Report Name: Microsoft Patch Tuesday, November 2025Generated: 2025-11-12 23:17:10
| Product Name | Prevalence | U | C | H | M | L | A | Comment |
|---|---|---|---|---|---|---|---|---|
| Windows Kernel | 0.9 | 1 | 1 | Windows Kernel | ||||
| DirectX Graphics Kernel | 0.8 | 3 | 3 | DirectX Graphics Kernel | ||||
| GDI+ | 0.8 | 1 | 1 | GDI+ | ||||
| Host Process for Windows Tasks | 0.8 | 1 | 1 | Windows component | ||||
| Microsoft Office | 0.8 | 3 | 3 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | ||||
| Windows Administrator Protection | 0.8 | 1 | 1 | 2 | Windows component | |||
| Windows Ancillary Function Driver for WinSock | 0.8 | 3 | 3 | Windows component | ||||
| Windows Bluetooth RFCOM Protocol Driver | 0.8 | 1 | 1 | Windows component | ||||
| Windows Broadcast DVR User Service | 0.8 | 2 | 2 | Windows component | ||||
| Windows Client-Side Caching | 0.8 | 1 | 1 | Windows component | ||||
| Windows Common Log File System Driver | 0.8 | 1 | 1 | Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs | ||||
| Windows Kerberos | 0.8 | 1 | 1 | Windows component | ||||
| Windows License Manager | 0.8 | 2 | 2 | Windows component | ||||
| Windows OLE | 0.8 | 1 | 1 | Windows component | ||||
| Windows Remote Desktop Services | 0.8 | 1 | 1 | Remote Desktop Services, known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection | ||||
| Windows Routing and Remote Access Service (RRAS) | 0.8 | 2 | 2 | 4 | Windows component | |||
| Windows Smart Card Reader | 0.8 | 1 | 1 | Windows component | ||||
| Windows Speech Recognition | 0.8 | 2 | 2 | Windows component | ||||
| Windows Speech Runtime | 0.8 | 1 | 1 | Windows component | ||||
| Windows Subsystem for Linux GUI | 0.8 | 1 | 1 | Windows component | ||||
| Windows Transport Driver Interface (TDI) Translation Driver | 0.8 | 1 | 1 | Windows component | ||||
| Windows WLAN Service | 0.8 | 1 | 1 | Windows component | ||||
| Microsoft SharePoint | 0.7 | 1 | 1 | Microsoft SharePoint | ||||
| Microsoft Excel | 0.6 | 8 | 8 | MS Office product | ||||
| Windows Hyper-V | 0.6 | 1 | 1 | Hardware virtualization component of the client editions of Windows NT | ||||
| libxml2 | 0.6 | 1 | 1 | libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project | ||||
| Agentic AI and Visual Studio Code | 0.5 | 1 | 1 | Agentic AI and Visual Studio Code | ||||
| Azure Monitor Agent | 0.5 | 1 | 1 | Azure Monitor Agent | ||||
| Configuration Manager | 0.5 | 1 | 1 | Configuration Manager | ||||
| Customer Experience Improvement Program (CEIP) | 0.5 | 1 | 1 | Customer Experience Improvement Program (CEIP) | ||||
| Dynamics 365 Field Service (online) | 0.5 | 2 | 2 | Dynamics 365 Field Service (online) | ||||
| GitHub Copilot and Visual Studio Code | 0.5 | 1 | 1 | GitHub Copilot and Visual Studio Code | ||||
| Libarchive | 0.5 | 1 | 1 | Multi-format archive and compression library | ||||
| Microsoft Dynamics 365 (On-Premises) | 0.5 | 1 | 1 | Microsoft Dynamics 365 (On-Premises) | ||||
| Microsoft SQL Server | 0.5 | 1 | 1 | Microsoft SQL Server | ||||
| Microsoft Streaming Service Proxy | 0.5 | 1 | 1 | Microsoft Streaming Service Proxy | ||||
| Microsoft Visual Studio Code CoPilot Chat Extension | 0.5 | 1 | 1 | Microsoft Visual Studio Code CoPilot Chat Extension | ||||
| Microsoft Wireless Provisioning System | 0.5 | 2 | 2 | Microsoft Wireless Provisioning System | ||||
