windows Power Dependency Coordinator | 0.8 | 1 | 1 | Windows component | ||||
| Windows Process Activation | 0.8 | 1 | 1 | Windows component | ||||
| Windows Remote Desktop Client | 0.8 | 1 | 1 | Remote Desktop Protocol Client | ||||
| Windows Remote Desktop Services | 0.8 | 3 | 3 | Remote Desktop Services, known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection | ||||
| Windows Resilient File System (ReFS) | 0.8 | 1 | 1 | Windows component | ||||
| Windows Routing and Remote Access Service (RRAS) | 0.8 | 3 | 5 | 8 | Windows component | |||
| Windows Secure Channel | 0.8 | 2 | 2 | Windows component | ||||
| Windows Security Zone Mapping | 0.8 | 1 | 1 | Windows component | ||||
| Windows Shell | 0.8 | 1 | 1 | Windows component | ||||
| Windows Standards-Based Storage Management Service | 0.8 | 6 | 6 | Windows component | ||||
| Windows Subsystem for Linux | 0.8 | 1 | 1 | Windows component | ||||
| Windows Telephony Service | 0.8 | 5 | 5 | Windows component | ||||
| Windows USB Print Driver | 0.8 | 1 | 1 | Windows component | ||||
| Windows Universal Plug and Play (UPnP) Device Host | 0.8 | 1 | 1 | Windows component | ||||
| Windows Update Stack | 0.8 | 1 | 1 | Windows component | ||||
| Windows Virtualization-Based Security (VBS) | 0.8 | 1 | 1 | Windows component | ||||
| Windows upnphost.dll | 0.8 | 1 | 1 | Windows component | ||||
| Kubernetes | 0.7 | 4 | 1 | 5 | Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management | |||
| Microsoft SharePoint | 0.7 | 2 | 2 | Microsoft SharePoint | ||||
| RPC Endpoint Mapper Service | 0.7 | 1 | 1 | RPC Endpoint Mapper Service | ||||
| Microsoft Excel | 0.6 | 2 | 3 | 5 | MS Office product | |||
| Microsoft Word | 0.6 | 3 | 3 | Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product. | ||||
| Windows Hyper-V | 0.6 | 1 | 1 | Hardware virtualization component of the client editions of Windows NT | ||||
| ASP.NET Core and Visual Studio | 0.5 | 1 | 1 | ASP.NET Core and Visual Studio | ||||
| Active Directory Certificate Services | 0.5 | 1 | 1 | Active Directory Certificate Services | ||||
| Active Directory Domain Services | 0.5 | 1 | 1 | Active Directory Domain Services | ||||
| Azure Health Bot | 0.5 | 1 | 1 | Azure Health Bot | ||||
| Azure Local | 0.5 | 1 | 1 | Azure Local | ||||
| Azure Local Cluster | 0.5 | 2 | 2 | Azure Local Cluster | ||||
| Azure Playwright | 0.5 | 1 | 1 | Azure Playwright | ||||
| HTTP.sys | 0.5 | 1 | 1 | HTTP.sys | ||||
| Kerberos Key Distribution Proxy Service | 0.5 | 1 | 1 | Kerberos Key Distribution Proxy Service | ||||
| Lightweight Directory Access Protocol (LDAP) Client | 0.5 | 1 | 1 | Lightweight Directory Access Protocol (LDAP) Client | ||||
| Microsoft AutoUpdate (MAU) | 0.5 | 2 | 2 | Microsoft AutoUpdate (MAU) | ||||
| Microsoft Edge (Chromium-based) Update | 0.5 | 1 | 1 | Microsoft Edge (Chromium-based) Update | ||||
| Microsoft Edge for iOS | 0.5 | 2 | 2 | Microsoft Edge for iOS | ||||
| Microsoft Message Queuing (MSMQ) | 0.5 | 1 | 1 | Microsoft Message Queuing (MSMQ) | ||||
| Microsoft OneNote | 0.5 | 1 | 1 | Microsoft OneNote | ||||
| Microsoft Partner Center | 0.5 | 1 | 1 | Microsoft Partner Center is a powerful, all-in-one platform that Microsoft provides for managing your partnership with them. | ||||
| Microsoft System Center | 0.5 | 1 | 1 | Microsoft System Center is a suite of software products designed to simplify the deployment, configuration and management of IT infrastructure and virtualized software-defined data centers (SDDCs). | ||||
| Microsoft Virtual Hard Disk | 0.5 | 1 | 1 | The Virtual Hard Disk (VHD) format is a publicly-available image format specification that allows encapsulation of the hard disk into an individual file. | ||||
| Outlook for Android | 0.5 | 1 | 1 | Outlook for Android | ||||
| Visual Studio Tools for Applications and SQL Server Management Studio | 0.5 | 1 | 1 | Visual Studio Tools for Applications and SQL Server Management Studio | ||||
| Microsoft Dynamics Business Central | 0.3 | 1 | 1 | Microsoft Dynamics Business Central | ||||
| Visual Studio | 0.3 | 2 | 2 | Integrated development environment | ||||
| Visual Studio Code | 0.3 | 1 | 1 | Integrated development environment | ||||
| Microsoft Dataverse | 0.2 | 1 | 1 | 2 | Microsoft Dataverse |
| Vulnerability Type | Criticality | U | C | H | M | L | A |
|---|---|---|---|---|---|---|---|
| Remote Code Execution | 1.0 | 5 | 29 | 6 | 40 | ||
| Security Feature Bypass | 0.9 | 1 | 10 | 4 | 15 | ||
| Elevation of Privilege | 0.85 | 1 | 1 | 30 | 23 | 55 | |
| Information Disclosure | 0.83 | 4 | 13 | 17 | |||
| Denial of Service | 0.7 | 9 | 5 | 14 | |||
| Memory Corruption | 0.5 | 1 | 5 | 6 | |||
| Spoofing | 0.4 | 6 | 6 |
| Source | U | C | H | M | L | A |
|---|---|---|---|---|---|---|
| MS PT Extended | 1 | 5 | 11 | 15 | 32 | |
| Qualys | 1 | 16 | 2 | 19 | ||
| Tenable | 1 | 10 | 1 | 12 | ||
| Rapid7 | 1 | 4 | 1 | 6 | ||
| ZDI | 1 | 4 | 1 | 6 |
1. 
Security Feature Bypass - Chromium (CVE-2025-2783) - Urgent [913]
Description: Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object, cisa_kev object), AttackerKB, NVD:CISAKEV websites | |
| 1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:ALCHEMIST3DOT14:CVE-2025-2783 website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.8 | 10 | CVSS Base Score is 8.3. According to NVD data source | |
| 0.9 | 10 | EPSS Probability is 0.02941, EPSS Percentile is 0.85695 |
MS PT Extended: CVE-2025-2783 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
2. 
Elevation of Privilege - Windows Common Log File System Driver (CVE-2025-29824) - Urgent [904]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object, cisa_kev object), Microsoft, NVD:CISAKEV websites | |
| 1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:PublicExploit:www.vicarius.io website | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.9 | 10 | EPSS Probability is 0.05131, EPSS Percentile is 0.89281 |
Qualys: CVE-2025-29824: Windows Common Log File System Driver Elevation of Privilege Vulnerability The Common Log File System (CLFS) is a general-purpose logging service used by software clients running in user or kernel mode. CLFS can be used for data management, database systems, messaging, Online Transactional Processing (OLTP), and other transactional systems. The use after free flaw in the Windows Common Log File System Driver could allow an authenticated attacker to elevate privileges locally. Upon successful exploitation, an attacker may gain SYSTEM privileges. CISA added the CVE-2025-29824 to its Known Exploited Vulnerabilities Catalog, acknowledging its active exploitation. CISA urges users to patch the vulnerability before April 29, 2025.
Tenable: Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824)
Tenable: CVE-2025-29824 | Windows Common Log File System Driver Elevation of Privilege Vulnerability
Tenable: CVE-2025-29824 is an EoP vulnerability in the Windows Common Log File System (CLFS) Driver. It was assigned a CVSSv3 score of 7.8 and is rated as important. It was exploited in the wild as a zero-day. Microsoft identified this vulnerability in ransomware deployed by the PipeMagic malware via the group tracked as Storm-2460.
Rapid7: The Windows Common Log File System (CLFS) Driver is firmly back on our radar today with CVE-2025-29824, a zero-day local elevation of privilege vulnerability. First, the good news: the Acknowledgements section credits the Microsoft Threat Intelligence Center, so the exploit was successfully reproduced by Microsoft; the less-good news is that someone other than Microsoft was first to discover the exploit, because otherwise Microsoft wouldn’t be listing CVE-2025-29824 as exploited in the wild. The advisory does not specify what privilege level is achieved upon successful exploitation, but it’ll be SYSTEM, because that’s the prize for all the other CLFS elevation of privilege zero-day vulnerabilities. As usual, some form of less-privileged local access is a pre-requisite, but attack complexity is low, so this is the sort of vulnerability which goes into any standard break-and-enter toolkit. Given the long history of similar vulnerabilities, it would be more surprising if exploit code wasn’t publicly available in the not-too-distant future. Although December 2024 Patch Tuesday seems as though it must have been a very long time ago, any standard calendar will tell us that only 119 days have elapsed since the last zero-day CLFS local elevation of privilege. Rapid7 discussed the history of CLFS zero-day elevation of privilege vulnerabilities at the time. All versions of Windows receive a patch, except for the venerable LTSC Windows 10 1507, which is listed on the advisory as vulnerable, but left out in the cold with no update; the FAQ says to check back later. Windows 10 LTSC 1507 is scheduled for end of servicing on 2025-10-14, so the clock is ticking regardless.
ZDI: CVE-2025-29824 - Windows Common Log File System Driver Elevation of Privilege Vulnerability. This privilege escalation bug is listed as under active attack and allows a threat actor to execute their code with SYSTEM privileges. These types of bugs are often paired with code execution bugs to take over a system. Microsoft gives no indication of how widespread these attacks are. Regardless, test and deploy this update quickly.
3. 
