Report Name: Microsoft Patch Tuesday, January 2025Generated: 2025-01-15 01:32:44
| Product Name | Prevalence | U | C | H | M | L | A | Comment |
|---|---|---|---|---|---|---|---|---|
| Active Directory Federation Server | 0.9 | 1 | 1 | Active Directory is a directory service developed by Microsoft for Windows domain networks | ||||
| Microsoft Message Queuing | 0.9 | 1 | 1 | Microsoft Message Queuing or MSMQ is a message queue implementation developed by Microsoft and deployed in its Windows Server operating systems since Windows NT 4 and Windows 95 | ||||
| Windows NTLM | 0.9 | 1 | 1 | A suite of security protocols to authenticate users' identity and protect the integrity and confidentiality of their activity | ||||
| Chromium | 0.8 | 3 | 4 | 7 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |||
| GDI+ | 0.8 | 1 | 1 | GDI+ | ||||
| Microsoft COM | 0.8 | 1 | 1 | COM is a platform-independent, distributed, object-oriented system for creating binary software components that can interact | ||||
| Microsoft DWM Core Library | 0.8 | 1 | 1 | Windows component | ||||
| Microsoft Office | 0.8 | 1 | 1 | 2 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |||
| Secure Boot | 0.8 | 4 | 4 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | ||||
| Windows App Package Installer | 0.8 | 1 | 1 | Windows component | ||||
| Windows BitLocker | 0.8 | 2 | 2 | Windows component | ||||
| Windows COM Server | 0.8 | 2 | 2 | Windows component | ||||
| Windows CSC Service | 0.8 | 2 | 2 | Windows component | ||||
| Windows Cloud Files Mini Filter Driver | 0.8 | 1 | 1 | Windows component | ||||
| Windows Connected Devices Platform Service (Cdpsvc) | 0.8 | 1 | 1 | Windows component | ||||
| Windows Cryptographic | 0.8 | 1 | 1 | Windows component | ||||
| Windows Digital Media | 0.8 | 17 | 17 | Windows component | ||||
| Windows Direct Show | 0.8 | 1 | 1 | Windows component | ||||
| Windows Event Tracing | 0.8 | 1 | 1 | Windows component | ||||
| Windows Geolocation Service | 0.8 | 1 | 1 | Windows component | ||||
| Windows Graphics Component | 0.8 | 1 | 1 | Windows component | ||||
| Windows HTML Platforms | 0.8 | 1 | 1 | Windows component | ||||
| Windows Hyper-V NT Kernel Integration VSP | 0.8 | 3 | 3 | Windows component | ||||
| Windows Installer | 0.8 | 1 | 1 | 2 | Windows component | |||
| Windows Kerberos | 0.8 | 3 | 3 | Windows component | ||||
| Windows Kernel Memory | 0.8 | 7 | 7 | Windows component | ||||
| Windows Line Printer Daemon (LPD) Service | 0.8 | 1 | 1 | Windows component | ||||
| Windows MapUrlToZone | 0.8 | 1 | 1 | Windows component | ||||
| Windows NTLM V1 | 0.8 | 1 | 1 | Windows component | ||||
| Windows OLE | 0.8 | 1 | 1 | Windows component | ||||
| Windows PrintWorkflowUserSvc | 0.8 | 2 | 2 | Windows component | ||||
| Windows Recovery Environment Agent | 0.8 | 1 | 1 | Windows component | ||||
| Windows Reliable Multicast Transport Driver (RMCAST) | 0.8 | 1 | 1 | Windows component | ||||
| Windows Remote Desktop Gateway (RD Gateway) | 0.8 | 2 | 2 | Windows component | ||||
| Windows Remote Desktop Services | 0.8 | 2 | 2 | Remote Desktop Services, known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection | ||||
| Windows Remote Desktop Services Denial of Service Vulnerability | 0.8 | 1 | 1 | Windows component | ||||
| Windows Search Service | 0.8 | 1 | 1 | Windows component | ||||
| Windows Security Account Manager (SAM) | 0.8 | 1 | 1 | Windows component | ||||
| Windows Smart Card Reader | 0.8 | 1 | 1 | Windows component | ||||
| Windows SmartScreen | 0.8 | 1 | 1 | SmartScreen is a cloud-based anti-phishing and anti-malware component included in several Microsoft products, including operating systems Windows 8 and later, the applications Internet Explorer, Microsoft Edge | ||||
| Windows Telephony Service | 0.8 | 28 | 28 | Windows component | ||||
| Windows Themes | 0.8 | 1 | 1 | Windows component | ||||
| Windows Virtual Trusted Platform Module | 0.8 | 2 | 2 | Windows component | ||||
| Windows Virtualization-Based Security (VBS) | 0.8 | 1 | 1 | Windows component | ||||
| Windows Virtualization-Based Security (VBS) Enclave | 0.8 | 1 | 1 | Windows component | ||||
| Windows WLAN AutoConfig Service | 0.8 | 1 | 1 | Windows сomponent | ||||
| Windows Web Threat Defense User Service | 0.8 | 1 | 1 | Windows component | ||||
| Windows upnphost.dll | 0.8 | 2 | 2 | Windows component | ||||
| .NET | 0.7 | 3 | 3 | .NET | ||||
| .NET and Visual Studio | 0.7 | 1 | 1 | .NET and Visual Studio | ||||
| Internet Explorer | 0.6 | 1 | 1 | Internet Explorer is a discontinued series of graphical web browsers developed by Microsoft | ||||
| Microsoft Access | 0.6 | 3 | 3 | MS Office product | ||||
| Microsoft Excel | 0.6 | 3 | 3 | MS Office product | ||||
| Microsoft Office Visio | 0.6 | 2 | 2 | Microsoft Visio | ||||
| Microsoft Outlook | 0.6 | 2 | 2 | Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites | ||||
| Microsoft Word | 0.6 | 1 | 1 | Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product. | ||||
| .NET, .NET Framework, and Visual Studio | 0.5 | 1 | 1 | .NET, .NET Framework, and Visual Studio | ||||
| Active Directory Domain Services | 0.5 | 1 | 1 | Active Directory Domain Services | ||||
| BranchCache | 0.5 | 1 | 1 | BranchCache | ||||
| Defender for Endpoint | 0.5 | 1 | 1 | Product detected by a:microsoft:defender_for_endpoint (exists in CPE dict) | ||||
| IP Helper | 0.5 | 1 | 1 | IP Helper | ||||
| MapUrlToZone | 0.5 | 6 | 6 | MapUrlToZone | ||||
| Microsoft AutoUpdate (MAU) | 0.5 | 1 | 1 | Microsoft AutoUpdate (MAU) | ||||
| Microsoft Brokering File System | 0.5 | 2 | 2 | Microsoft Brokering File System | ||||
| Microsoft Digest Authentication | 0.5 | 1 | 1 | Microsoft Digest Authentication | ||||
| Microsoft Message Queuing (MSMQ) | 0.5 | 7 | 7 | Microsoft Message Queuing (MSMQ) | ||||
| Microsoft Office OneNote | 0.5 | 1 | 1 | Microsoft Office OneNote | ||||
| Microsoft Power Automate | 0.5 | 1 | 1 | Microsoft Power Automate | ||||
| Microsoft SharePoint Server | 0.5 | 3 | 3 | Microsoft SharePoint Server | ||||
| On-Premises Data Gateway | 0.5 | 1 | 1 | On-Premises Data Gateway | ||||
| SPNEGO Extended Negotiation (NEGOEX) Security Mechanism | 0.5 | 1 | 1 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism | ||||
| update_catalog | 0.5 | 1 | 1 | Product detected by a:microsoft:update_catalog (does NOT exist in CPE dict) | ||||
| Azure | 0.4 | 1 | 1 | Azure | ||||
| Microsoft Purview | 0.3 | 1 | 1 | Microsoft Purview is a comprehensive set of solutions that can help your organization govern, protect, and manage data, wherever it lives | ||||
| Visual Studio | 0.3 | 2 | 2 | Integrated development environment |
| Vulnerability Type | Criticality | U | C | H | M | L | A |
|---|---|---|---|---|---|---|---|
| Remote Code Execution | 1.0 | 39 | 22 | 61 | |||
| Authentication Bypass | 0.98 | 1 | 1 | ||||
| Command Injection | 0.97 | 1 | 1 | ||||
| Security Feature Bypass | 0.9 | 1 | 15 | 16 | |||
| Elevation of Privilege | 0.85 | 5 | 35 | 40 | |||
| Information Disclosure | 0.83 | 22 | 22 | ||||
| Denial of Service | 0.7 | 20 | 20 | ||||
| Memory Corruption | 0.5 | 4 | 4 | ||||
| Spoofing | 0.4 | 5 | 5 |
| Source | U | C | H | M | L | A |
|---|---|---|---|---|---|---|
| MS PT Extended | 4 | 6 | 10 | |||
| Qualys | 9 | 22 | 31 | |||
| Tenable | 6 | 5 | 11 | |||
| Rapid7 | 5 | 5 | 10 | |||
| ZDI | 6 | 2 | 8 |
1. 