| Multimedia Class Scheduler Service (MMCSS) Driver | 0.5 | 1 | 1 | Multimedia Class Scheduler Service (MMCSS) Driver | ||||
| Nuance PowerScribe 360 | 0.5 | 1 | 1 | Nuance PowerScribe 360 | ||||
| Storvsp.sys Driver | 0.5 | 1 | 1 | Storvsp.sys Driver | ||||
| Microsoft OneDrive for Android | 0.4 | 1 | 1 | Microsoft OneDrive for Android | ||||
| Visual Studio | 0.3 | 1 | 1 | Integrated development environment |
| Vulnerability Type | Criticality | U | C | H | M | L | A |
|---|---|---|---|---|---|---|---|
| Remote Code Execution | 1.0 | 10 | 6 | 16 | |||
| Security Feature Bypass | 0.9 | 2 | 2 | ||||
| Elevation of Privilege | 0.85 | 1 | 5 | 23 | 29 | ||
| Information Disclosure | 0.83 | 11 | 11 | ||||
| Denial of Service | 0.7 | 5 | 5 | ||||
| Spoofing | 0.4 | 2 | 2 |
| Source | U | C | H | M | L | A |
|---|---|---|---|---|---|---|
| Qualys | 1 | 3 | 7 | 11 | ||
| Tenable | 1 | 4 | 3 | 8 | ||
| Rapid7 | 2 | 2 | 4 | |||
| ZDI | 1 | 2 | 1 | 4 |
1. 
Elevation of Privilege - Windows Kernel (CVE-2025-62215) - Critical [744]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object), Microsoft websites | |
| 0.6 | 17 | The existence of a private exploit is mentioned on Microsoft:PrivateExploit:Functional website | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.15109 |
Qualys: CVE-2025-62215: Windows Kernel Elevation of Privilege Vulnerability Successful exploitation of the vulnerability may allow an authenticated attacker to gain SYSTEM privileges. An attacker must win a race condition to exploit the vulnerability.
Tenable: Microsoft’s November 2025 Patch Tuesday Addresses 63 CVEs (CVE-2025-62215)
Tenable: CVE-2025-62215 | Windows Kernel Elevation of Privilege Vulnerability
Tenable: CVE-2025-62215 is an EoP vulnerability in the Windows Kernel. It was assigned a CVSSv3 score of 7.0 and rated important. A local, authenticated attacker could exploit this vulnerability by winning a race condition in order to gain SYSTEM privileges. According to Microsoft, this vulnerability was exploited in the wild as a zero-day.
Tenable: Including CVE-2025-62215, there have been 11 EoP vulnerabilities patched in the Windows Kernel in 2025, with five of these included in the October 2025 Patch Tuesday release.
ZDI: CVE-2025-62215 - Windows Kernel Elevation of Privilege Vulnerability. This is the bug currently under exploit, but Microsoft offers no indication of the extent of the exploitation. It’s also interesting to note there’s a race condition here, and it shows that some race conditions are more reliable than others. Bugs like these are often paired with a code execution bug by malware to completely take over a system. If you must prioritize, this should be at the top of your list.
2. 
Remote Code Execution - GDI+ (CVE-2025-60724) - High [454]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | GDI+ | |
| 1.0 | 10 | CVSS Base Score is 9.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00069, EPSS Percentile is 0.21558 |
Qualys: CVE-2025-60724: GDI+ Remote Code Execution Vulnerability A heap-based buffer overflow flaw in the Microsoft Graphics Component may allow an unauthenticated attacker to execute code over a network. An attacker could exploit this vulnerability by convincing a user to download and open a document containing a specially crafted metafile.