Remote Code Execution - Kubernetes (CVE-2025-1974) - Critical [735]
Description: A security issue was discovered in
MS PT Extended: CVE-2025-1974 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
4. Remote Code Execution - Kubernetes (CVE-2025-1098) - Critical [723]
Description: {'ms_cve_data_all': 'Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller', 'nvd_cve_data_all': 'A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:ESONHUGH:NGINXNIGHTMARE, Vulners:PublicExploit:GitHub:HAKAIOFFSEC:INGRESSNIGHTMARE-POC, Vulners:PublicExploit:GitHub:SALT318:CVE-2025-1974, Vulners:PublicExploit:GitHub:ZWXXB:CVE-2025-1974, Vulners:PublicExploit:GitHub:ESONHUGH:INGRESSNIGHTMARE-CVE-2025-1974-EXPS, Vulners:PublicExploit:GitHub:SANDUMJACOB:INGRESSNIGHTMARE-POCS, Vulners:PublicExploit:GitHub:CHHHD:CVE-2025-1974, Vulners:PublicExploit:GitHub:GHOSTTROOPS:TOP, Vulners:PublicExploit:PACKETSTORM:190070 websites | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 1.0 | 10 | EPSS Probability is 0.26921, EPSS Percentile is 0.96051 |
MS PT Extended: CVE-2025-1098 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
5. Remote Code Execution - Kubernetes (CVE-2025-24514) - Critical [723]
Description: {'ms_cve_data_all': 'Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller', 'nvd_cve_data_all': 'A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:M-Q-T:INGRESSNIGHTMARE-DETECTION-POC, Vulners:PublicExploit:GitHub:SALT318:CVE-2025-1974, Vulners:PublicExploit:GitHub:ESONHUGH:NGINXNIGHTMARE, Vulners:PublicExploit:GitHub:HAKAIOFFSEC:INGRESSNIGHTMARE-POC, Vulners:PublicExploit:GitHub:ZWXXB:CVE-2025-1974, Vulners:PublicExploit:GitHub:ESONHUGH:INGRESSNIGHTMARE-CVE-2025-1974-EXPS, Vulners:PublicExploit:GitHub:SANDUMJACOB:INGRESSNIGHTMARE-POCS, Vulners:PublicExploit:GitHub:CHHHD:CVE-2025-1974, Vulners:PublicExploit:GitHub:GHOSTTROOPS:TOP, Vulners:PublicExploit:PACKETSTORM:190070 websites | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 1.0 | 10 | EPSS Probability is 0.29063, EPSS Percentile is 0.9628 |
MS PT Extended: CVE-2025-24514 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
6. Remote Code Execution - Kubernetes (CVE-2025-1097) - Critical [711]
Description: {'ms_cve_data_all': 'Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller', 'nvd_cve_data_all': 'A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:ESONHUGH:NGINXNIGHTMARE, Vulners:PublicExploit:GitHub:HAKAIOFFSEC:INGRESSNIGHTMARE-POC, Vulners:PublicExploit:GitHub:SALT318:CVE-2025-1974, Vulners:PublicExploit:GitHub:ZWXXB:CVE-2025-1974, Vulners:PublicExploit:GitHub:ESONHUGH:INGRESSNIGHTMARE-CVE-2025-1974-EXPS, Vulners:PublicExploit:GitHub:SANDUMJACOB:INGRESSNIGHTMARE-POCS, Vulners:PublicExploit:GitHub:CHHHD:CVE-2025-1974, Vulners:PublicExploit:GitHub:GHOSTTROOPS:TOP, Vulners:PublicExploit:PACKETSTORM:190070 websites | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.9 | 10 | EPSS Probability is 0.05497, EPSS Percentile is 0.89673 |
MS PT Extended: CVE-2025-1097 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
7. Remote Code Execution - Chromium (CVE-2025-24201) - Critical [657]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object, cisa_kev object), AttackerKB, NVD:CISAKEV websites | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.7 | 10 | CVSS Base Score is 7.1. According to NVD data source | |
| 0.4 | 10 | EPSS Probability is 0.00158, EPSS Percentile is 0.37728 |
MS PT Extended: CVE-2025-24201 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
8. Elevation of Privilege - Windows Process Activation (CVE-2025-21204) - Critical [606]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:MMOTTI:RESET-INETPUB, CYBERDOM: Abusing the Windows Update Stack to Gain SYSTEM Access (CVE-2025-21204) websites | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00064, EPSS Percentile is 0.20243 |
9. Security Feature Bypass - Kubernetes (CVE-2025-24513) - High [551]
Description: {'ms_cve_data_all': 'Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller', 'nvd_cve_data_all': 'A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:PACKETSTORM:190070, Vulners:PublicExploit:GitHub:SANDUMJACOB:INGRESSNIGHTMARE-POCS websites | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.7 | 14 | Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management | |
| 0.5 | 10 | CVSS Base Score is 4.8. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.00028, EPSS Percentile is 0.06419 |
MS PT Extended: CVE-2025-24513 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
10. Remote Code Execution - Microsoft Edge (CVE-2025-29806) - High [523]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.4 | 17 | The existence of a private exploit is mentioned on Microsoft:PrivateExploit:PoC website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Web browser | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00169, EPSS Percentile is 0.39082 |
MS PT Extended: CVE-2025-29806 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
11. Remote Code Execution - Microsoft Office (CVE-2025-27745) - High [490]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.7 | 10 | EPSS Probability is 0.00644, EPSS Percentile is 0.69451 |
Qualys: CVE-2025-27745, CVE-2025-27748, and CVE-2025-27749: Microsoft Office Remote Code Execution Vulnerability The use after free flaw in Microsoft Office could allow an unauthenticated attacker to achieve remote code execution.
12. Remote Code Execution - Microsoft Office (CVE-2025-27748) - High [490]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.7 | 10 | EPSS Probability is 0.00644, EPSS Percentile is 0.69451 |
Qualys: CVE-2025-27745, CVE-2025-27748, and CVE-2025-27749: Microsoft Office Remote Code Execution Vulnerability The use after free flaw in Microsoft Office could allow an unauthenticated attacker to achieve remote code execution.
13. Remote Code Execution - Microsoft Office (CVE-2025-27749) - High [490]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.7 | 10 | EPSS Probability is 0.00644, EPSS Percentile is 0.69451 |
Qualys: CVE-2025-27745, CVE-2025-27748, and CVE-2025-27749: Microsoft Office Remote Code Execution Vulnerability The use after free flaw in Microsoft Office could allow an unauthenticated attacker to achieve remote code execution.
14. Elevation of Privilege - Windows Win32k (CVE-2025-26681) - High [489]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.4 | 17 | The existence of a private exploit is mentioned on Microsoft:PrivateExploit:PoC website | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | |
| 0.7 | 10 | CVSS Base Score is 6.7. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00062, EPSS Percentile is 0.19719 |
15. Remote Code Execution - Windows Remote Desktop Client (CVE-2025-27487) - High [478]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Remote Desktop Protocol Client | |
| 0.8 | 10 | CVSS Base Score is 8.0. According to Microsoft data source | |
| 0.6 | 10 | EPSS Probability is 0.00384, EPSS Percentile is 0.58678 |
Tenable: Microsoft also patched an RCE vulnerability in Remote Desktop Client (CVE-2025-27487).
16. Remote Code Execution - Microsoft SharePoint (CVE-2025-29793) - High [473]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.7 | 10 | CVSS Base Score is 7.2. According to Microsoft data source | |
| 0.8 | 10 | EPSS Probability is 0.015, EPSS Percentile is 0.80122 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-27727 is an elevation of privilege vulnerability in Windows Installer. An attacker may exploit the vulnerability to gain SYSTEM privileges. CVE-2025-29792 is an elevation of privilege vulnerability in Microsoft Office. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-29793 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29794 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29809 is a security feature bypass vulnerability in Windows Kerberos. An attacker who successfully exploited this vulnerability could bypass the Windows Defender Credential Guard feature to leak Kerberos’s credentials. CVE-2025-27472 is a security feature bypass vulnerability in Windows Mark of the Web. Protection mechanism failure in Windows Mark of the Web (MOTW) could allow an unauthenticated attacker to bypass a security feature over a network. CVE-2025-29812 is an elevation of privilege vulnerability in the DirectX Graphics Kernel. An attacker may exploit the vulnerability to gain SYSTEM privileges.
Tenable: CVE-2025-29793 and CVE-2025-29794 | Microsoft SharePoint Remote Code Execution Vulnerability
Tenable: CVE-2025-29793 and CVE-2025-29794 are RCE vulnerabilities affecting Microsoft SharePoint Server. The most severe of these vulnerabilities was assigned a CVSSv3 score of 8.8 and both were rated as important. Successful exploitation would grant an attacker the ability to execute arbitrary code. According to Microsoft, an attacker would need to be authenticated in order to exploit this vulnerability.
17. Remote Code Execution - Windows TCP/IP (CVE-2025-26686) - High [471]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00145, EPSS Percentile is 0.36006 |
Qualys: CVE-2025-26686: Windows TCP/IP Remote Code Execution Vulnerability TCP/IP stands for Transmission Control Protocol/Internet Protocol and is a suite of communication protocols used to interconnect network devices on the Internet. TCP/IP is also used as a communications protocol in a private computer network — an intranet or extranet. An attacker must win a race condition to exploit the vulnerability. Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
18. Remote Code Execution - Microsoft Excel (CVE-2025-29791) - High [469]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.8 | 10 | EPSS Probability is 0.01241, EPSS Percentile is 0.78166 |
Qualys: CVE-2025-29791: Microsoft Excel Remote Code Execution Vulnerability The type confusion in Microsoft Office Excel could allow an unauthenticated attacker to achieve remote code execution.
19. Remote Code Execution - Microsoft Edge (CVE-2025-25000) - High [466]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Web browser | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00159, EPSS Percentile is 0.37829 |
MS PT Extended: CVE-2025-25000 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
20. Remote Code Execution - Windows Remote Desktop Services (CVE-2025-26671) - High [466]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Remote Desktop Services, known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection | |
| 0.8 | 10 | CVSS Base Score is 8.1. According to Microsoft data source | |
| 0.5 | 10 | EPSS Probability is 0.00239, EPSS Percentile is 0.47098 |
Tenable: CVE-2025-26671, CVE-2025-27482 and CVE-2025-27480 | Windows Remote Desktop Services Remote Code Execution Vulnerability
Tenable: CVE-2025-26671, CVE-2025-27480 and CVE-2025-27482 are RCE vulnerabilities in Windows Remote Desktop Gateway Service. Each was assigned a CVSSv3 score of 8.1 and two were rated as critical, with CVE-2025-26671 having a rating of Important. To exploit these flaws, an attacker must be able to win a race condition. Despite this requirement, Microsoft assessed CVE-2025-27482 and CVE-2025-27480 as “Exploitation More Likely” according to Microsoft’s Exploitability Index.