Elevation of Privilege - Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333) - High [594]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned on Microsoft website | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-21333, CVE-2025-21334, & CVE-2025-21335: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability Windows Hyper-V NT Kernel Integration VSP refers to the Virtualization Service Provider component within the Hyper-V virtualization platform on Windows. The tool acts as a bridge between the Hyper-V hypervisor and the Windows NT kernel, allowing seamless communication and management of virtual machines running on the host system. Successful exploitation of the vulnerability could allow an attacker to SYTEM privileges.
Tenable: Microsoft’s January 2025 Patch Tuesday Addresses 157 CVEs (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)
Tenable: CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerabilities
Tenable: CVE-2025-21333, CVE-2025-21334 and CVE-2025-21335 are EoP vulnerabilities in the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP). All three vulnerabilities were assigned a CVSSv3 score of 7.8 and rated important. An authenticated, local attacker could exploit this vulnerability to elevate privileges to SYSTEM. Two of the three vulnerabilities were unattributed, with CVE-2025-21333 being attributed to an Anonymous researcher.
Rapid7: Microsoft is addressing a trio of related Windows Hyper-V NT Kernel Integration VSP elevation of privilege vulnerabilities today: CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335. Microsoft is aware of exploitation in the wild for all three, as seen on both the Microsoft advisories and CISA KEV. In each case, exploitation leads to SYSTEM privileges. The advisories are short on additional detail, beyond a brief acknowledgement of Anonymous — presumably an undisclosed party, rather than the hacktivist collective — on CVE-2025-21333.
ZDI: CVE-2025-21333/CVE-2025-21334/CVE-2025-21335 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability. These three bugs are listed as under active attack, and all have the same description. An authenticated user could use these to execute code with SYSTEM privileges. Although not specified, I would think that if the attacker were executing code at SYSTEM on the hypervisor from a guest, the CVSS would indicate a scope change. Microsoft doesn’t list that, but I’ve disagreed with their CVSS ratings in the past. If you are running Hyper-V, make sure these patches are at the top of your list for testing and deployment.
2. Elevation of Privilege - Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21334) - High [594]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned on Microsoft website | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-21333, CVE-2025-21334, & CVE-2025-21335: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability Windows Hyper-V NT Kernel Integration VSP refers to the Virtualization Service Provider component within the Hyper-V virtualization platform on Windows. The tool acts as a bridge between the Hyper-V hypervisor and the Windows NT kernel, allowing seamless communication and management of virtual machines running on the host system. Successful exploitation of the vulnerability could allow an attacker to SYTEM privileges.
Tenable: Microsoft’s January 2025 Patch Tuesday Addresses 157 CVEs (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)
Tenable: CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerabilities
Tenable: CVE-2025-21333, CVE-2025-21334 and CVE-2025-21335 are EoP vulnerabilities in the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP). All three vulnerabilities were assigned a CVSSv3 score of 7.8 and rated important. An authenticated, local attacker could exploit this vulnerability to elevate privileges to SYSTEM. Two of the three vulnerabilities were unattributed, with CVE-2025-21333 being attributed to an Anonymous researcher.
Rapid7: Microsoft is addressing a trio of related Windows Hyper-V NT Kernel Integration VSP elevation of privilege vulnerabilities today: CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335. Microsoft is aware of exploitation in the wild for all three, as seen on both the Microsoft advisories and CISA KEV. In each case, exploitation leads to SYSTEM privileges. The advisories are short on additional detail, beyond a brief acknowledgement of Anonymous — presumably an undisclosed party, rather than the hacktivist collective — on CVE-2025-21333.
ZDI: CVE-2025-21333/CVE-2025-21334/CVE-2025-21335 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability. These three bugs are listed as under active attack, and all have the same description. An authenticated user could use these to execute code with SYSTEM privileges. Although not specified, I would think that if the attacker were executing code at SYSTEM on the hypervisor from a guest, the CVSS would indicate a scope change. Microsoft doesn’t list that, but I’ve disagreed with their CVSS ratings in the past. If you are running Hyper-V, make sure these patches are at the top of your list for testing and deployment.
3. Elevation of Privilege - Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21335) - High [594]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned on Microsoft website | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-21333, CVE-2025-21334, & CVE-2025-21335: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability Windows Hyper-V NT Kernel Integration VSP refers to the Virtualization Service Provider component within the Hyper-V virtualization platform on Windows. The tool acts as a bridge between the Hyper-V hypervisor and the Windows NT kernel, allowing seamless communication and management of virtual machines running on the host system. Successful exploitation of the vulnerability could allow an attacker to SYTEM privileges.
Tenable: Microsoft’s January 2025 Patch Tuesday Addresses 157 CVEs (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)
Tenable: CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerabilities
Tenable: CVE-2025-21333, CVE-2025-21334 and CVE-2025-21335 are EoP vulnerabilities in the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP). All three vulnerabilities were assigned a CVSSv3 score of 7.8 and rated important. An authenticated, local attacker could exploit this vulnerability to elevate privileges to SYSTEM. Two of the three vulnerabilities were unattributed, with CVE-2025-21333 being attributed to an Anonymous researcher.
Rapid7: Microsoft is addressing a trio of related Windows Hyper-V NT Kernel Integration VSP elevation of privilege vulnerabilities today: CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335. Microsoft is aware of exploitation in the wild for all three, as seen on both the Microsoft advisories and CISA KEV. In each case, exploitation leads to SYSTEM privileges. The advisories are short on additional detail, beyond a brief acknowledgement of Anonymous — presumably an undisclosed party, rather than the hacktivist collective — on CVE-2025-21333.
ZDI: CVE-2025-21333/CVE-2025-21334/CVE-2025-21335 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability. These three bugs are listed as under active attack, and all have the same description. An authenticated user could use these to execute code with SYSTEM privileges. Although not specified, I would think that if the attacker were executing code at SYSTEM on the hypervisor from a guest, the CVSS would indicate a scope change. Microsoft doesn’t list that, but I’ve disagreed with their CVSS ratings in the past. If you are running Hyper-V, make sure these patches are at the top of your list for testing and deployment.
4. 
Security Feature Bypass - update_catalog (CVE-2024-49147) - High [503]
Description: Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver.
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.4 | 17 | The existence of a private exploit is mentioned on Microsoft:PrivateExploit:PoC website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.5 | 14 | Product detected by a:microsoft:update_catalog (does NOT exist in CPE dict) | |
| 0.9 | 10 | CVSS Base Score is 9.3. According to Microsoft data source | |
| 0.6 | 10 | EPSS Probability is 0.00208, EPSS Percentile is 0.58654 |
MS PT Extended: CVE-2024-49147 was published before January 2025 Patch Tuesday from 2024-12-11 to 2025-01-13
5. Elevation of Privilege - Windows Installer (CVE-2025-21287) - High [501]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.6 | 17 | The existence of a private exploit is mentioned on Microsoft:PrivateExploit:Functional website | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
6. 
Authentication Bypass - Azure (CVE-2025-21380) - High [453]
Description: Improper access control in
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.4 | 17 | The existence of a private exploit is mentioned on Microsoft:PrivateExploit:PoC website | |
| 0.98 | 15 | Authentication Bypass | |
| 0.4 | 14 | Azure | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.0005, EPSS Percentile is 0.21243 |
MS PT Extended: CVE-2025-21380 was published before January 2025 Patch Tuesday from 2024-12-11 to 2025-01-13
7. 
Remote Code Execution - Chromium (CVE-2024-12695) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.112 |
MS PT Extended: CVE-2024-12695 was published before January 2025 Patch Tuesday from 2024-12-11 to 2025-01-13
8. Remote Code Execution - Windows OLE (CVE-2025-21298) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 1.0 | 10 | CVSS Base Score is 9.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-21298: Windows OLE Remote Code Execution Vulnerability Object Linking and Embedding (OLE) is a Microsoft Windows standard that allows users to create and edit documents that contain objects from multiple applications. An attacker may exploit the vulnerability in an email attack scenario by sending a specially crafted email to the victim. The victim must open a specially crafted email with an affected Microsoft Outlook software version for successful exploitation. Upon successful exploitation, an attacker can achieve remote code execution on the victim’s machine.