Tenable: CVE-2025-60724 | GDI+ Remote Code Execution Vulnerability
Tenable: CVE-2025-60724 is a RCE vulnerability affecting the Windows Graphics Device Interface (GDI). It was assigned a CVSSv3 score of 9.8, rated as critical and assessed as “Exploitation Less Likely.” A remote attacker could exploit this flaw by convincing a victim to download and open a crafted file which could exploit a heap-based buffer overflow in order to execute arbitrary code.
Rapid7: Faced with a fresh stack of Patch Tuesday vulns, there are a few different ways to prioritize our analysis. Do we start with vulns exploited in the wild? Pre-authentication RCEs? The vuln with the highest CVSS base score? The vuln which is likely to affect just about every asset running Microsoft software? Any of these are sensible avenues of approach, and today, all roads lead to CVE-2025-60724. As the advisory notes, in the worst-case scenario, an attacker could exploit this vulnerability by uploading a malicious document to a vulnerable web service. The advisory doesn’t spell out the context of code execution, but if all the stars align for the attacker, the prize could be remote code execution as SYSTEM via the network without any need for an existing foothold. While this vuln almost certainly isn’t wormable, it’s clearly very serious and is surely a top priority for just about anyone considering how to approach this month’s patches.
Rapid7: The weakness underlying CVE-2025-60724 is CWE-122: Heap-based buffer overflow, a concept which celebrated its 50th birthday several years ago. As the authors of the original 1972 paper noted: “If the code makes use of an internal buffer, there is a possibility that a user could input enough data to overwrite other portions of the program's private storage.” Regarding computer security in general, they opined that “this problem is neither hopeless nor solved. It is, however, perfectly clear [...] that solutions to the problem will not occur spontaneously, nor will they come from the various well-intentioned attempts to provide security as an add-on to existing systems.”. Office: critical ACE
3. Remote Code Execution - Microsoft SharePoint (CVE-2025-62204) - High [449]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.8 | 10 | CVSS Base Score is 8.0. According to Microsoft data source | |
| 0.5 | 10 | EPSS Probability is 0.00324, EPSS Percentile is 0.54935 |
4. Remote Code Execution - Windows Subsystem for Linux GUI (CVE-2025-62220) - High [442]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00058, EPSS Percentile is 0.18069 |
5. Remote Code Execution - Microsoft Office (CVE-2025-62199) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.0006, EPSS Percentile is 0.18795 |
Qualys: CVE-2025-62199: Microsoft Office Remote Code Execution Vulnerability A use-after-free vulnerability in Microsoft Office may allow an unauthenticated attacker to execute code locally. For successful exploitation of the vulnerability, an attacker must send the user a malicious file and convince them to open it.
Tenable: CVE-2025-62199 | Microsoft Office Remote Code Execution Vulnerability
Tenable: CVE-2025-62199 is a RCE vulnerability in Microsoft Office. It was assigned a CVSSv3 score of 7.8, rated critical and assessed as “Exploitation Less Likely” according to Microsoft’s Exploitability Index. An attacker could exploit this flaw through social engineering by sending the malicious Microsoft Office document file to an intended target. Successful exploitation would grant code execution privileges to the attacker.
Tenable: Microsoft patched two additional Microsoft Office RCEs this month. CVE-2025-62205 and CVE-2025-62216 both were assigned CVSSv3 scores of 7.8 and rated as important. CVE-2025-62205 was assessed as “Exploitation Less Likely” while CVE-2025-62216 was assessed as “Exploitation Unlikely.” In contrast to CVE-2025-62199, the preview pane is not an attack vector for these two vulnerabilities.
Rapid7: Once again, we find ourselves wondering: “when is remote code execution really remote?” CVE-2025-62199 describes a critical RCE vulnerability in Microsoft Office, where exploitation relies on the user downloading and opening a malicious file. The attacker is remote, and that’s enough to satisfy the definition, even if the action is taken on the local system by the unwitting user. Anyone hoping that the Preview Pane is not a vector will be sadly disappointed, and this certainly increases the probability of real-world exploitation, since there’s no need for the attacker to craft a way around those pesky warnings about enabling dangerous content. Just scrolling through a list of emails in Outlook could be enough.