21. Elevation of Privilege - Microsoft Partner Center (CVE-2025-29814) - High [458]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.4 | 17 | The existence of a private exploit is mentioned on Microsoft:PrivateExploit:PoC website | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Partner Center is a powerful, all-in-one platform that Microsoft provides for managing your partnership with them. | |
| 0.9 | 10 | CVSS Base Score is 9.3. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00134, EPSS Percentile is 0.34493 |
MS PT Extended: CVE-2025-29814 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
22. Remote Code Execution - Microsoft Excel (CVE-2025-27752) - High [457]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.7 | 10 | EPSS Probability is 0.00644, EPSS Percentile is 0.69451 |
Qualys: CVE-2025-27752: Microsoft Excel Remote Code Execution Vulnerability The heap-based buffer overflow flaw in Microsoft Office Excel could allow an unauthenticated attacker to achieve remote code execution.
23. Remote Code Execution - Microsoft SharePoint (CVE-2025-29794) - High [449]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00168, EPSS Percentile is 0.38877 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-27727 is an elevation of privilege vulnerability in Windows Installer. An attacker may exploit the vulnerability to gain SYSTEM privileges. CVE-2025-29792 is an elevation of privilege vulnerability in Microsoft Office. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-29793 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29794 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29809 is a security feature bypass vulnerability in Windows Kerberos. An attacker who successfully exploited this vulnerability could bypass the Windows Defender Credential Guard feature to leak Kerberos’s credentials. CVE-2025-27472 is a security feature bypass vulnerability in Windows Mark of the Web. Protection mechanism failure in Windows Mark of the Web (MOTW) could allow an unauthenticated attacker to bypass a security feature over a network. CVE-2025-29812 is an elevation of privilege vulnerability in the DirectX Graphics Kernel. An attacker may exploit the vulnerability to gain SYSTEM privileges.
Tenable: CVE-2025-29793 and CVE-2025-29794 | Microsoft SharePoint Remote Code Execution Vulnerability
Tenable: CVE-2025-29793 and CVE-2025-29794 are RCE vulnerabilities affecting Microsoft SharePoint Server. The most severe of these vulnerabilities was assigned a CVSSv3 score of 8.8 and both were rated as important. Successful exploitation would grant an attacker the ability to execute arbitrary code. According to Microsoft, an attacker would need to be authenticated in order to exploit this vulnerability.
24. 
Denial of Service - Windows Lightweight Directory Access Protocol (LDAP) (CVE-2025-26673) - High [448]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.8 | 10 | EPSS Probability is 0.02364, EPSS Percentile is 0.84053 |
Tenable: Microsoft also patched CVE-2025-26673 and CVE-2025-27469, two denial of service (DoS) vulnerabilities in LDAP. These were assessed as Important and “Exploitation Less Likely.”
25. Denial of Service - Windows Lightweight Directory Access Protocol (LDAP) (CVE-2025-27469) - High [448]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.8 | 10 | EPSS Probability is 0.02364, EPSS Percentile is 0.84053 |
Tenable: Microsoft also patched CVE-2025-26673 and CVE-2025-27469, two denial of service (DoS) vulnerabilities in LDAP. These were assessed as Important and “Exploitation Less Likely.”
26. Denial of Service - Windows Local Session Manager (LSM) (CVE-2025-26651) - High [448]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.9 | 10 | EPSS Probability is 0.02839, EPSS Percentile is 0.85443 |
27. Denial of Service - Windows Standards-Based Storage Management Service (CVE-2025-21174) - High [448]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.8 | 10 | EPSS Probability is 0.01754, EPSS Percentile is 0.81544 |
28. Denial of Service - Windows Standards-Based Storage Management Service (CVE-2025-26652) - High [448]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.8 | 10 | EPSS Probability is 0.02364, EPSS Percentile is 0.84053 |
29. Denial of Service - Windows Standards-Based Storage Management Service (CVE-2025-26680) - High [448]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.8 | 10 | EPSS Probability is 0.02364, EPSS Percentile is 0.84053 |
30. Denial of Service - Windows Standards-Based Storage Management Service (CVE-2025-27470) - High [448]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.8 | 10 | EPSS Probability is 0.02364, EPSS Percentile is 0.84053 |
31. Denial of Service - Windows Standards-Based Storage Management Service (CVE-2025-27485) - High [448]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.8 | 10 | EPSS Probability is 0.01754, EPSS Percentile is 0.81544 |
32. Denial of Service - Windows Standards-Based Storage Management Service (CVE-2025-27486) - High [448]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.8 | 10 | EPSS Probability is 0.01754, EPSS Percentile is 0.81544 |
33. Remote Code Execution - Windows Hyper-V (CVE-2025-27491) - High [445]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
| 0.7 | 10 | CVSS Base Score is 7.1. According to Microsoft data source | |
| 0.7 | 10 | EPSS Probability is 0.00925, EPSS Percentile is 0.74786 |
Qualys: CVE-2025-27491: Windows Hyper-V Remote Code Execution Vulnerability Hyper-V is Microsoft’s hardware virtualization product that allows users to create and run virtual machines (VMs) on Windows Server and Windows 10/11. The product enables better hardware utilization and resource management. An attacker must win a race condition to exploit the vulnerability. The use after free flaw in Windows Hyper-V could allow an authenticated attacker to achieve remote code execution.
Rapid7: Some Microsoft security advisory FAQs provide a satisfying level of detail, whereas others raise more questions than they answer. CVE-2025-27491 is a Hyper-V critical RCE which falls into the second category, since it states that an attacker must be authenticated — no need for elevated privileges — but also that the attacker must send the user a malicious site and convince them to open it, and it’s not at all clear why authentication would be required in that case. Also unusual: the remediation table on the advisory lists several 32-bit versions of Windows as receiving patches, although Hyper-V requires a 64-bit processor and a 64-bit host OS.
34. Remote Code Execution - Microsoft Office (CVE-2025-26642) - High [442]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00087, EPSS Percentile is 0.2627 |
35. Remote Code Execution - Windows Lightweight Directory Access Protocol (LDAP) (CVE-2025-26663) - High [442]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 8.1. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.001, EPSS Percentile is 0.28847 |
Qualys: CVE-2025-26663 and CVE-2025-26670: Windows Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability An LDAP client is a software application or tool that uses the Lightweight Directory Access Protocol (LDAP) to interact with a directory service, enabling tasks like searching, retrieving, and managing information stored in a hierarchical structure. The use after free flaw in Lightweight Directory Access Protocol could allow an unauthenticated attacker to achieve remote code execution. An unauthenticated attacker may exploit the vulnerabilities by sending specially crafted requests to a vulnerable LDAP server.
Tenable: CVE-2025-26663 and CVE-2025-26670 | Multiple Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerabilities
Tenable: CVE-2025-26663 and CVE-2025-26670 are critical RCE vulnerabilities affecting Windows Lightweight Directory Access Protocol (LDAP) and LDAP Client respectively. These vulnerabilities were assigned a CVSSv3 score of 8.1, rated as critical and assessed as “Exploitation More Likely" according to Microsoft. Successful exploitation of either requires winning a race condition via a specially crafted request resulting in a use after free. If successful, the attacker could achieve RCE on an affected host.
Rapid7: Although it has been many months since we’ve seen a critical zero-day vulnerability from Microsoft, there is no shortage of critical remote code execution (RCE) vulnerabilities published today. Defenders responsible for an LDAP server — which means almost any organization with a non-trivial Microsoft footprint — should add patching for CVE-2025-26663 to their to-do list. With no privileges required, no need for user interaction, and code execution presumably in the context of the LDAP server itself, successful exploitation would be an attractive shortcut to any attacker. Anyone wondering if today is a re-run of December 2024 Patch Tuesday can take some small solace in the fact that the worst of the trio of LDAP critical RCEs published at the end of last year was likely easier to exploit than today’s example, since today’s CVE-2025-26663 requires that an attacker win a race condition. Despite that, Microsoft still expects that exploitation is more likely.
Rapid7: If you breathe a sigh of relief when you see LDAP server critical RCE vulnerabilities like CVE-2025-26663, because you’re certain that you don’t have any Windows LDAP servers in your estate, how about LDAP clients? CVE-2025-26670 describes a critical RCE in the LDAP client, although the FAQ confusingly states that exploitation would require an attacker to “send specially crafted requests to a vulnerable LDAP server”; this seems like it might be a data entry error on the advisory FAQ, so keep an eye out for an update to that section of the advisory. Assuming the rest of the advisory is all present and correct, exploitation requires that the attacker win a race condition, which keeps the attack complexity higher than it otherwise would be. While we wait for clarification, it’s still a critical RCE which Microsoft rates as “exploitation more likely”. On that basis, patching is always recommended.
ZDI: CVE-2025-26663/CVE-2025-26670 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. These bugs allow a remote, unauthenticated attacker to execute their code on affected systems just by sending a specially crafted LDAP message. They would need to win a race condition, but we’ve seen plenty of exploits work around this requirement. Since just about everything can host an LDAP service, there’s a plethora of targets out there. And since no user interaction is involved, these bugs are wormable. LDAP really shouldn’t be allowed through your network perimeter, but don’t rely on that alone. Test and deploy these updates quickly – unless you’re running Windows 10. Those patches aren’t available yet.
36. Remote Code Execution - Windows Remote Desktop Services (CVE-2025-27480) - High [442]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Remote Desktop Services, known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection | |
| 0.8 | 10 | CVSS Base Score is 8.1. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00134, EPSS Percentile is 0.34456 |
Qualys: CVE-2025-27480: Windows Remote Desktop Services Remote Code Execution Vulnerability The use after free flaw in Remote Desktop Gateway Service could allow an unauthenticated attacker to execute code remotely. An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then execute arbitrary code.
Tenable: CVE-2025-26671, CVE-2025-27482 and CVE-2025-27480 | Windows Remote Desktop Services Remote Code Execution Vulnerability
Tenable: CVE-2025-26671, CVE-2025-27480 and CVE-2025-27482 are RCE vulnerabilities in Windows Remote Desktop Gateway Service. Each was assigned a CVSSv3 score of 8.1 and two were rated as critical, with CVE-2025-26671 having a rating of Important. To exploit these flaws, an attacker must be able to win a race condition. Despite this requirement, Microsoft assessed CVE-2025-27482 and CVE-2025-27480 as “Exploitation More Likely” according to Microsoft’s Exploitability Index.