Tenable: CVE-2025-21298 | Windows OLE Remote Code Execution Vulnerability
Tenable: CVE-2025-21298 is a RCE vulnerability in Microsoft Windows Object Linking and Embedding (OLE). It was assigned a CVSSv3 score of 9.8 and is rated critical. It has been assessed as “Exploitation More Likely.” An attacker could exploit this vulnerability by sending a specially crafted email to a target. Successful exploitation would lead to remote code execution on the target system if the target opens this email using a vulnerable version of Microsoft Outlook or if their software is able to preview the email through a preview pane.
Rapid7: Outlook admins who force their users to read emails in plain text only can skip this paragraph, but everyone else should be aware of CVE-2025-21298, a Windows Object Linking and Embedding (OLE) critical RCE with a CVSSv3 base score of 9.8. The eternal threat of the malicious inbound email finds expression again here; just previewing the wrong email in Outlook is all it takes for an attacker to achieve code execution in the context of the user. All versions of Windows receive a patch.
ZDI: CVE-2025-21298 - Windows OLE Remote Code Execution Vulnerability. This bug rates a CVSS 9.8 and allows a remote attacker to execute code on a target system by sending a specially crafted mail to an affected system with Outlook. Fortunately, the preview pane is not an attack vector, but previewing an attachment could trigger the code execution. The specific flaw exists within the parsing of RTF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. As a mitigation, you can set Outlook to read all standard mail as plain text, but users will likely revolt against such a setting. The best option is to test and deploy this patch quickly.
9. Remote Code Execution - Windows Reliable Multicast Transport Driver (RMCAST) (CVE-2025-21307) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 1.0 | 10 | CVSS Base Score is 9.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-21307: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability The Windows Reliable Multicast Transport Driver (RMCAST) is a component within the Windows operating system that enables reliable multicast data transmission. An unauthenticated attacker could exploit the vulnerability by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server without any interaction from the user.
Rapid7: Microsoft’s in-house research teams are a reliable source of vulnerability discovery in Microsoft products, and today we get patches for the self-discovered CVE-2025-21307, a critical RCE in the Windows Reliable Multicast Transport Driver (RMCAST) with a CVSSv3 base score of 9.8. The vulnerability is only exploitable on a system where a program is listening on a Pragmatic General Multicast (PGM) port.
Rapid7: Given the lack of required user interaction and remote attack vector for CVE-2025-21307, it’s well worth asking yourself: does our firewall allow a PGM receiver to receive inbound traffic from the public internet? If so, the second-best time to prevent that is right now.
10. Remote Code Execution - Chromium (CVE-2024-12693) - High [419]
Description: Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.8 | 10 | CVSS Base Score is 8.0. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.112 |
MS PT Extended: CVE-2024-12693 was published before January 2025 Patch Tuesday from 2024-12-11 to 2025-01-13
11. Remote Code Execution - Chromium (CVE-2025-0291) - High [419]
Description: Type Confusion in V8 in Google Chrome prior to 131.0.6778.264
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.8 | 10 | CVSS Base Score is 8.3. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.112 |
12. Remote Code Execution - Windows Direct Show (CVE-2025-21291) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
13. Remote Code Execution - Windows Telephony Service (CVE-2025-21223) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
14. Remote Code Execution - Windows Telephony Service (CVE-2025-21233) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
15. Remote Code Execution - Windows Telephony Service (CVE-2025-21236) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
16. Remote Code Execution - Windows Telephony Service (CVE-2025-21237) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
17. Remote Code Execution - Windows Telephony Service (CVE-2025-21238) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
18. Remote Code Execution - Windows Telephony Service (CVE-2025-21239) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
19. Remote Code Execution - Windows Telephony Service (CVE-2025-21240) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
20. Remote Code Execution - Windows Telephony Service (CVE-2025-21241) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
21. Remote Code Execution - Windows Telephony Service (CVE-2025-21243) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
22. Remote Code Execution - Windows Telephony Service (CVE-2025-21244) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
23. Remote Code Execution - Windows Telephony Service (CVE-2025-21245) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
24. Remote Code Execution - Windows Telephony Service (CVE-2025-21246) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
25. Remote Code Execution - Windows Telephony Service (CVE-2025-21248) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
26. Remote Code Execution - Windows Telephony Service (CVE-2025-21250) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
27. Remote Code Execution - Windows Telephony Service (CVE-2025-21252) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
28. Remote Code Execution - Windows Telephony Service (CVE-2025-21266) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
29. Remote Code Execution - Windows Telephony Service (CVE-2025-21273) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
30. Remote Code Execution - Windows Telephony Service (CVE-2025-21282) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
31. Remote Code Execution - Windows Telephony Service (CVE-2025-21286) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
32. Remote Code Execution - Windows Telephony Service (CVE-2025-21302) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
33. Remote Code Execution - Windows Telephony Service (CVE-2025-21303) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
34. Remote Code Execution - Windows Telephony Service (CVE-2025-21305) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
35. Remote Code Execution - Windows Telephony Service (CVE-2025-21306) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
36. Remote Code Execution - Windows Telephony Service (CVE-2025-21339) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
37. Remote Code Execution - Windows Telephony Service (CVE-2025-21409) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
38. Remote Code Execution - Windows Telephony Service (CVE-2025-21411) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
39. Remote Code Execution - Windows Telephony Service (CVE-2025-21413) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
40. Remote Code Execution - Windows Telephony Service (CVE-2025-21417) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
41. Remote Code Execution - GDI+ (CVE-2025-21338) - High [407]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | GDI+ | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
42. Remote Code Execution - Microsoft Office (CVE-2025-21365) - High [407]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
43. Remote Code Execution - Windows Line Printer Daemon (LPD) Service (CVE-2025-21224) - High [407]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 8.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
44. Remote Code Execution - Windows Remote Desktop Services (CVE-2025-21297) - High [407]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Remote Desktop Services, known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection | |
| 0.8 | 10 | CVSS Base Score is 8.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-21297 & CVE-2025-21309: Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services (RDS) is a Microsoft feature that allows users to access and control a remote computer’s desktop and applications over a network connection. An attacker must win a race condition to exploit the vulnerabilities. An attacker could exploit these vulnerabilities by connecting to a system with the Remote Desktop Gateway role. Then, it would trigger the race condition to create a use-after-free scenario, ultimately leading to arbitrary code execution.
Tenable: CVE-2025-21297, CVE-2025-21309 | Windows Remote Desktop Services Remote Code Execution Vulnerability
Tenable: CVE-2025-21297 and CVE-2025-21309 are critical RCE vulnerabilities affecting Windows Remote Desktop Services. Both of these vulnerabilities were assigned CVSSv3 scores of 8.1, however CVE-2025-21309 was assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index, while CVE-2025-21297 was assessed as “Exploitation Less Likely.”
ZDI: CVE-2025-21297/CVE-2025-21309 - Windows Remote Desktop Services Remote Code Execution Vulnerability. Both of these bugs allow arbitrary code execution on affected Remote Desktop Gateway servers from remote, unauthenticated attackers. They just need to connect to the server and trigger a race condition to create a use-after-free bug. While race conditions are somewhat tricky to exploit, we see them used at Pwn2Own frequently. Considering that exploiting this requires no user interaction, I would prioritize this patch, especially if you have these gateways exposed to the Internet.
45. Remote Code Execution - Windows Remote Desktop Services (CVE-2025-21309) - High [407]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Remote Desktop Services, known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection | |
| 0.8 | 10 | CVSS Base Score is 8.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-21297 & CVE-2025-21309: Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services (RDS) is a Microsoft feature that allows users to access and control a remote computer’s desktop and applications over a network connection. An attacker must win a race condition to exploit the vulnerabilities. An attacker could exploit these vulnerabilities by connecting to a system with the Remote Desktop Gateway role. Then, it would trigger the race condition to create a use-after-free scenario, ultimately leading to arbitrary code execution.
Tenable: CVE-2025-21297, CVE-2025-21309 | Windows Remote Desktop Services Remote Code Execution Vulnerability
Tenable: CVE-2025-21297 and CVE-2025-21309 are critical RCE vulnerabilities affecting Windows Remote Desktop Services. Both of these vulnerabilities were assigned CVSSv3 scores of 8.1, however CVE-2025-21309 was assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index, while CVE-2025-21297 was assessed as “Exploitation Less Likely.”
ZDI: CVE-2025-21297/CVE-2025-21309 - Windows Remote Desktop Services Remote Code Execution Vulnerability. Both of these bugs allow arbitrary code execution on affected Remote Desktop Gateway servers from remote, unauthenticated attackers. They just need to connect to the server and trigger a race condition to create a use-after-free bug. While race conditions are somewhat tricky to exploit, we see them used at Pwn2Own frequently. Considering that exploiting this requires no user interaction, I would prioritize this patch, especially if you have these gateways exposed to the Internet.