ZDI: CVE-2025-62199 - Microsoft Office Remote Code Execution Vulnerability. Another month – another Office bug where the Preview Pane is an attack vector. Interestingly, Microsoft notes user interaction is required despite the Preview Pane, so it’s not clear how this would be exploited. Maybe if a user previews an attachment? Still, at this point, it’s time to consider disabling the Preview Pane in Office until Microsoft clears these bugs up.
6. Remote Code Execution - Microsoft Office (CVE-2025-62205) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.0006, EPSS Percentile is 0.18795 |
Tenable: Microsoft patched two additional Microsoft Office RCEs this month. CVE-2025-62205 and CVE-2025-62216 both were assigned CVSSv3 scores of 7.8 and rated as important. CVE-2025-62205 was assessed as “Exploitation Less Likely” while CVE-2025-62216 was assessed as “Exploitation Unlikely.” In contrast to CVE-2025-62199, the preview pane is not an attack vector for these two vulnerabilities.
7. Remote Code Execution - Microsoft Office (CVE-2025-62216) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00058, EPSS Percentile is 0.18119 |
Tenable: Microsoft patched two additional Microsoft Office RCEs this month. CVE-2025-62205 and CVE-2025-62216 both were assigned CVSSv3 scores of 7.8 and rated as important. CVE-2025-62205 was assessed as “Exploitation Less Likely” while CVE-2025-62216 was assessed as “Exploitation Unlikely.” In contrast to CVE-2025-62199, the preview pane is not an attack vector for these two vulnerabilities.
8. Remote Code Execution - Windows OLE (CVE-2025-60714) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.0006, EPSS Percentile is 0.18795 |
9. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2025-60715) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 8.0. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00059, EPSS Percentile is 0.18557 |
10. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2025-62452) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 8.0. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00057, EPSS Percentile is 0.17835 |
11. Elevation of Privilege - Windows Administrator Protection (CVE-2025-60718) - High [416]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00092, EPSS Percentile is 0.26582 |
12. Elevation of Privilege - Windows WLAN Service (CVE-2025-59511) - High [416]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00092, EPSS Percentile is 0.26582 |
13. Elevation of Privilege - Host Process for Windows Tasks (CVE-2025-60710) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00069, EPSS Percentile is 0.21445 |
14. Elevation of Privilege - Windows Client-Side Caching (CVE-2025-60705) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00056, EPSS Percentile is 0.17552 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-59512 is an elevation of privilege vulnerability in the Customer Experience Improvement Program (CEIP). An improper access control flaw may allow an authenticated attacker to gain SYSTEM privileges. CVE-2025-60705 is an elevation of privilege vulnerability in the Windows Client-Side Caching. An improper access control flaw may allow an authenticated attacker to gain administrator privileges. CVE-2025-60719 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2025-62217 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2025-62213 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
15. Elevation of Privilege - Windows Kerberos (CVE-2025-60704) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00052, EPSS Percentile is 0.16134 |
16. Remote Code Execution - Agentic AI and Visual Studio Code (CVE-2025-62222) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Agentic AI and Visual Studio Code | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00112, EPSS Percentile is 0.30448 |
ZDI: CVE-2025-62222 - Agentic AI and Visual Studio Code Remote Code Execution Vulnerability. While there have been a few bugs impacting CoPilot, this is the first bug specifically calling out Agentic AI with a code execution bug. Based on the description, exploitation of this vulnerability would not be trivial. However, with a little bit of social engineering, it could allow remote attackers to execute their code on a target GitHub repository. There are several bugs impacting CoPilot receiving patches this month, but this one stands out above the others. If you’re using Agentic AI, pay attention here, or you could find yourself dealing with something more than just AI hallucinations.