Rapid7: The prolific Windows vulnerability pioneers at Kunlun Lab are credited with a pair of critical RCE vulnerabilities in Windows Remote Desktop Services. Although both CVE-2025-27480 and CVE-2025-27482 share a CVSSv3 base score of 8.1, Microsoft has ranked them both as critical using its own proprietary severity ranking scale. Both vulnerabilities require that an attacker win a race condition. If you’ve ever read Microsoft’s guide to deploying the Remote Desktop Gateway role, you probably have some systems to patch.
ZDI: CVE-2025-27480/CVE-2025-27482 - Windows Remote Desktop Services Remote Code Execution Vulnerability. Here are some more Critical-rated bugs that don’t rely on user interaction. An attacker just needs to connect to an affected system with the Remote Desktop Gateway role to trigger another race condition, resulting in code execution. RDS is popular for remote management, so it is often reachable from the Internet. If you must leave it open to the world, consider IP restricting it to known users, then test and deploy these patches.
37. Remote Code Execution - Windows Remote Desktop Services (CVE-2025-27482) - High [442]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Remote Desktop Services, known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection | |
| 0.8 | 10 | CVSS Base Score is 8.1. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00087, EPSS Percentile is 0.26463 |
Qualys: CVE-2025-27482: Windows Remote Desktop Services Remote Code Execution Vulnerability In Remote Desktop Gateway Service, sensitive data storage in improperly locked memory can allow an unauthenticated attacker to execute remote code.
Tenable: CVE-2025-26671, CVE-2025-27482 and CVE-2025-27480 | Windows Remote Desktop Services Remote Code Execution Vulnerability
Tenable: CVE-2025-26671, CVE-2025-27480 and CVE-2025-27482 are RCE vulnerabilities in Windows Remote Desktop Gateway Service. Each was assigned a CVSSv3 score of 8.1 and two were rated as critical, with CVE-2025-26671 having a rating of Important. To exploit these flaws, an attacker must be able to win a race condition. Despite this requirement, Microsoft assessed CVE-2025-27482 and CVE-2025-27480 as “Exploitation More Likely” according to Microsoft’s Exploitability Index.
Rapid7: The prolific Windows vulnerability pioneers at Kunlun Lab are credited with a pair of critical RCE vulnerabilities in Windows Remote Desktop Services. Although both CVE-2025-27480 and CVE-2025-27482 share a CVSSv3 base score of 8.1, Microsoft has ranked them both as critical using its own proprietary severity ranking scale. Both vulnerabilities require that an attacker win a race condition. If you’ve ever read Microsoft’s guide to deploying the Remote Desktop Gateway role, you probably have some systems to patch.
ZDI: CVE-2025-27480/CVE-2025-27482 - Windows Remote Desktop Services Remote Code Execution Vulnerability. Here are some more Critical-rated bugs that don’t rely on user interaction. An attacker just needs to connect to an affected system with the Remote Desktop Gateway role to trigger another race condition, resulting in code execution. RDS is popular for remote management, so it is often reachable from the Internet. If you must leave it open to the world, consider IP restricting it to known users, then test and deploy these patches.
38. Remote Code Execution - Windows Telephony Service (CVE-2025-21205) - High [442]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.21589 |
39. Remote Code Execution - Windows Telephony Service (CVE-2025-21221) - High [442]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.21589 |
40. Remote Code Execution - Windows Telephony Service (CVE-2025-21222) - High [442]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.21589 |
41. Remote Code Execution - Windows Telephony Service (CVE-2025-27477) - High [442]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.21589 |
42. Remote Code Execution - Windows Telephony Service (CVE-2025-27481) - High [442]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.21589 |
43. 
Memory Corruption - Chromium (CVE-2025-2476) - High [436]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.9 | 10 | EPSS Probability is 0.04546, EPSS Percentile is 0.88558 |
MS PT Extended: CVE-2025-2476 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
44. Security Feature Bypass - Chromium (CVE-2025-3068) - High [436]
Description: Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.3 | 10 | EPSS Probability is 0.00093, EPSS Percentile is 0.27646 |
MS PT Extended: CVE-2025-3068 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
45. Security Feature Bypass - Chromium (CVE-2025-3069) - High [436]
Description: Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.3 | 10 | EPSS Probability is 0.00094, EPSS Percentile is 0.27789 |
MS PT Extended: CVE-2025-3069 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
46. Security Feature Bypass - Windows Kerberos (CVE-2025-29809) - High [436]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.1. According to Microsoft data source | |
| 0.5 | 10 | EPSS Probability is 0.00303, EPSS Percentile is 0.53043 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-27727 is an elevation of privilege vulnerability in Windows Installer. An attacker may exploit the vulnerability to gain SYSTEM privileges. CVE-2025-29792 is an elevation of privilege vulnerability in Microsoft Office. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-29793 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29794 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29809 is a security feature bypass vulnerability in Windows Kerberos. An attacker who successfully exploited this vulnerability could bypass the Windows Defender Credential Guard feature to leak Kerberos’s credentials. CVE-2025-27472 is a security feature bypass vulnerability in Windows Mark of the Web. Protection mechanism failure in Windows Mark of the Web (MOTW) could allow an unauthenticated attacker to bypass a security feature over a network. CVE-2025-29812 is an elevation of privilege vulnerability in the DirectX Graphics Kernel. An attacker may exploit the vulnerability to gain SYSTEM privileges.
ZDI: CVE-2025-29809 - Windows Kerberos Security Feature Bypass Vulnerability. There are several security feature bypass (SFB) bugs in this release, but this one stands out above the others. A local attacker could abuse this vulnerability to leak Kerberos credentials. And you may need to take actions beyond just patching. If you rely on Virtualization-Based Security (VBS), you’ll need to read this document and then redeploy with the updated policy.
47. Security Feature Bypass - Windows Security Zone Mapping (CVE-2025-27737) - High [436]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.6. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00086, EPSS Percentile is 0.26091 |
48. Remote Code Execution - Microsoft Edge (CVE-2025-29815) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Web browser | |
| 0.8 | 10 | CVSS Base Score is 7.6. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00065, EPSS Percentile is 0.20815 |
MS PT Extended: CVE-2025-29815 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
49. Remote Code Execution - Microsoft Office (CVE-2025-27746) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.21669 |
50. Remote Code Execution - Windows Media (CVE-2025-26666) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00057, EPSS Percentile is 0.17821 |
51. Remote Code Execution - Windows Media (CVE-2025-26674) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00057, EPSS Percentile is 0.17821 |
52. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2025-26668) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.15299 |
53. Remote Code Execution - Windows Shell (CVE-2025-27729) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.21669 |
54. Elevation of Privilege - Chromium (CVE-2025-3067) - High [427]
Description: Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.3 | 10 | EPSS Probability is 0.0009, EPSS Percentile is 0.27076 |
MS PT Extended: CVE-2025-3067 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
55. Elevation of Privilege - Windows Installer (CVE-2025-27727) - High [427]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00141, EPSS Percentile is 0.35415 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-27727 is an elevation of privilege vulnerability in Windows Installer. An attacker may exploit the vulnerability to gain SYSTEM privileges. CVE-2025-29792 is an elevation of privilege vulnerability in Microsoft Office. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-29793 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29794 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29809 is a security feature bypass vulnerability in Windows Kerberos. An attacker who successfully exploited this vulnerability could bypass the Windows Defender Credential Guard feature to leak Kerberos’s credentials. CVE-2025-27472 is a security feature bypass vulnerability in Windows Mark of the Web. Protection mechanism failure in Windows Mark of the Web (MOTW) could allow an unauthenticated attacker to bypass a security feature over a network. CVE-2025-29812 is an elevation of privilege vulnerability in the DirectX Graphics Kernel. An attacker may exploit the vulnerability to gain SYSTEM privileges.
56. Elevation of Privilege - Windows Kerberos (CVE-2025-26647) - High [427]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00111, EPSS Percentile is 0.30768 |
57. Elevation of Privilege - Active Directory Certificate Services (CVE-2025-27740) - High [425]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Active Directory Certificate Services | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.7 | 10 | EPSS Probability is 0.00553, EPSS Percentile is 0.66815 |
Tenable: CVE-2025-27740 | Active Directory Certificate Services Elevation of Privilege Vulnerability
Tenable: CVE-2025-27740 is an EoP vulnerability affecting Active Directory Certificate Services. It was assigned a CVSSv3 score of 8.8 and is rated as important. According to Microsoft, successful exploitation would allow an attacker to gain domain administrator privileges by manipulating computer accounts. This vulnerability is assessed as “Exploitation Less Likely.”
58. Security Feature Bypass - Microsoft OneNote (CVE-2025-29822) - High [422]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.5 | 14 | Microsoft OneNote | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.7 | 10 | EPSS Probability is 0.00527, EPSS Percentile is 0.65954 |
59. Elevation of Privilege - Windows Kernel (CVE-2025-26648) - High [420]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00051, EPSS Percentile is 0.15979 |
60. Elevation of Privilege - Windows Kernel (CVE-2025-27739) - High [420]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00057, EPSS Percentile is 0.17821 |
61. Elevation of Privilege - Windows Win32k (CVE-2025-26687) - High [420]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.15299 |
62. Elevation of Privilege - DirectX Graphics Kernel (CVE-2025-29812) - High [416]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | DirectX Graphics Kernel | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00103, EPSS Percentile is 0.29541 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-27727 is an elevation of privilege vulnerability in Windows Installer. An attacker may exploit the vulnerability to gain SYSTEM privileges. CVE-2025-29792 is an elevation of privilege vulnerability in Microsoft Office. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-29793 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29794 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29809 is a security feature bypass vulnerability in Windows Kerberos. An attacker who successfully exploited this vulnerability could bypass the Windows Defender Credential Guard feature to leak Kerberos’s credentials. CVE-2025-27472 is a security feature bypass vulnerability in Windows Mark of the Web. Protection mechanism failure in Windows Mark of the Web (MOTW) could allow an unauthenticated attacker to bypass a security feature over a network. CVE-2025-29812 is an elevation of privilege vulnerability in the DirectX Graphics Kernel. An attacker may exploit the vulnerability to gain SYSTEM privileges.