46. Elevation of Privilege - Windows NTLM V1 (CVE-2025-21311) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 1.0 | 10 | CVSS Base Score is 9.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-21311: Windows NTLM V1 Elevation of Privilege Vulnerability Windows NTLM V1 (NT LAN Manager Version 1) is a Microsoft authentication protocol used for network logins on Windows systems. Successful exploration of the vulnerability could allow an attacker to escalate privileges.
47. 
Information Disclosure - Microsoft Message Queuing (CVE-2025-21220) - Medium [393]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.9 | 14 | Microsoft Message Queuing or MSMQ is a message queue implementation developed by Microsoft and deployed in its Windows Server operating systems since Windows NT 4 and Windows 95 | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
48. Elevation of Privilege - Windows Search Service (CVE-2025-21292) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
49. Remote Code Execution - .NET (CVE-2025-21171) - Medium [390]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | .NET | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
50. Remote Code Execution - .NET and Visual Studio (CVE-2025-21172) - Medium [390]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | .NET and Visual Studio | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
51. Elevation of Privilege - Microsoft COM (CVE-2025-21281) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | COM is a platform-independent, distributed, object-oriented system for creating binary software components that can interact | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
52. Elevation of Privilege - Microsoft DWM Core Library (CVE-2025-21304) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
53. Elevation of Privilege - Windows App Package Installer (CVE-2025-21275) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-21275: Windows App Package Installer Elevation of Privilege Vulnerability A Windows App Package Installer, often called App Installer, is a built-in component of the Windows operating system that allows users to install applications easily. An attacker could gain SYSTEM privileges upon successful exploitation of the vulnerability.
Tenable: CVE-2025-21275 | Windows App Package Installer Elevation of Privilege Vulnerability
Tenable: CVE-2025-21275 is an EoP vulnerability in the Microsoft Windows App Package Installer. It was assigned a CVSSv3 score of 7.8 and is rated important. A local, authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges. These types of flaws are often associated with post-compromise activity, after an attacker has breached a system through other means.
Rapid7: Installing or updating software often requires elevated privileges, and researchers and threat actors have known this for a long time. The advisory for CVE-2025-21275 doesn’t weigh us down with lengthy explanations, it simply says that successful exploitation leads to SYSTEM privileges. Microsoft is aware of public disclosure of this vulnerability, but not in-the-wild exploitation.
Rapid7: CVE-2025-21275 is the latest in a long line of Windows Installer elevation of privilege vulnerabilities; Microsoft has now published 37 Windows Installer elevation of privilege vulnerabilities in total since the start of 2020, although only five of those have been zero-days, with only CVE-2024-38014 known by Microsoft to have been exploited prior to publication in September 2024.
54. Elevation of Privilege - Windows CSC Service (CVE-2025-21378) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
55. Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2025-21271) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
56. Elevation of Privilege - Windows Graphics Component (CVE-2025-21382) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
57. Elevation of Privilege - Windows PrintWorkflowUserSvc (CVE-2025-21234) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
58. Elevation of Privilege - Windows PrintWorkflowUserSvc (CVE-2025-21235) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
59. Elevation of Privilege - Windows Virtualization-Based Security (VBS) Enclave (CVE-2025-21370) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
60. Security Feature Bypass - Microsoft Office (CVE-2025-21346) - Medium [377]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.7 | 10 | CVSS Base Score is 7.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
61. Security Feature Bypass - Secure Boot (CVE-2024-7344) - Medium [377]
Description: {'ms_cve_data_all': 'Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass. This CVE was assigned by CERT CC. The purpose of this document is to attest to the fact that the products listed in the Security Updates table have been updated to protect against this vulnerability.\n', 'nvd_cve_data_all': 'Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.7 | 10 | CVSS Base Score is 6.7. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
62. Security Feature Bypass - Secure Boot (CVE-2025-21211) - Medium [377]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
63. Security Feature Bypass - Windows Kerberos (CVE-2025-21299) - Medium [377]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
64. Information Disclosure - Windows Web Threat Defense User Service (CVE-2025-21343) - Medium [376]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
65. Remote Code Execution - Internet Explorer (CVE-2025-21326) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Internet Explorer is a discontinued series of graphical web browsers developed by Microsoft | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
66. Remote Code Execution - Microsoft Access (CVE-2025-21186) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-21366, CVE-2025-21395, & CVE-2025-21186: Microsoft Access Remote Code Execution Vulnerability Microsoft Access is a database management system (DBMS) that helps users store, organize, and analyze data. Microsoft Access stores data in its format, or it can import or link to data from other applications. Microsoft addressed the vulnerabilities by blocking access to the following extensions: accdb accde accdw accdt accda accdr accdu
Tenable: CVE-2025-21186, CVE-2025-21366, CVE-2025-21395 | Microsoft Access Remote Code Execution Vulnerability
Tenable: CVE-2025-21186, CVE-2025-21366 and CVE-2025-21395 are RCE vulnerabilities in Microsoft Access, a database management system. All three vulnerabilities were assigned a CVSSv3 score of 7.8 and rated important. A remote, unauthenticated attacker could exploit this vulnerability by convincing a target through social engineering to download and open a malicious file. Successful exploitation would grant an attacker arbitrary code execution privileges on the vulnerable system. This update “blocks potentially malicious extensions from being sent in an email.”
Rapid7: Today sees the publication of three very similar zero-day Microsoft Access vulnerabilities: CVE-2025-21366, CVE-2025-21395, and CVE-2025-21186. In each case, Microsoft notes public disclosure, but does not claim evidence of exploitation in the wild. Successful exploitation leads to code execution via heap-based buffer overflow, and requires that an attacker convince the user to download and open a malicious file.
67. Remote Code Execution - Microsoft Access (CVE-2025-21366) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-21366, CVE-2025-21395, & CVE-2025-21186: Microsoft Access Remote Code Execution Vulnerability Microsoft Access is a database management system (DBMS) that helps users store, organize, and analyze data. Microsoft Access stores data in its format, or it can import or link to data from other applications. Microsoft addressed the vulnerabilities by blocking access to the following extensions: accdb accde accdw accdt accda accdr accdu
Tenable: CVE-2025-21186, CVE-2025-21366, CVE-2025-21395 | Microsoft Access Remote Code Execution Vulnerability
Tenable: CVE-2025-21186, CVE-2025-21366 and CVE-2025-21395 are RCE vulnerabilities in Microsoft Access, a database management system. All three vulnerabilities were assigned a CVSSv3 score of 7.8 and rated important. A remote, unauthenticated attacker could exploit this vulnerability by convincing a target through social engineering to download and open a malicious file. Successful exploitation would grant an attacker arbitrary code execution privileges on the vulnerable system. This update “blocks potentially malicious extensions from being sent in an email.”
Rapid7: Today sees the publication of three very similar zero-day Microsoft Access vulnerabilities: CVE-2025-21366, CVE-2025-21395, and CVE-2025-21186. In each case, Microsoft notes public disclosure, but does not claim evidence of exploitation in the wild. Successful exploitation leads to code execution via heap-based buffer overflow, and requires that an attacker convince the user to download and open a malicious file.
68. Remote Code Execution - Microsoft Access (CVE-2025-21395) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-21366, CVE-2025-21395, & CVE-2025-21186: Microsoft Access Remote Code Execution Vulnerability Microsoft Access is a database management system (DBMS) that helps users store, organize, and analyze data. Microsoft Access stores data in its format, or it can import or link to data from other applications. Microsoft addressed the vulnerabilities by blocking access to the following extensions: accdb accde accdw accdt accda accdr accdu
Tenable: CVE-2025-21186, CVE-2025-21366, CVE-2025-21395 | Microsoft Access Remote Code Execution Vulnerability
Tenable: CVE-2025-21186, CVE-2025-21366 and CVE-2025-21395 are RCE vulnerabilities in Microsoft Access, a database management system. All three vulnerabilities were assigned a CVSSv3 score of 7.8 and rated important. A remote, unauthenticated attacker could exploit this vulnerability by convincing a target through social engineering to download and open a malicious file. Successful exploitation would grant an attacker arbitrary code execution privileges on the vulnerable system. This update “blocks potentially malicious extensions from being sent in an email.”
Rapid7: Today sees the publication of three very similar zero-day Microsoft Access vulnerabilities: CVE-2025-21366, CVE-2025-21395, and CVE-2025-21186. In each case, Microsoft notes public disclosure, but does not claim evidence of exploitation in the wild. Successful exploitation leads to code execution via heap-based buffer overflow, and requires that an attacker convince the user to download and open a malicious file.