63. Elevation of Privilege - Microsoft DWM Core Library (CVE-2025-24060) - High [416]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00084, EPSS Percentile is 0.25679 |
64. Elevation of Privilege - Microsoft DWM Core Library (CVE-2025-24062) - High [416]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00084, EPSS Percentile is 0.25679 |
65. Elevation of Privilege - Microsoft DWM Core Library (CVE-2025-24073) - High [416]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00084, EPSS Percentile is 0.25679 |
66. Elevation of Privilege - Microsoft DWM Core Library (CVE-2025-24074) - High [416]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00084, EPSS Percentile is 0.25679 |
67. Elevation of Privilege - Microsoft Office (CVE-2025-29792) - High [416]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.7 | 10 | CVSS Base Score is 7.3. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00153, EPSS Percentile is 0.37147 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-27727 is an elevation of privilege vulnerability in Windows Installer. An attacker may exploit the vulnerability to gain SYSTEM privileges. CVE-2025-29792 is an elevation of privilege vulnerability in Microsoft Office. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-29793 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29794 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29809 is a security feature bypass vulnerability in Windows Kerberos. An attacker who successfully exploited this vulnerability could bypass the Windows Defender Credential Guard feature to leak Kerberos’s credentials. CVE-2025-27472 is a security feature bypass vulnerability in Windows Mark of the Web. Protection mechanism failure in Windows Mark of the Web (MOTW) could allow an unauthenticated attacker to bypass a security feature over a network. CVE-2025-29812 is an elevation of privilege vulnerability in the DirectX Graphics Kernel. An attacker may exploit the vulnerability to gain SYSTEM privileges.
68. Elevation of Privilege - Microsoft OpenSSH for Windows (CVE-2025-27731) - High [416]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00084, EPSS Percentile is 0.25679 |
69. Elevation of Privilege - Windows DWM Core Library (CVE-2025-24058) - High [416]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00084, EPSS Percentile is 0.25679 |
70. Elevation of Privilege - Windows Mobile Broadband Driver (CVE-2025-29811) - High [416]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00084, EPSS Percentile is 0.25679 |
71. Security Feature Bypass - BitLocker (CVE-2025-26637) - High [413]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | A full volume encryption feature included with Microsoft Windows versions starting with Windows Vista | |
| 0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00109, EPSS Percentile is 0.30398 |
72. Security Feature Bypass - Windows Defender Application Control (CVE-2025-26678) - High [413]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 8.4. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00062, EPSS Percentile is 0.19654 |
73. 
Information Disclosure - Windows Routing and Remote Access Service (RRAS) (CVE-2025-26669) - High [412]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.21589 |
74. Information Disclosure - Windows Routing and Remote Access Service (RRAS) (CVE-2025-27474) - High [412]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00188, EPSS Percentile is 0.41231 |
75. Elevation of Privilege - Microsoft Office (CVE-2025-27744) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00052, EPSS Percentile is 0.16344 |
76. Elevation of Privilege - Windows Bluetooth Service (CVE-2025-27490) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00057, EPSS Percentile is 0.17821 |
77. Elevation of Privilege - Windows Digital Media (CVE-2025-27467) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00057, EPSS Percentile is 0.17821 |
78. Elevation of Privilege - Windows Digital Media (CVE-2025-27476) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00057, EPSS Percentile is 0.17821 |
79. Elevation of Privilege - Windows Digital Media (CVE-2025-27730) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00057, EPSS Percentile is 0.17821 |
80. Elevation of Privilege - Windows Kernel-Mode Driver (CVE-2025-27728) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00057, EPSS Percentile is 0.17821 |
81. Elevation of Privilege - Windows NTFS (CVE-2025-27483) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | The default file system of the Windows NT family | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.21669 |
82. Elevation of Privilege - Windows NTFS (CVE-2025-27733) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | The default file system of the Windows NT family | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.21669 |
83. Elevation of Privilege - Windows NTFS (CVE-2025-27741) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | The default file system of the Windows NT family | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.21669 |
84. Elevation of Privilege - Windows Subsystem for Linux (CVE-2025-26675) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00057, EPSS Percentile is 0.17821 |
85. Elevation of Privilege - Windows USB Print Driver (CVE-2025-26639) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00078, EPSS Percentile is 0.24224 |
86. Elevation of Privilege - Windows Universal Plug and Play (UPnP) Device Host (CVE-2025-27484) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00051, EPSS Percentile is 0.15877 |
87. Remote Code Execution - Microsoft Dataverse (CVE-2025-29807) - High [402]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.2 | 14 | Microsoft Dataverse | |
| 0.9 | 10 | CVSS Base Score is 8.7. According to Microsoft data source | |
| 0.7 | 10 | EPSS Probability is 0.0075, EPSS Percentile is 0.71854 |
MS PT Extended: CVE-2025-29807 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
88. Security Feature Bypass - Chromium (CVE-2025-3070) - High [401]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
| 0.2 | 10 | EPSS Probability is 0.0007, EPSS Percentile is 0.2204 |
MS PT Extended: CVE-2025-3070 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
89. Security Feature Bypass - Windows Hello (CVE-2025-26635) - High [401]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00073, EPSS Percentile is 0.22941 |
90. Information Disclosure - Windows NTFS (CVE-2025-21197) - High [400]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | The default file system of the Windows NT family | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00098, EPSS Percentile is 0.28625 |
91. Information Disclosure - Windows Resilient File System (ReFS) (CVE-2025-27738) - High [400]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00098, EPSS Percentile is 0.28625 |
92. Denial of Service - ASP.NET Core and Visual Studio (CVE-2025-26682) - Medium [398]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | ASP.NET Core and Visual Studio | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.8 | 10 | EPSS Probability is 0.02364, EPSS Percentile is 0.84053 |
93. Denial of Service - HTTP.sys (CVE-2025-27473) - Medium [398]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | HTTP.sys | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.8 | 10 | EPSS Probability is 0.02364, EPSS Percentile is 0.84053 |
94. Denial of Service - Kerberos Key Distribution Proxy Service (CVE-2025-27479) - Medium [398]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | Kerberos Key Distribution Proxy Service | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.8 | 10 | EPSS Probability is 0.02364, EPSS Percentile is 0.84053 |
95. Denial of Service - Microsoft Message Queuing (MSMQ) (CVE-2025-26641) - Medium [398]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | Microsoft Message Queuing (MSMQ) | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.8 | 10 | EPSS Probability is 0.02364, EPSS Percentile is 0.84053 |
96. Elevation of Privilege - Microsoft Dataverse (CVE-2025-24053) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.4 | 17 | The existence of a private exploit is mentioned on Microsoft:PrivateExploit:PoC website | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.2 | 14 | Microsoft Dataverse | |
| 0.7 | 10 | CVSS Base Score is 7.2. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.0014, EPSS Percentile is 0.35243 |
MS PT Extended: CVE-2025-24053 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
97. Remote Code Execution - Microsoft Excel (CVE-2025-27750) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.21669 |
98. Remote Code Execution - Microsoft Excel (CVE-2025-27751) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.21669 |
99. Remote Code Execution - Microsoft Excel (CVE-2025-29823) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.21669 |
100. Remote Code Execution - Microsoft Word (CVE-2025-27747) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product. | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.21669 |
101. Remote Code Execution - Microsoft Word (CVE-2025-29820) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product. | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.21669 |
102. Remote Code Execution - Lightweight Directory Access Protocol (LDAP) Client (CVE-2025-26670) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Lightweight Directory Access Protocol (LDAP) Client | |
| 0.8 | 10 | CVSS Base Score is 8.1. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00132, EPSS Percentile is 0.34163 |
Qualys: CVE-2025-26663 and CVE-2025-26670: Windows Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability An LDAP client is a software application or tool that uses the Lightweight Directory Access Protocol (LDAP) to interact with a directory service, enabling tasks like searching, retrieving, and managing information stored in a hierarchical structure. The use after free flaw in Lightweight Directory Access Protocol could allow an unauthenticated attacker to achieve remote code execution. An unauthenticated attacker may exploit the vulnerabilities by sending specially crafted requests to a vulnerable LDAP server.
Tenable: CVE-2025-26663 and CVE-2025-26670 | Multiple Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerabilities
Tenable: CVE-2025-26663 and CVE-2025-26670 are critical RCE vulnerabilities affecting Windows Lightweight Directory Access Protocol (LDAP) and LDAP Client respectively. These vulnerabilities were assigned a CVSSv3 score of 8.1, rated as critical and assessed as “Exploitation More Likely" according to Microsoft. Successful exploitation of either requires winning a race condition via a specially crafted request resulting in a use after free. If successful, the attacker could achieve RCE on an affected host.
Rapid7: If you breathe a sigh of relief when you see LDAP server critical RCE vulnerabilities like CVE-2025-26663, because you’re certain that you don’t have any Windows LDAP servers in your estate, how about LDAP clients? CVE-2025-26670 describes a critical RCE in the LDAP client, although the FAQ confusingly states that exploitation would require an attacker to “send specially crafted requests to a vulnerable LDAP server”; this seems like it might be a data entry error on the advisory FAQ, so keep an eye out for an update to that section of the advisory. Assuming the rest of the advisory is all present and correct, exploitation requires that the attacker win a race condition, which keeps the attack complexity higher than it otherwise would be. While we wait for clarification, it’s still a critical RCE which Microsoft rates as “exploitation more likely”. On that basis, patching is always recommended.
ZDI: CVE-2025-26663/CVE-2025-26670 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. These bugs allow a remote, unauthenticated attacker to execute their code on affected systems just by sending a specially crafted LDAP message. They would need to win a race condition, but we’ve seen plenty of exploits work around this requirement. Since just about everything can host an LDAP service, there’s a plethora of targets out there. And since no user interaction is involved, these bugs are wormable. LDAP really shouldn’t be allowed through your network perimeter, but don’t rely on that alone. Test and deploy these updates quickly – unless you’re running Windows 10. Those patches aren’t available yet.
103. Information Disclosure - Windows Routing and Remote Access Service (RRAS) (CVE-2025-21203) - Medium [388]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.19473 |
104. Information Disclosure - Windows Routing and Remote Access Service (RRAS) (CVE-2025-26664) - Medium [388]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.19473 |
105. Information Disclosure - Windows Routing and Remote Access Service (RRAS) (CVE-2025-26667) - Medium [388]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00068, EPSS Percentile is 0.21458 |
106. Information Disclosure - Windows Routing and Remote Access Service (RRAS) (CVE-2025-26672) - Medium [388]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.19473 |
107. Information Disclosure - Windows Routing and Remote Access Service (RRAS) (CVE-2025-26676) - Medium [388]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.19473 |
108. Elevation of Privilege - RPC Endpoint Mapper Service (CVE-2025-26679) - Medium [387]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.7 | 14 | RPC Endpoint Mapper Service | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00057, EPSS Percentile is 0.17821 |
109. Elevation of Privilege - Windows Digital Media (CVE-2025-26640) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.0004, EPSS Percentile is 0.1148 |
110. Elevation of Privilege - Windows Graphics Component (CVE-2025-27732) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00036, EPSS Percentile is 0.09178 |
111. Elevation of Privilege - Windows Local Security Authority (LSA) (CVE-2025-21191) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00036, EPSS Percentile is 0.09178 |
112. Elevation of Privilege - Windows Local Security Authority (LSA) (CVE-2025-27478) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.0004, EPSS Percentile is 0.1148 |
113. Elevation of Privilege - Windows Secure Channel (CVE-2025-26649) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00036, EPSS Percentile is 0.09178 |
114. Elevation of Privilege - Windows Secure Channel (CVE-2025-27492) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00036, EPSS Percentile is 0.09178 |
115. Elevation of Privilege - Windows Update Stack (CVE-2025-27475) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00036, EPSS Percentile is 0.09178 |
116. Elevation of Privilege - Windows upnphost.dll (CVE-2025-26665) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00036, EPSS Percentile is 0.09178 |
117. Security Feature Bypass - Windows Mark of the Web (CVE-2025-27472) - Medium [377]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.5 | 10 | CVSS Base Score is 5.4. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00079, EPSS Percentile is 0.24476 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-27727 is an elevation of privilege vulnerability in Windows Installer. An attacker may exploit the vulnerability to gain SYSTEM privileges. CVE-2025-29792 is an elevation of privilege vulnerability in Microsoft Office. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-29793 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29794 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29809 is a security feature bypass vulnerability in Windows Kerberos. An attacker who successfully exploited this vulnerability could bypass the Windows Defender Credential Guard feature to leak Kerberos’s credentials. CVE-2025-27472 is a security feature bypass vulnerability in Windows Mark of the Web. Protection mechanism failure in Windows Mark of the Web (MOTW) could allow an unauthenticated attacker to bypass a security feature over a network. CVE-2025-29812 is an elevation of privilege vulnerability in the DirectX Graphics Kernel. An attacker may exploit the vulnerability to gain SYSTEM privileges.
118. Security Feature Bypass - Windows Virtualization-Based Security (VBS) (CVE-2025-27735) - Medium [377]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 6.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00032, EPSS Percentile is 0.07831 |
119. Information Disclosure - Windows Admin Center in Azure Portal (CVE-2025-29819) - Medium [376]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 6.2. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.0008, EPSS Percentile is 0.24658 |
120. Information Disclosure - Windows NTFS (CVE-2025-27742) - Medium [376]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | The default file system of the Windows NT family | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00051, EPSS Percentile is 0.15762 |
121. Information Disclosure - Windows Power Dependency Coordinator (CVE-2025-27736) - Medium [376]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.0005, EPSS Percentile is 0.15686 |
122. Elevation of Privilege - Azure Health Bot (CVE-2025-21384) - Medium [366]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Azure Health Bot | |
| 0.8 | 10 | CVSS Base Score is 8.3. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00102, EPSS Percentile is 0.29381 |
MS PT Extended: CVE-2025-21384 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
123. Elevation of Privilege - Azure Local (CVE-2025-27489) - Medium [366]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Azure Local | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00084, EPSS Percentile is 0.25679 |
124. Elevation of Privilege - Azure Playwright (CVE-2025-26683) - Medium [366]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Azure Playwright | |
| 0.8 | 10 | CVSS Base Score is 8.1. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00086, EPSS Percentile is 0.26098 |
MS PT Extended: CVE-2025-26683 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
125. Elevation of Privilege - Microsoft System Center (CVE-2025-27743) - Medium [366]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft System Center is a suite of software products designed to simplify the deployment, configuration and management of IT infrastructure and virtualized software-defined data centers (SDDCs). | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00114, EPSS Percentile is 0.31395 |
126. Memory Corruption - Chromium (CVE-2025-2136) - Medium [365]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.3 | 10 | EPSS Probability is 0.00085, EPSS Percentile is 0.25877 |
MS PT Extended: CVE-2025-2136 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
127. Memory Corruption - Chromium (CVE-2025-3066) - Medium [365]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.3 | 10 | EPSS Probability is 0.00123, EPSS Percentile is 0.32807 |
MS PT Extended: CVE-2025-3066 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
128. Information Disclosure - Azure Local Cluster (CVE-2025-25002) - Medium [362]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.5 | 14 | Azure Local Cluster | |
| 0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00171, EPSS Percentile is 0.39328 |
129. Information Disclosure - Outlook for Android (CVE-2025-29805) - Medium [362]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.5 | 14 | Outlook for Android | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00095, EPSS Percentile is 0.27866 |
130. Security Feature Bypass - Microsoft Word (CVE-2025-29816) - Medium [355]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.6 | 14 | Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product. | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.0 | 10 | EPSS Probability is 0.00022, EPSS Percentile is 0.04323 |
131. Elevation of Privilege - Active Directory Domain Services (CVE-2025-29810) - Medium [354]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Active Directory Domain Services | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00052, EPSS Percentile is 0.16254 |
132. Elevation of Privilege - Microsoft AutoUpdate (MAU) (CVE-2025-29800) - Medium [354]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft AutoUpdate (MAU) | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00052, EPSS Percentile is 0.16344 |
133. Elevation of Privilege - Microsoft AutoUpdate (MAU) (CVE-2025-29801) - Medium [354]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft AutoUpdate (MAU) | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00052, EPSS Percentile is 0.16344 |
134. Elevation of Privilege - Microsoft Virtual Hard Disk (CVE-2025-26688) - Medium [354]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | The Virtual Hard Disk (VHD) format is a publicly-available image format specification that allows encapsulation of the hard disk into an individual file. | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00057, EPSS Percentile is 0.17821 |
135. Denial of Service - Microsoft Streaming Service (CVE-2025-27471) - Medium [353]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.9. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00057, EPSS Percentile is 0.17889 |
136. Memory Corruption - Chromium (CVE-2025-1920) - Medium [353]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.2 | 10 | EPSS Probability is 0.00062, EPSS Percentile is 0.1986 |
MS PT Extended: CVE-2025-1920 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
137. Memory Corruption - Chromium (CVE-2025-2135) - Medium [353]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.2 | 10 | EPSS Probability is 0.00062, EPSS Percentile is 0.1986 |
MS PT Extended: CVE-2025-2135 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
138. Memory Corruption - Chromium (CVE-2025-2137) - Medium [353]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.2 | 10 | EPSS Probability is 0.00062, EPSS Percentile is 0.1986 |
MS PT Extended: CVE-2025-2137 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
139. Security Feature Bypass - Chromium (CVE-2025-3071) - Medium [353]
Description: Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.5 | 10 | CVSS Base Score is 5.4. According to NVD data source | |
| 0.0 | 10 | EPSS Probability is 0.00014, EPSS Percentile is 0.0166 |
MS PT Extended: CVE-2025-3071 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
140. Information Disclosure - Windows Cryptographic Services (CVE-2025-29808) - Medium [352]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0.0 | 10 | EPSS Probability is 0.0002, EPSS Percentile is 0.0358 |
141. Elevation of Privilege - Microsoft Edge (Chromium-based) Update (CVE-2025-29795) - Medium [342]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Edge (Chromium-based) Update | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.1301 |
MS PT Extended: CVE-2025-29795 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
142. Elevation of Privilege - Visual Studio Tools for Applications and SQL Server Management Studio (CVE-2025-29803) - Medium [342]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Visual Studio Tools for Applications and SQL Server Management Studio | |
| 0.7 | 10 | CVSS Base Score is 7.3. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00055, EPSS Percentile is 0.17313 |
143. Information Disclosure - Azure Local Cluster (CVE-2025-26628) - Medium [338]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.5 | 14 | Azure Local Cluster | |
| 0.7 | 10 | CVSS Base Score is 7.3. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00053, EPSS Percentile is 0.16648 |
144. Elevation of Privilege - Visual Studio (CVE-2025-29802) - Medium [308]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.3 | 14 | Integrated development environment | |
| 0.7 | 10 | CVSS Base Score is 7.3. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00063, EPSS Percentile is 0.20147 |
145. Elevation of Privilege - Visual Studio (CVE-2025-29804) - Medium [308]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.3 | 14 | Integrated development environment | |
| 0.7 | 10 | CVSS Base Score is 7.3. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00051, EPSS Percentile is 0.15853 |
146. 
Spoofing - Microsoft Edge for iOS (CVE-2025-29796) - Medium [307]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.4 | 17 | The existence of a private exploit is mentioned on Microsoft:PrivateExploit:PoC website | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Microsoft Edge for iOS | |
| 0.5 | 10 | CVSS Base Score is 4.7. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.12923 |
MS PT Extended: CVE-2025-29796 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
147. Information Disclosure - Microsoft Dynamics Business Central (CVE-2025-29821) - Medium [293]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.3 | 14 | Microsoft Dynamics Business Central | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00072, EPSS Percentile is 0.22756 |
148. Spoofing - Chromium (CVE-2025-3072) - Medium [288]
Description: Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.5 | 10 | CVSS Base Score is 5.4. According to NVD data source | |
| 0.2 | 10 | EPSS Probability is 0.00072, EPSS Percentile is 0.22738 |
MS PT Extended: CVE-2025-3072 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
149. Spoofing - Chromium (CVE-2025-3073) - Medium [288]
Description: Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.5 | 10 | CVSS Base Score is 5.4. According to NVD data source | |
| 0.2 | 10 | EPSS Probability is 0.00072, EPSS Percentile is 0.22738 |
MS PT Extended: CVE-2025-3073 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
150. Spoofing - Chromium (CVE-2025-3074) - Medium [288]
Description: Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.5 | 10 | CVSS Base Score is 5.4. According to NVD data source | |
| 0.2 | 10 | EPSS Probability is 0.00072, EPSS Percentile is 0.22738 |
MS PT Extended: CVE-2025-3074 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
151. Spoofing - Windows Hello (CVE-2025-26644) - Medium [288]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Windows component | |
| 0.5 | 10 | CVSS Base Score is 5.1. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00054, EPSS Percentile is 0.16859 |
152. Elevation of Privilege - Visual Studio Code (CVE-2025-20570) - Medium [285]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.3 | 14 | Integrated development environment | |
| 0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
153. Spoofing - Microsoft Edge for iOS (CVE-2025-25001) - Medium [226]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Microsoft Edge for iOS | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00058, EPSS Percentile is 0.18552 |
MS PT Extended: CVE-2025-25001 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
Security Feature Bypass (1)MS PT Extended: CVE-2025-2783 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
Elevation of Privilege (1)Qualys: CVE-2025-29824: Windows Common Log File System Driver Elevation of Privilege Vulnerability The Common Log File System (CLFS) is a general-purpose logging service used by software clients running in user or kernel mode. CLFS can be used for data management, database systems, messaging, Online Transactional Processing (OLTP), and other transactional systems. The use after free flaw in the Windows Common Log File System Driver could allow an authenticated attacker to elevate privileges locally. Upon successful exploitation, an attacker may gain SYSTEM privileges. CISA added the CVE-2025-29824 to its Known Exploited Vulnerabilities Catalog, acknowledging its active exploitation. CISA urges users to patch the vulnerability before April 29, 2025.