69. Remote Code Execution - Microsoft Excel (CVE-2025-21354) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-21354 & CVE-2025-21362: Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel is a spreadsheet program that helps users organize and analyze data. It’s available on Windows, macOS, Android, iOS, and iPadOS. Successful exploitation of the vulnerability could allow an attacker to achieve remote code execution of vulnerable targets.
70. Remote Code Execution - Microsoft Excel (CVE-2025-21362) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-21354 & CVE-2025-21362: Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel is a spreadsheet program that helps users organize and analyze data. It’s available on Windows, macOS, Android, iOS, and iPadOS. Successful exploitation of the vulnerability could allow an attacker to achieve remote code execution of vulnerable targets.
71. Remote Code Execution - Microsoft Office Visio (CVE-2025-21345) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Visio | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
72. Remote Code Execution - Microsoft Office Visio (CVE-2025-21356) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Visio | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
73. Remote Code Execution - Microsoft Outlook (CVE-2025-21361) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
74. Remote Code Execution - Microsoft Word (CVE-2025-21363) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product. | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
75. Security Feature Bypass - MapUrlToZone (CVE-2025-21189) - Medium [372]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.4 | 17 | The existence of a private exploit is mentioned on Microsoft:PrivateExploit:PoC website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.5 | 14 | MapUrlToZone | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
76. Security Feature Bypass - MapUrlToZone (CVE-2025-21268) - Medium [372]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.4 | 17 | The existence of a private exploit is mentioned on Microsoft:PrivateExploit:PoC website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.5 | 14 | MapUrlToZone | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
77. Remote Code Execution - .NET, .NET Framework, and Visual Studio (CVE-2025-21176) - Medium [369]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | .NET, .NET Framework, and Visual Studio | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
78. Elevation of Privilege - Windows Digital Media (CVE-2025-21226) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.6. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
79. Elevation of Privilege - Windows Digital Media (CVE-2025-21227) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.6. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
80. Elevation of Privilege - Windows Digital Media (CVE-2025-21228) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.6. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
81. Elevation of Privilege - Windows Digital Media (CVE-2025-21229) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.6. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
82. Elevation of Privilege - Windows Digital Media (CVE-2025-21232) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.6. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
83. Elevation of Privilege - Windows Digital Media (CVE-2025-21249) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.6. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
84. Elevation of Privilege - Windows Digital Media (CVE-2025-21255) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.6. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
85. Elevation of Privilege - Windows Digital Media (CVE-2025-21256) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.6. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
86. Elevation of Privilege - Windows Digital Media (CVE-2025-21258) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.6. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
87. Elevation of Privilege - Windows Digital Media (CVE-2025-21260) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.6. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
88. Elevation of Privilege - Windows Digital Media (CVE-2025-21261) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.6. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
89. Elevation of Privilege - Windows Digital Media (CVE-2025-21263) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.6. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
90. Elevation of Privilege - Windows Digital Media (CVE-2025-21265) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.6. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
91. Elevation of Privilege - Windows Digital Media (CVE-2025-21310) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.6. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
92. Elevation of Privilege - Windows Digital Media (CVE-2025-21324) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.6. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
93. Elevation of Privilege - Windows Digital Media (CVE-2025-21327) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.6. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
94. Elevation of Privilege - Windows Digital Media (CVE-2025-21341) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.6. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
95. Elevation of Privilege - Windows Installer (CVE-2025-21331) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
96. 
Memory Corruption - Chromium (CVE-2024-12381) - Medium [365]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.3 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.28322 |
MS PT Extended: CVE-2024-12381 was published before January 2025 Patch Tuesday from 2024-12-11 to 2025-01-13
97. Memory Corruption - Chromium (CVE-2024-12382) - Medium [365]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.3 | 10 | EPSS Probability is 0.00061, EPSS Percentile is 0.28322 |
MS PT Extended: CVE-2024-12382 was published before January 2025 Patch Tuesday from 2024-12-11 to 2025-01-13
98. Security Feature Bypass - Windows Virtualization-Based Security (VBS) (CVE-2025-21340) - Medium [365]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
99. Information Disclosure - Windows COM Server (CVE-2025-21272) - Medium [364]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
100. Information Disclosure - Windows COM Server (CVE-2025-21288) - Medium [364]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
101. Information Disclosure - Windows Geolocation Service (CVE-2025-21301) - Medium [364]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
102. Remote Code Execution - Microsoft Outlook (CVE-2025-21357) - Medium [361]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites | |
| 0.7 | 10 | CVSS Base Score is 6.7. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
103. Remote Code Execution - BranchCache (CVE-2025-21296) - Medium [357]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | BranchCache | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-21296: BranchCache Remote Code Execution Vulnerability BranchCache is a Windows feature that optimizes wide area network (WAN) bandwidth by caching content on local computers in branch offices. An attacker must win a race condition to exploit the vulnerability.
104. Remote Code Execution - Microsoft Digest Authentication (CVE-2025-21294) - Medium [357]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft Digest Authentication | |
| 0.8 | 10 | CVSS Base Score is 8.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-21294: Microsoft Digest Authentication Remote Code Execution Vulnerability Microsoft Digest Authentication is a security mechanism that uses a challenge-response protocol to verify user credentials without sending the actual password in plain text over the network. An attacker must win a race condition to exploit the vulnerability. An attacker could exploit this vulnerability by connecting to a system that requires digest authentication. This will trigger the race condition to create a use-after-free scenario, leading to arbitrary code execution.
105. Remote Code Execution - Microsoft Office OneNote (CVE-2025-21402) - Medium [357]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft Office OneNote | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
106. Remote Code Execution - Microsoft Power Automate (CVE-2025-21187) - Medium [357]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft Power Automate | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
107. Remote Code Execution - Microsoft SharePoint Server (CVE-2025-21344) - Medium [357]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft SharePoint Server | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
108. Remote Code Execution - SPNEGO Extended Negotiation (NEGOEX) Security Mechanism (CVE-2025-21295) - Medium [357]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism | |
| 0.8 | 10 | CVSS Base Score is 8.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-21295: SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability SPNEGO Extended Negotiation (NEGOEX) is a security mechanism that extends the Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) capabilities. The mechanism allows clients and servers to negotiate a standard authentication protocol based on additional metadata like trust configurations. An attacker must manipulate system operations in a specific manner to exploit the vulnerability. Upon successful exploitation, an attacker could achieve remote code execution without user interaction.
ZDI: CVE-2025-21295 - SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability. Besides being a mouthful of a title, this bug impacts a security mechanism, which is never a good sign. It allows remote, unauthenticated attackers to execute code on an affected system without user interaction. The only good news is that there are some barriers to exploitation, but I wouldn’t rely on that fact. I would also consider this a Scope Change, but that’s splitting hairs at this point. Even if you don’t rely on the negotiation mechanism, I wouldn’t wait to test and deploy this patch.
109. Elevation of Privilege - Windows Recovery Environment Agent (CVE-2025-21202) - Medium [356]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 6.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
110. Security Feature Bypass - Microsoft Excel (CVE-2025-21364) - Medium [355]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
111. 
Command Injection - Microsoft Purview (CVE-2025-21385) - Medium [354]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.97 | 15 | Command Injection | |
| 0.3 | 14 | Microsoft Purview is a comprehensive set of solutions that can help your organization govern, protect, and manage data, wherever it lives | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.0005, EPSS Percentile is 0.21243 |
MS PT Extended: CVE-2025-21385 was published before January 2025 Patch Tuesday from 2024-12-11 to 2025-01-13
112. 