Tenable: Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824)
Tenable: CVE-2025-29824 | Windows Common Log File System Driver Elevation of Privilege Vulnerability
Tenable: CVE-2025-29824 is an EoP vulnerability in the Windows Common Log File System (CLFS) Driver. It was assigned a CVSSv3 score of 7.8 and is rated as important. It was exploited in the wild as a zero-day. Microsoft identified this vulnerability in ransomware deployed by the PipeMagic malware via the group tracked as Storm-2460.
Rapid7: The Windows Common Log File System (CLFS) Driver is firmly back on our radar today with CVE-2025-29824, a zero-day local elevation of privilege vulnerability. First, the good news: the Acknowledgements section credits the Microsoft Threat Intelligence Center, so the exploit was successfully reproduced by Microsoft; the less-good news is that someone other than Microsoft was first to discover the exploit, because otherwise Microsoft wouldn’t be listing CVE-2025-29824 as exploited in the wild. The advisory does not specify what privilege level is achieved upon successful exploitation, but it’ll be SYSTEM, because that’s the prize for all the other CLFS elevation of privilege zero-day vulnerabilities. As usual, some form of less-privileged local access is a pre-requisite, but attack complexity is low, so this is the sort of vulnerability which goes into any standard break-and-enter toolkit. Given the long history of similar vulnerabilities, it would be more surprising if exploit code wasn’t publicly available in the not-too-distant future. Although December 2024 Patch Tuesday seems as though it must have been a very long time ago, any standard calendar will tell us that only 119 days have elapsed since the last zero-day CLFS local elevation of privilege. Rapid7 discussed the history of CLFS zero-day elevation of privilege vulnerabilities at the time. All versions of Windows receive a patch, except for the venerable LTSC Windows 10 1507, which is listed on the advisory as vulnerable, but left out in the cold with no update; the FAQ says to check back later. Windows 10 LTSC 1507 is scheduled for end of servicing on 2025-10-14, so the clock is ticking regardless.
ZDI: CVE-2025-29824 - Windows Common Log File System Driver Elevation of Privilege Vulnerability. This privilege escalation bug is listed as under active attack and allows a threat actor to execute their code with SYSTEM privileges. These types of bugs are often paired with code execution bugs to take over a system. Microsoft gives no indication of how widespread these attacks are. Regardless, test and deploy this update quickly.
Remote Code Execution (1)MS PT Extended: CVE-2025-24201 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
Remote Code Execution (4)MS PT Extended: CVE-2025-1974 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
MS PT Extended: CVE-2025-24514 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
MS PT Extended: CVE-2025-1097 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
MS PT Extended: CVE-2025-1098 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
Elevation of Privilege (1)Security Feature Bypass (1)MS PT Extended: CVE-2025-24513 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
Remote Code Execution (35)MS PT Extended: CVE-2025-29806 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
MS PT Extended: CVE-2025-25000 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
MS PT Extended: CVE-2025-29815 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
Qualys: CVE-2025-27745, CVE-2025-27748, and CVE-2025-27749: Microsoft Office Remote Code Execution Vulnerability The use after free flaw in Microsoft Office could allow an unauthenticated attacker to achieve remote code execution.
Tenable: Microsoft also patched an RCE vulnerability in Remote Desktop Client (CVE-2025-27487).
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-27727 is an elevation of privilege vulnerability in Windows Installer. An attacker may exploit the vulnerability to gain SYSTEM privileges. CVE-2025-29792 is an elevation of privilege vulnerability in Microsoft Office. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-29793 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29794 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29809 is a security feature bypass vulnerability in Windows Kerberos. An attacker who successfully exploited this vulnerability could bypass the Windows Defender Credential Guard feature to leak Kerberos’s credentials. CVE-2025-27472 is a security feature bypass vulnerability in Windows Mark of the Web. Protection mechanism failure in Windows Mark of the Web (MOTW) could allow an unauthenticated attacker to bypass a security feature over a network. CVE-2025-29812 is an elevation of privilege vulnerability in the DirectX Graphics Kernel. An attacker may exploit the vulnerability to gain SYSTEM privileges.
Tenable: CVE-2025-29793 and CVE-2025-29794 | Microsoft SharePoint Remote Code Execution Vulnerability
Tenable: CVE-2025-29793 and CVE-2025-29794 are RCE vulnerabilities affecting Microsoft SharePoint Server. The most severe of these vulnerabilities was assigned a CVSSv3 score of 8.8 and both were rated as important. Successful exploitation would grant an attacker the ability to execute arbitrary code. According to Microsoft, an attacker would need to be authenticated in order to exploit this vulnerability.
Qualys: CVE-2025-26686: Windows TCP/IP Remote Code Execution Vulnerability TCP/IP stands for Transmission Control Protocol/Internet Protocol and is a suite of communication protocols used to interconnect network devices on the Internet. TCP/IP is also used as a communications protocol in a private computer network — an intranet or extranet. An attacker must win a race condition to exploit the vulnerability. Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
Qualys: CVE-2025-27752: Microsoft Excel Remote Code Execution Vulnerability The heap-based buffer overflow flaw in Microsoft Office Excel could allow an unauthenticated attacker to achieve remote code execution.
Qualys: CVE-2025-29791: Microsoft Excel Remote Code Execution Vulnerability The type confusion in Microsoft Office Excel could allow an unauthenticated attacker to achieve remote code execution.
Qualys: CVE-2025-27480: Windows Remote Desktop Services Remote Code Execution Vulnerability The use after free flaw in Remote Desktop Gateway Service could allow an unauthenticated attacker to execute code remotely. An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then execute arbitrary code.
Qualys: CVE-2025-27482: Windows Remote Desktop Services Remote Code Execution Vulnerability In Remote Desktop Gateway Service, sensitive data storage in improperly locked memory can allow an unauthenticated attacker to execute remote code.
Tenable: CVE-2025-26671, CVE-2025-27482 and CVE-2025-27480 | Windows Remote Desktop Services Remote Code Execution Vulnerability
Tenable: CVE-2025-26671, CVE-2025-27480 and CVE-2025-27482 are RCE vulnerabilities in Windows Remote Desktop Gateway Service. Each was assigned a CVSSv3 score of 8.1 and two were rated as critical, with CVE-2025-26671 having a rating of Important. To exploit these flaws, an attacker must be able to win a race condition. Despite this requirement, Microsoft assessed CVE-2025-27482 and CVE-2025-27480 as “Exploitation More Likely” according to Microsoft’s Exploitability Index.
Rapid7: The prolific Windows vulnerability pioneers at Kunlun Lab are credited with a pair of critical RCE vulnerabilities in Windows Remote Desktop Services. Although both CVE-2025-27480 and CVE-2025-27482 share a CVSSv3 base score of 8.1, Microsoft has ranked them both as critical using its own proprietary severity ranking scale. Both vulnerabilities require that an attacker win a race condition. If you’ve ever read Microsoft’s guide to deploying the Remote Desktop Gateway role, you probably have some systems to patch.
ZDI: CVE-2025-27480/CVE-2025-27482 - Windows Remote Desktop Services Remote Code Execution Vulnerability. Here are some more Critical-rated bugs that don’t rely on user interaction. An attacker just needs to connect to an affected system with the Remote Desktop Gateway role to trigger another race condition, resulting in code execution. RDS is popular for remote management, so it is often reachable from the Internet. If you must leave it open to the world, consider IP restricting it to known users, then test and deploy these patches.
Qualys: CVE-2025-27491: Windows Hyper-V Remote Code Execution Vulnerability Hyper-V is Microsoft’s hardware virtualization product that allows users to create and run virtual machines (VMs) on Windows Server and Windows 10/11. The product enables better hardware utilization and resource management. An attacker must win a race condition to exploit the vulnerability. The use after free flaw in Windows Hyper-V could allow an authenticated attacker to achieve remote code execution.
Rapid7: Some Microsoft security advisory FAQs provide a satisfying level of detail, whereas others raise more questions than they answer. CVE-2025-27491 is a Hyper-V critical RCE which falls into the second category, since it states that an attacker must be authenticated — no need for elevated privileges — but also that the attacker must send the user a malicious site and convince them to open it, and it’s not at all clear why authentication would be required in that case. Also unusual: the remediation table on the advisory lists several 32-bit versions of Windows as receiving patches, although Hyper-V requires a 64-bit processor and a 64-bit host OS.
Qualys: CVE-2025-26663 and CVE-2025-26670: Windows Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability An LDAP client is a software application or tool that uses the Lightweight Directory Access Protocol (LDAP) to interact with a directory service, enabling tasks like searching, retrieving, and managing information stored in a hierarchical structure. The use after free flaw in Lightweight Directory Access Protocol could allow an unauthenticated attacker to achieve remote code execution. An unauthenticated attacker may exploit the vulnerabilities by sending specially crafted requests to a vulnerable LDAP server.
Tenable: CVE-2025-26663 and CVE-2025-26670 | Multiple Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerabilities
Tenable: CVE-2025-26663 and CVE-2025-26670 are critical RCE vulnerabilities affecting Windows Lightweight Directory Access Protocol (LDAP) and LDAP Client respectively. These vulnerabilities were assigned a CVSSv3 score of 8.1, rated as critical and assessed as “Exploitation More Likely" according to Microsoft. Successful exploitation of either requires winning a race condition via a specially crafted request resulting in a use after free. If successful, the attacker could achieve RCE on an affected host.
Rapid7: Although it has been many months since we’ve seen a critical zero-day vulnerability from Microsoft, there is no shortage of critical remote code execution (RCE) vulnerabilities published today. Defenders responsible for an LDAP server — which means almost any organization with a non-trivial Microsoft footprint — should add patching for CVE-2025-26663 to their to-do list. With no privileges required, no need for user interaction, and code execution presumably in the context of the LDAP server itself, successful exploitation would be an attractive shortcut to any attacker. Anyone wondering if today is a re-run of December 2024 Patch Tuesday can take some small solace in the fact that the worst of the trio of LDAP critical RCEs published at the end of last year was likely easier to exploit than today’s example, since today’s CVE-2025-26663 requires that an attacker win a race condition. Despite that, Microsoft still expects that exploitation is more likely.
Rapid7: If you breathe a sigh of relief when you see LDAP server critical RCE vulnerabilities like CVE-2025-26663, because you’re certain that you don’t have any Windows LDAP servers in your estate, how about LDAP clients? CVE-2025-26670 describes a critical RCE in the LDAP client, although the FAQ confusingly states that exploitation would require an attacker to “send specially crafted requests to a vulnerable LDAP server”; this seems like it might be a data entry error on the advisory FAQ, so keep an eye out for an update to that section of the advisory. Assuming the rest of the advisory is all present and correct, exploitation requires that the attacker win a race condition, which keeps the attack complexity higher than it otherwise would be. While we wait for clarification, it’s still a critical RCE which Microsoft rates as “exploitation more likely”. On that basis, patching is always recommended.
ZDI: CVE-2025-26663/CVE-2025-26670 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. These bugs allow a remote, unauthenticated attacker to execute their code on affected systems just by sending a specially crafted LDAP message. They would need to win a race condition, but we’ve seen plenty of exploits work around this requirement. Since just about everything can host an LDAP service, there’s a plethora of targets out there. And since no user interaction is involved, these bugs are wormable. LDAP really shouldn’t be allowed through your network perimeter, but don’t rely on that alone. Test and deploy these updates quickly – unless you’re running Windows 10. Those patches aren’t available yet.
MS PT Extended: CVE-2025-29807 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
Qualys: CVE-2025-26663 and CVE-2025-26670: Windows Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability An LDAP client is a software application or tool that uses the Lightweight Directory Access Protocol (LDAP) to interact with a directory service, enabling tasks like searching, retrieving, and managing information stored in a hierarchical structure. The use after free flaw in Lightweight Directory Access Protocol could allow an unauthenticated attacker to achieve remote code execution. An unauthenticated attacker may exploit the vulnerabilities by sending specially crafted requests to a vulnerable LDAP server.
Tenable: CVE-2025-26663 and CVE-2025-26670 | Multiple Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerabilities
Tenable: CVE-2025-26663 and CVE-2025-26670 are critical RCE vulnerabilities affecting Windows Lightweight Directory Access Protocol (LDAP) and LDAP Client respectively. These vulnerabilities were assigned a CVSSv3 score of 8.1, rated as critical and assessed as “Exploitation More Likely" according to Microsoft. Successful exploitation of either requires winning a race condition via a specially crafted request resulting in a use after free. If successful, the attacker could achieve RCE on an affected host.
Rapid7: If you breathe a sigh of relief when you see LDAP server critical RCE vulnerabilities like CVE-2025-26663, because you’re certain that you don’t have any Windows LDAP servers in your estate, how about LDAP clients? CVE-2025-26670 describes a critical RCE in the LDAP client, although the FAQ confusingly states that exploitation would require an attacker to “send specially crafted requests to a vulnerable LDAP server”; this seems like it might be a data entry error on the advisory FAQ, so keep an eye out for an update to that section of the advisory. Assuming the rest of the advisory is all present and correct, exploitation requires that the attacker win a race condition, which keeps the attack complexity higher than it otherwise would be. While we wait for clarification, it’s still a critical RCE which Microsoft rates as “exploitation more likely”. On that basis, patching is always recommended.
ZDI: CVE-2025-26663/CVE-2025-26670 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. These bugs allow a remote, unauthenticated attacker to execute their code on affected systems just by sending a specially crafted LDAP message. They would need to win a race condition, but we’ve seen plenty of exploits work around this requirement. Since just about everything can host an LDAP service, there’s a plethora of targets out there. And since no user interaction is involved, these bugs are wormable. LDAP really shouldn’t be allowed through your network perimeter, but don’t rely on that alone. Test and deploy these updates quickly – unless you’re running Windows 10. Those patches aren’t available yet.
Elevation of Privilege (53)MS PT Extended: CVE-2025-29814 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
MS PT Extended: CVE-2025-3067 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-27727 is an elevation of privilege vulnerability in Windows Installer. An attacker may exploit the vulnerability to gain SYSTEM privileges. CVE-2025-29792 is an elevation of privilege vulnerability in Microsoft Office. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-29793 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29794 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29809 is a security feature bypass vulnerability in Windows Kerberos. An attacker who successfully exploited this vulnerability could bypass the Windows Defender Credential Guard feature to leak Kerberos’s credentials. CVE-2025-27472 is a security feature bypass vulnerability in Windows Mark of the Web. Protection mechanism failure in Windows Mark of the Web (MOTW) could allow an unauthenticated attacker to bypass a security feature over a network. CVE-2025-29812 is an elevation of privilege vulnerability in the DirectX Graphics Kernel. An attacker may exploit the vulnerability to gain SYSTEM privileges.
Tenable: CVE-2025-27740 | Active Directory Certificate Services Elevation of Privilege Vulnerability
Tenable: CVE-2025-27740 is an EoP vulnerability affecting Active Directory Certificate Services. It was assigned a CVSSv3 score of 8.8 and is rated as important. According to Microsoft, successful exploitation would allow an attacker to gain domain administrator privileges by manipulating computer accounts. This vulnerability is assessed as “Exploitation Less Likely.”
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-27727 is an elevation of privilege vulnerability in Windows Installer. An attacker may exploit the vulnerability to gain SYSTEM privileges. CVE-2025-29792 is an elevation of privilege vulnerability in Microsoft Office. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-29793 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29794 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29809 is a security feature bypass vulnerability in Windows Kerberos. An attacker who successfully exploited this vulnerability could bypass the Windows Defender Credential Guard feature to leak Kerberos’s credentials. CVE-2025-27472 is a security feature bypass vulnerability in Windows Mark of the Web. Protection mechanism failure in Windows Mark of the Web (MOTW) could allow an unauthenticated attacker to bypass a security feature over a network. CVE-2025-29812 is an elevation of privilege vulnerability in the DirectX Graphics Kernel. An attacker may exploit the vulnerability to gain SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-27727 is an elevation of privilege vulnerability in Windows Installer. An attacker may exploit the vulnerability to gain SYSTEM privileges. CVE-2025-29792 is an elevation of privilege vulnerability in Microsoft Office. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-29793 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29794 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29809 is a security feature bypass vulnerability in Windows Kerberos. An attacker who successfully exploited this vulnerability could bypass the Windows Defender Credential Guard feature to leak Kerberos’s credentials. CVE-2025-27472 is a security feature bypass vulnerability in Windows Mark of the Web. Protection mechanism failure in Windows Mark of the Web (MOTW) could allow an unauthenticated attacker to bypass a security feature over a network. CVE-2025-29812 is an elevation of privilege vulnerability in the DirectX Graphics Kernel. An attacker may exploit the vulnerability to gain SYSTEM privileges.
MS PT Extended: CVE-2025-24053 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
MS PT Extended: CVE-2025-21384 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
MS PT Extended: CVE-2025-26683 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
MS PT Extended: CVE-2025-29795 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
Denial of Service (14)Tenable: Microsoft also patched CVE-2025-26673 and CVE-2025-27469, two denial of service (DoS) vulnerabilities in LDAP. These were assessed as Important and “Exploitation Less Likely.”
Memory Corruption (6)MS PT Extended: CVE-2025-2476 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
MS PT Extended: CVE-2025-2136 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
MS PT Extended: CVE-2025-3066 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
MS PT Extended: CVE-2025-2137 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
MS PT Extended: CVE-2025-2135 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
MS PT Extended: CVE-2025-1920 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
Security Feature Bypass (13)MS PT Extended: CVE-2025-3068 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
MS PT Extended: CVE-2025-3069 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
MS PT Extended: CVE-2025-3071 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
MS PT Extended: CVE-2025-3070 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-27727 is an elevation of privilege vulnerability in Windows Installer. An attacker may exploit the vulnerability to gain SYSTEM privileges. CVE-2025-29792 is an elevation of privilege vulnerability in Microsoft Office. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-29793 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29794 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29809 is a security feature bypass vulnerability in Windows Kerberos. An attacker who successfully exploited this vulnerability could bypass the Windows Defender Credential Guard feature to leak Kerberos’s credentials. CVE-2025-27472 is a security feature bypass vulnerability in Windows Mark of the Web. Protection mechanism failure in Windows Mark of the Web (MOTW) could allow an unauthenticated attacker to bypass a security feature over a network. CVE-2025-29812 is an elevation of privilege vulnerability in the DirectX Graphics Kernel. An attacker may exploit the vulnerability to gain SYSTEM privileges.
ZDI: CVE-2025-29809 - Windows Kerberos Security Feature Bypass Vulnerability. There are several security feature bypass (SFB) bugs in this release, but this one stands out above the others. A local attacker could abuse this vulnerability to leak Kerberos credentials. And you may need to take actions beyond just patching. If you rely on Virtualization-Based Security (VBS), you’ll need to read this document and then redeploy with the updated policy.
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-27727 is an elevation of privilege vulnerability in Windows Installer. An attacker may exploit the vulnerability to gain SYSTEM privileges. CVE-2025-29792 is an elevation of privilege vulnerability in Microsoft Office. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-29793 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29794 is a remote code execution vulnerability in Microsoft SharePoint. An authenticated attacker with Site Owner permissions may exploit the vulnerability to execute code remotely in the context of SharePoint Server. CVE-2025-29809 is a security feature bypass vulnerability in Windows Kerberos. An attacker who successfully exploited this vulnerability could bypass the Windows Defender Credential Guard feature to leak Kerberos’s credentials. CVE-2025-27472 is a security feature bypass vulnerability in Windows Mark of the Web. Protection mechanism failure in Windows Mark of the Web (MOTW) could allow an unauthenticated attacker to bypass a security feature over a network. CVE-2025-29812 is an elevation of privilege vulnerability in the DirectX Graphics Kernel. An attacker may exploit the vulnerability to gain SYSTEM privileges.
Information Disclosure (17)Spoofing (6)MS PT Extended: CVE-2025-25001 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
MS PT Extended: CVE-2025-29796 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
MS PT Extended: CVE-2025-3074 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
MS PT Extended: CVE-2025-3073 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07
MS PT Extended: CVE-2025-3072 was published before April 2025 Patch Tuesday from 2025-03-12 to 2025-04-07