Denial of Service - Windows Connected Devices Platform Service (Cdpsvc) (CVE-2025-21207) - Medium [353]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
113. Denial of Service - Windows Kerberos (CVE-2025-21218) - Medium [353]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
114. Denial of Service - Windows MapUrlToZone (CVE-2025-21276) - Medium [353]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
115. Denial of Service - Windows Remote Desktop Services Denial of Service Vulnerability (CVE-2025-21330) - Medium [353]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
116. Denial of Service - Windows upnphost.dll (CVE-2025-21300) - Medium [353]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
117. Denial of Service - Windows upnphost.dll (CVE-2025-21389) - Medium [353]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
118. Security Feature Bypass - Secure Boot (CVE-2025-21213) - Medium [353]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.5 | 10 | CVSS Base Score is 4.6. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
119. Security Feature Bypass - Secure Boot (CVE-2025-21215) - Medium [353]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.5 | 10 | CVSS Base Score is 4.6. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
120. Information Disclosure - Windows CSC Service (CVE-2025-21374) - Medium [352]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
121. Information Disclosure - Windows Cryptographic (CVE-2025-21336) - Medium [352]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.6. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
122. Information Disclosure - Windows Kerberos (CVE-2025-21242) - Medium [352]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.9. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
123. Information Disclosure - Windows Kernel Memory (CVE-2025-21316) - Medium [352]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
124. Information Disclosure - Windows Kernel Memory (CVE-2025-21317) - Medium [352]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
125. Information Disclosure - Windows Kernel Memory (CVE-2025-21318) - Medium [352]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
126. Information Disclosure - Windows Kernel Memory (CVE-2025-21319) - Medium [352]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
127. Information Disclosure - Windows Kernel Memory (CVE-2025-21320) - Medium [352]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
128. Information Disclosure - Windows Kernel Memory (CVE-2025-21321) - Medium [352]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
129. Information Disclosure - Windows Kernel Memory (CVE-2025-21323) - Medium [352]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
130. Information Disclosure - Windows WLAN AutoConfig Service (CVE-2025-21257) - Medium [352]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows сomponent | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
131. Elevation of Privilege - .NET (CVE-2025-21173) - Medium [351]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.7 | 14 | .NET | |
| 0.7 | 10 | CVSS Base Score is 7.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
132. Information Disclosure - Defender for Endpoint (CVE-2024-49071) - Medium [350]
Description: {'ms_cve_data_all': 'Windows Defender Information Disclosure Vulnerability. Improper authorization of an index that contains sensitive information\xa0from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network.\n', 'nvd_cve_data_all': 'Improper authorization of an index that contains sensitive information\xa0from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Improper authorization of an index that contains sensitive information\xa0from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network.', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.5 | 14 | Product detected by a:microsoft:defender_for_endpoint (exists in CPE dict) | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00063, EPSS Percentile is 0.29495 |
MS PT Extended: CVE-2024-49071 was published before January 2025 Patch Tuesday from 2024-12-11 to 2025-01-13
133. Information Disclosure - .NET (CVE-2024-50338) - Medium [348]
Description: Git Credential Manager (GCM) is a secure Git credential helper built on
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.7 | 14 | .NET | |
| 0.7 | 10 | CVSS Base Score is 7.4. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
134. Remote Code Execution - Microsoft SharePoint Server (CVE-2025-21348) - Medium [345]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft SharePoint Server | |
| 0.7 | 10 | CVSS Base Score is 7.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
135. Elevation of Privilege - Active Directory Domain Services (CVE-2025-21293) - Medium [342]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Active Directory Domain Services | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
136. Denial of Service - Windows Security Account Manager (SAM) (CVE-2025-21313) - Medium [341]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
137. Memory Corruption - Chromium (CVE-2024-12692) - Medium [341]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.112 |
MS PT Extended: CVE-2024-12692 was published before January 2025 Patch Tuesday from 2024-12-11 to 2025-01-13
138. Memory Corruption - Chromium (CVE-2024-12694) - Medium [341]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.112 |
MS PT Extended: CVE-2024-12694 was published before January 2025 Patch Tuesday from 2024-12-11 to 2025-01-13
139. Security Feature Bypass - Windows HTML Platforms (CVE-2025-21269) - Medium [341]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
140. Remote Code Execution - Visual Studio (CVE-2025-21178) - Medium [335]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.3 | 14 | Integrated development environment | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
141. Elevation of Privilege - Microsoft AutoUpdate (MAU) (CVE-2025-21360) - Medium [330]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft AutoUpdate (MAU) | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
142. Elevation of Privilege - Microsoft Brokering File System (CVE-2025-21315) - Medium [330]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Brokering File System | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
143. Elevation of Privilege - Microsoft Brokering File System (CVE-2025-21372) - Medium [330]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Brokering File System | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
144. Denial of Service - Windows Event Tracing (CVE-2025-21274) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
145. Denial of Service - Windows Remote Desktop Gateway (RD Gateway) (CVE-2025-21225) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.9. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
146. Denial of Service - Windows Remote Desktop Gateway (RD Gateway) (CVE-2025-21278) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 6.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
147. Denial of Service - Windows Virtual Trusted Platform Module (CVE-2025-21280) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
148. Denial of Service - Windows Virtual Trusted Platform Module (CVE-2025-21284) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
149. Information Disclosure - Windows BitLocker (CVE-2025-21210) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.4 | 10 | CVSS Base Score is 4.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
150. Information Disclosure - Windows BitLocker (CVE-2025-21214) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.4 | 10 | CVSS Base Score is 4.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
151. Information Disclosure - Windows Smart Card Reader (CVE-2025-21312) - Medium [305]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.2 | 10 | CVSS Base Score is 2.4. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
152. 
Spoofing - Active Directory Federation Server (CVE-2025-21193) - Medium [304]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.9 | 14 | Active Directory is a directory service developed by Microsoft for Windows domain networks | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
153. Spoofing - Windows NTLM (CVE-2025-21217) - Medium [304]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.9 | 14 | A suite of security protocols to authenticate users' identity and protect the integrity and confidentiality of their activity | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
154. Denial of Service - IP Helper (CVE-2025-21231) - Medium [303]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | IP Helper | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
155. Denial of Service - Microsoft Message Queuing (MSMQ) (CVE-2025-21230) - Medium [303]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | Microsoft Message Queuing (MSMQ) | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
156. Denial of Service - Microsoft Message Queuing (MSMQ) (CVE-2025-21251) - Medium [303]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | Microsoft Message Queuing (MSMQ) | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
157. Denial of Service - Microsoft Message Queuing (MSMQ) (CVE-2025-21270) - Medium [303]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | Microsoft Message Queuing (MSMQ) | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
158. Denial of Service - Microsoft Message Queuing (MSMQ) (CVE-2025-21277) - Medium [303]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | Microsoft Message Queuing (MSMQ) | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
159. Denial of Service - Microsoft Message Queuing (MSMQ) (CVE-2025-21285) - Medium [303]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | Microsoft Message Queuing (MSMQ) | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
160. Denial of Service - Microsoft Message Queuing (MSMQ) (CVE-2025-21289) - Medium [303]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | Microsoft Message Queuing (MSMQ) | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
161. Denial of Service - Microsoft Message Queuing (MSMQ) (CVE-2025-21290) - Medium [303]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | Microsoft Message Queuing (MSMQ) | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
162. Information Disclosure - On-Premises Data Gateway (CVE-2025-21403) - Medium [302]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.5 | 14 | On-Premises Data Gateway | |
| 0.6 | 10 | CVSS Base Score is 6.4. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
163. Security Feature Bypass - MapUrlToZone (CVE-2025-21219) - Medium [291]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.5 | 14 | MapUrlToZone | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
164. Security Feature Bypass - MapUrlToZone (CVE-2025-21328) - Medium [291]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.5 | 14 | MapUrlToZone | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
165. Security Feature Bypass - MapUrlToZone (CVE-2025-21329) - Medium [291]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.5 | 14 | MapUrlToZone | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
166. Security Feature Bypass - MapUrlToZone (CVE-2025-21332) - Medium [291]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.5 | 14 | MapUrlToZone | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
167. Spoofing - Windows SmartScreen (CVE-2025-21314) - Medium [288]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | SmartScreen is a cloud-based anti-phishing and anti-malware component included in several Microsoft products, including operating systems Windows 8 and later, the applications Internet Explorer, Microsoft Edge | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
168. Spoofing - Windows Themes (CVE-2025-21308) - Medium [288]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-21308: Windows Themes Spoofing Vulnerability Windows themes are a combination of colors, sounds, and pictures that you can use to personalize your Windows PC. Successful exploitation of the vulnerability requires an attacker to convince the user to load a malicious file onto a vulnerable system.
Tenable: CVE-2025-21308 | Windows Themes Spoofing Vulnerability
Tenable: CVE-2025-21308 is a spoofing vulnerability affecting Windows Themes. This vulnerability received a CVSSv3 score of 6.5 and was publicly disclosed prior to a patch being made available. According to Microsoft, successful exploitation requires an attacker to convince a user to load a malicious file, then convince the user to “manipulate the specially crafted file.” Microsoft has provided a list of mitigations including disabling New Technology LAN Manager (NTLM) or using group policy to block NTLM hashes. For more information on the mitigation guidance, please refer to the Microsoft advisory.
Rapid7: Many enterprise users or even admins may not think about Windows Themes very often, but consider CVE-2025-21308: a spoofing vulnerability where successful exploitation leads to improper disclosure of an NTLM hash, which allows an attacker to impersonate the user from whom it was acquired. Microsoft does not have evidence of in-the-wild exploitation, but does note public disclosure.
Rapid7: On the advisory for CVE-2025-21308, Microsoft does link to documents describing a mitigation technique: restricting NTLM traffic. This is certainly worth a look, since a representative of reporting research organization 0patch has confirmed that NTLMv2 is affected by CVE-2025-21308.
ZDI: CVE-2025-21308 - Windows Themes Spoofing Vulnerability. This is one of the five publicly known vulnerabilities receiving fixes this month, and for a change, we know where this one is exposed publicly. It turns out that a previous patch (CVE-2024-38030) could be bypassed. The spoofing component here is NTLM credential relaying. Consequently, systems with NTLM restricted are less likely to be exploited. At a minimum, you should be restricting outbound NTLM traffic to remote servers. Fortunately, Microsoft provides guidance on setting this up. Enable those restrictions then patch your systems. † Indicates further administrative actions are required to fully address the vulnerability.
169. Elevation of Privilege - Visual Studio (CVE-2025-21405) - Medium [285]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.3 | 14 | Integrated development environment | |
| 0.7 | 10 | CVSS Base Score is 7.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
170. Spoofing - Microsoft SharePoint Server (CVE-2025-21393) - Medium [226]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Microsoft SharePoint Server | |
| 0.6 | 10 | CVSS Base Score is 6.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Elevation of Privilege (3)Qualys: CVE-2025-21333, CVE-2025-21334, & CVE-2025-21335: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability Windows Hyper-V NT Kernel Integration VSP refers to the Virtualization Service Provider component within the Hyper-V virtualization platform on Windows. The tool acts as a bridge between the Hyper-V hypervisor and the Windows NT kernel, allowing seamless communication and management of virtual machines running on the host system. Successful exploitation of the vulnerability could allow an attacker to SYTEM privileges.
Tenable: Microsoft’s January 2025 Patch Tuesday Addresses 157 CVEs (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)
Tenable: CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerabilities
Tenable: CVE-2025-21333, CVE-2025-21334 and CVE-2025-21335 are EoP vulnerabilities in the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP). All three vulnerabilities were assigned a CVSSv3 score of 7.8 and rated important. An authenticated, local attacker could exploit this vulnerability to elevate privileges to SYSTEM. Two of the three vulnerabilities were unattributed, with CVE-2025-21333 being attributed to an Anonymous researcher.
Rapid7: Microsoft is addressing a trio of related Windows Hyper-V NT Kernel Integration VSP elevation of privilege vulnerabilities today: CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335. Microsoft is aware of exploitation in the wild for all three, as seen on both the Microsoft advisories and CISA KEV. In each case, exploitation leads to SYSTEM privileges. The advisories are short on additional detail, beyond a brief acknowledgement of Anonymous — presumably an undisclosed party, rather than the hacktivist collective — on CVE-2025-21333.
ZDI: CVE-2025-21333/CVE-2025-21334/CVE-2025-21335 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability. These three bugs are listed as under active attack, and all have the same description. An authenticated user could use these to execute code with SYSTEM privileges. Although not specified, I would think that if the attacker were executing code at SYSTEM on the hypervisor from a guest, the CVSS would indicate a scope change. Microsoft doesn’t list that, but I’ve disagreed with their CVSS ratings in the past. If you are running Hyper-V, make sure these patches are at the top of your list for testing and deployment.
Security Feature Bypass (16)MS PT Extended: CVE-2024-49147 was published before January 2025 Patch Tuesday from 2024-12-11 to 2025-01-13
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
Elevation of Privilege (37)Qualys: CVE-2025-21311: Windows NTLM V1 Elevation of Privilege Vulnerability Windows NTLM V1 (NT LAN Manager Version 1) is a Microsoft authentication protocol used for network logins on Windows systems. Successful exploration of the vulnerability could allow an attacker to escalate privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
Qualys: CVE-2025-21275: Windows App Package Installer Elevation of Privilege Vulnerability A Windows App Package Installer, often called App Installer, is a built-in component of the Windows operating system that allows users to install applications easily. An attacker could gain SYSTEM privileges upon successful exploitation of the vulnerability.
Tenable: CVE-2025-21275 | Windows App Package Installer Elevation of Privilege Vulnerability
Tenable: CVE-2025-21275 is an EoP vulnerability in the Microsoft Windows App Package Installer. It was assigned a CVSSv3 score of 7.8 and is rated important. A local, authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges. These types of flaws are often associated with post-compromise activity, after an attacker has breached a system through other means.
Rapid7: Installing or updating software often requires elevated privileges, and researchers and threat actors have known this for a long time. The advisory for CVE-2025-21275 doesn’t weigh us down with lengthy explanations, it simply says that successful exploitation leads to SYSTEM privileges. Microsoft is aware of public disclosure of this vulnerability, but not in-the-wild exploitation.
Rapid7: CVE-2025-21275 is the latest in a long line of Windows Installer elevation of privilege vulnerabilities; Microsoft has now published 37 Windows Installer elevation of privilege vulnerabilities in total since the start of 2020, although only five of those have been zero-days, with only CVE-2024-38014 known by Microsoft to have been exploited prior to publication in September 2024.
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
Authentication Bypass (1)MS PT Extended: CVE-2025-21380 was published before January 2025 Patch Tuesday from 2024-12-11 to 2025-01-13
Remote Code Execution (61)MS PT Extended: CVE-2024-12693 was published before January 2025 Patch Tuesday from 2024-12-11 to 2025-01-13
MS PT Extended: CVE-2024-12695 was published before January 2025 Patch Tuesday from 2024-12-11 to 2025-01-13
Qualys: CVE-2025-21298: Windows OLE Remote Code Execution Vulnerability Object Linking and Embedding (OLE) is a Microsoft Windows standard that allows users to create and edit documents that contain objects from multiple applications. An attacker may exploit the vulnerability in an email attack scenario by sending a specially crafted email to the victim. The victim must open a specially crafted email with an affected Microsoft Outlook software version for successful exploitation. Upon successful exploitation, an attacker can achieve remote code execution on the victim’s machine.
Tenable: CVE-2025-21298 | Windows OLE Remote Code Execution Vulnerability
Tenable: CVE-2025-21298 is a RCE vulnerability in Microsoft Windows Object Linking and Embedding (OLE). It was assigned a CVSSv3 score of 9.8 and is rated critical. It has been assessed as “Exploitation More Likely.” An attacker could exploit this vulnerability by sending a specially crafted email to a target. Successful exploitation would lead to remote code execution on the target system if the target opens this email using a vulnerable version of Microsoft Outlook or if their software is able to preview the email through a preview pane.
Rapid7: Outlook admins who force their users to read emails in plain text only can skip this paragraph, but everyone else should be aware of CVE-2025-21298, a Windows Object Linking and Embedding (OLE) critical RCE with a CVSSv3 base score of 9.8. The eternal threat of the malicious inbound email finds expression again here; just previewing the wrong email in Outlook is all it takes for an attacker to achieve code execution in the context of the user. All versions of Windows receive a patch.
ZDI: CVE-2025-21298 - Windows OLE Remote Code Execution Vulnerability. This bug rates a CVSS 9.8 and allows a remote attacker to execute code on a target system by sending a specially crafted mail to an affected system with Outlook. Fortunately, the preview pane is not an attack vector, but previewing an attachment could trigger the code execution. The specific flaw exists within the parsing of RTF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. As a mitigation, you can set Outlook to read all standard mail as plain text, but users will likely revolt against such a setting. The best option is to test and deploy this patch quickly.
Qualys: CVE-2025-21307: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability The Windows Reliable Multicast Transport Driver (RMCAST) is a component within the Windows operating system that enables reliable multicast data transmission. An unauthenticated attacker could exploit the vulnerability by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server without any interaction from the user.
Rapid7: Microsoft’s in-house research teams are a reliable source of vulnerability discovery in Microsoft products, and today we get patches for the self-discovered CVE-2025-21307, a critical RCE in the Windows Reliable Multicast Transport Driver (RMCAST) with a CVSSv3 base score of 9.8. The vulnerability is only exploitable on a system where a program is listening on a Pragmatic General Multicast (PGM) port.
Rapid7: Given the lack of required user interaction and remote attack vector for CVE-2025-21307, it’s well worth asking yourself: does our firewall allow a PGM receiver to receive inbound traffic from the public internet? If so, the second-best time to prevent that is right now.
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
Qualys: CVE-2025-21297 & CVE-2025-21309: Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services (RDS) is a Microsoft feature that allows users to access and control a remote computer’s desktop and applications over a network connection. An attacker must win a race condition to exploit the vulnerabilities. An attacker could exploit these vulnerabilities by connecting to a system with the Remote Desktop Gateway role. Then, it would trigger the race condition to create a use-after-free scenario, ultimately leading to arbitrary code execution.
Tenable: CVE-2025-21297, CVE-2025-21309 | Windows Remote Desktop Services Remote Code Execution Vulnerability
Tenable: CVE-2025-21297 and CVE-2025-21309 are critical RCE vulnerabilities affecting Windows Remote Desktop Services. Both of these vulnerabilities were assigned CVSSv3 scores of 8.1, however CVE-2025-21309 was assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index, while CVE-2025-21297 was assessed as “Exploitation Less Likely.”
ZDI: CVE-2025-21297/CVE-2025-21309 - Windows Remote Desktop Services Remote Code Execution Vulnerability. Both of these bugs allow arbitrary code execution on affected Remote Desktop Gateway servers from remote, unauthenticated attackers. They just need to connect to the server and trigger a race condition to create a use-after-free bug. While race conditions are somewhat tricky to exploit, we see them used at Pwn2Own frequently. Considering that exploiting this requires no user interaction, I would prioritize this patch, especially if you have these gateways exposed to the Internet.
Qualys: CVE-2025-21366, CVE-2025-21395, & CVE-2025-21186: Microsoft Access Remote Code Execution Vulnerability Microsoft Access is a database management system (DBMS) that helps users store, organize, and analyze data. Microsoft Access stores data in its format, or it can import or link to data from other applications. Microsoft addressed the vulnerabilities by blocking access to the following extensions: accdb accde accdw accdt accda accdr accdu
Tenable: CVE-2025-21186, CVE-2025-21366, CVE-2025-21395 | Microsoft Access Remote Code Execution Vulnerability
Tenable: CVE-2025-21186, CVE-2025-21366 and CVE-2025-21395 are RCE vulnerabilities in Microsoft Access, a database management system. All three vulnerabilities were assigned a CVSSv3 score of 7.8 and rated important. A remote, unauthenticated attacker could exploit this vulnerability by convincing a target through social engineering to download and open a malicious file. Successful exploitation would grant an attacker arbitrary code execution privileges on the vulnerable system. This update “blocks potentially malicious extensions from being sent in an email.”
Rapid7: Today sees the publication of three very similar zero-day Microsoft Access vulnerabilities: CVE-2025-21366, CVE-2025-21395, and CVE-2025-21186. In each case, Microsoft notes public disclosure, but does not claim evidence of exploitation in the wild. Successful exploitation leads to code execution via heap-based buffer overflow, and requires that an attacker convince the user to download and open a malicious file.
Qualys: CVE-2025-21354 & CVE-2025-21362: Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel is a spreadsheet program that helps users organize and analyze data. It’s available on Windows, macOS, Android, iOS, and iPadOS. Successful exploitation of the vulnerability could allow an attacker to achieve remote code execution of vulnerable targets.
Qualys: CVE-2025-21296: BranchCache Remote Code Execution Vulnerability BranchCache is a Windows feature that optimizes wide area network (WAN) bandwidth by caching content on local computers in branch offices. An attacker must win a race condition to exploit the vulnerability.
Qualys: CVE-2025-21294: Microsoft Digest Authentication Remote Code Execution Vulnerability Microsoft Digest Authentication is a security mechanism that uses a challenge-response protocol to verify user credentials without sending the actual password in plain text over the network. An attacker must win a race condition to exploit the vulnerability. An attacker could exploit this vulnerability by connecting to a system that requires digest authentication. This will trigger the race condition to create a use-after-free scenario, leading to arbitrary code execution.
Qualys: CVE-2025-21295: SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability SPNEGO Extended Negotiation (NEGOEX) is a security mechanism that extends the Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) capabilities. The mechanism allows clients and servers to negotiate a standard authentication protocol based on additional metadata like trust configurations. An attacker must manipulate system operations in a specific manner to exploit the vulnerability. Upon successful exploitation, an attacker could achieve remote code execution without user interaction.
ZDI: CVE-2025-21295 - SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability. Besides being a mouthful of a title, this bug impacts a security mechanism, which is never a good sign. It allows remote, unauthenticated attackers to execute code on an affected system without user interaction. The only good news is that there are some barriers to exploitation, but I wouldn’t rely on that fact. I would also consider this a Scope Change, but that’s splitting hairs at this point. Even if you don’t rely on the negotiation mechanism, I wouldn’t wait to test and deploy this patch.
Information Disclosure (22)MS PT Extended: CVE-2024-49071 was published before January 2025 Patch Tuesday from 2024-12-11 to 2025-01-13
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
Memory Corruption (4)MS PT Extended: CVE-2024-12382 was published before January 2025 Patch Tuesday from 2024-12-11 to 2025-01-13
MS PT Extended: CVE-2024-12692 was published before January 2025 Patch Tuesday from 2024-12-11 to 2025-01-13
MS PT Extended: CVE-2024-12381 was published before January 2025 Patch Tuesday from 2024-12-11 to 2025-01-13
MS PT Extended: CVE-2024-12694 was published before January 2025 Patch Tuesday from 2024-12-11 to 2025-01-13
Command Injection (1)MS PT Extended: CVE-2025-21385 was published before January 2025 Patch Tuesday from 2024-12-11 to 2025-01-13
Denial of Service (20)Spoofing (5)Qualys: Other Microsoft Vulnerability Highlights CVE-2025-21210 is an information disclosure vulnerability in Windows BitLocker. Successful exploitation of the vulnerability could allow an attacker to disclose unencrypted hibernation images in cleartext. CVE-2025-21268, CVE-2025-21219, CVE-2025-21189, CVE-2025-21328, & CVE-2025-21329 are security feature bypass vulnerabilities in MapUrlToZone. Upon successful exploitation, an attacker could bypass the MapURLToZone method to view some sensitive information. CVE-2025-21269 is a security feature bypass vulnerability in Windows HTML Platforms. Successful exploitation of the vulnerability could allow an attacker to view some sensitive information. CVE-2025-21292 is an elevation of privilege vulnerability in Windows Search Service. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges. CVE-2025-21299 is a security feature bypass vulnerability in Windows Kerberos. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. CVE-2025-21314 is a spoofing vulnerability in Windows SmartScreen. To successfully exploit the vulnerability, an attacker must send the victim a malicious file that the victim would have to execute. CVE-2025-21315 is an elevation of privilege vulnerability in the Microsoft Brokering File System. Upon successful exploitation, an attacker could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability. CVE-2025-21364 is a security feature bypass vulnerability in Microsoft Excel. Successful exploitation of the vulnerability may allow an attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution.
Qualys: CVE-2025-21308: Windows Themes Spoofing Vulnerability Windows themes are a combination of colors, sounds, and pictures that you can use to personalize your Windows PC. Successful exploitation of the vulnerability requires an attacker to convince the user to load a malicious file onto a vulnerable system.
Tenable: CVE-2025-21308 | Windows Themes Spoofing Vulnerability
Tenable: CVE-2025-21308 is a spoofing vulnerability affecting Windows Themes. This vulnerability received a CVSSv3 score of 6.5 and was publicly disclosed prior to a patch being made available. According to Microsoft, successful exploitation requires an attacker to convince a user to load a malicious file, then convince the user to “manipulate the specially crafted file.” Microsoft has provided a list of mitigations including disabling New Technology LAN Manager (NTLM) or using group policy to block NTLM hashes. For more information on the mitigation guidance, please refer to the Microsoft advisory.
Rapid7: Many enterprise users or even admins may not think about Windows Themes very often, but consider CVE-2025-21308: a spoofing vulnerability where successful exploitation leads to improper disclosure of an NTLM hash, which allows an attacker to impersonate the user from whom it was acquired. Microsoft does not have evidence of in-the-wild exploitation, but does note public disclosure.
Rapid7: On the advisory for CVE-2025-21308, Microsoft does link to documents describing a mitigation technique: restricting NTLM traffic. This is certainly worth a look, since a representative of reporting research organization 0patch has confirmed that NTLMv2 is affected by CVE-2025-21308.
ZDI: CVE-2025-21308 - Windows Themes Spoofing Vulnerability. This is one of the five publicly known vulnerabilities receiving fixes this month, and for a change, we know where this one is exposed publicly. It turns out that a previous patch (CVE-2024-38030) could be bypassed. The spoofing component here is NTLM credential relaying. Consequently, systems with NTLM restricted are less likely to be exploited. At a minimum, you should be restricting outbound NTLM traffic to remote servers. Fortunately, Microsoft provides guidance on setting this up. Enable those restrictions then patch your systems. † Indicates further administrative actions are required to fully address the vulnerability.