17. Remote Code Execution - Microsoft Excel (CVE-2025-60727) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.0006, EPSS Percentile is 0.18795 |
18. Remote Code Execution - Microsoft Excel (CVE-2025-62200) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.0006, EPSS Percentile is 0.18795 |
19. Remote Code Execution - Microsoft Excel (CVE-2025-62201) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.0006, EPSS Percentile is 0.18795 |
20. Remote Code Execution - Microsoft Excel (CVE-2025-62203) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.0006, EPSS Percentile is 0.18795 |
21. Elevation of Privilege - Windows Administrator Protection (CVE-2025-60721) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.12443 |
22. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2025-60719) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00056, EPSS Percentile is 0.17502 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-59512 is an elevation of privilege vulnerability in the Customer Experience Improvement Program (CEIP). An improper access control flaw may allow an authenticated attacker to gain SYSTEM privileges. CVE-2025-60705 is an elevation of privilege vulnerability in the Windows Client-Side Caching. An improper access control flaw may allow an authenticated attacker to gain administrator privileges. CVE-2025-60719 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2025-62217 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2025-62213 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Tenable: CVE-2025-60719, CVE-2025-62213, and CVE-2025-62217 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Tenable: CVE-2025-60719, CVE-2025-62213 and CVE-2025-62217 are EoP vulnerabilities affecting the Ancillary Function Driver for WinSock for Microsoft Windows. All three were assigned CVSSv3 scores of 7.0, were rated as important and assessed as “Exploitation More Likely.” A local, authenticated attacker could exploit these vulnerabilities to elevate to SYSTEM level privileges.
23. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2025-62213) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00054, EPSS Percentile is 0.16953 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-59512 is an elevation of privilege vulnerability in the Customer Experience Improvement Program (CEIP). An improper access control flaw may allow an authenticated attacker to gain SYSTEM privileges. CVE-2025-60705 is an elevation of privilege vulnerability in the Windows Client-Side Caching. An improper access control flaw may allow an authenticated attacker to gain administrator privileges. CVE-2025-60719 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2025-62217 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2025-62213 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Tenable: CVE-2025-60719, CVE-2025-62213, and CVE-2025-62217 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Tenable: CVE-2025-60719, CVE-2025-62213 and CVE-2025-62217 are EoP vulnerabilities affecting the Ancillary Function Driver for WinSock for Microsoft Windows. All three were assigned CVSSv3 scores of 7.0, were rated as important and assessed as “Exploitation More Likely.” A local, authenticated attacker could exploit these vulnerabilities to elevate to SYSTEM level privileges.
24. Elevation of Privilege - Windows Common Log File System Driver (CVE-2025-60709) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.13752 |
ZDI: CVE-2025-60709 - Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability. While this bug is not under active attack and simply leads to executing code as SYSTEM, I highlight this bug as CLFS has been exploited multiple times over the last few years. I will admit that I may have some recency bias with this as I just saw a presentation at the Countermeasure conference in Ottawa discussing CLFS exploitation. Still, the presentation showed how CLFS has been recently abused by threat actors.
25. Elevation of Privilege - Windows Remote Desktop Services (CVE-2025-60703) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Remote Desktop Services, known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.13752 |
26. Elevation of Privilege - Windows Routing and Remote Access Service (RRAS) (CVE-2025-60713) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.13752 |
27. Elevation of Privilege - Windows Smart Card Reader (CVE-2025-59505) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.13752 |
28. Elevation of Privilege - Windows Transport Driver Interface (TDI) Translation Driver (CVE-2025-60720) - Medium [392]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.13752 |
29. Elevation of Privilege - DirectX Graphics Kernel (CVE-2025-59506) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | DirectX Graphics Kernel | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00038, EPSS Percentile is 0.10826 |
30. Elevation of Privilege - DirectX Graphics Kernel (CVE-2025-60716) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | DirectX Graphics Kernel | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.12407 |
Qualys: CVE-2025-60716: DirectX Graphics Kernel Elevation of Privilege Vulnerability A use-after-free vulnerability in Windows DirectX may allow an authenticated attacker to elevate their local privileges. An attacker must win a race condition to exploit the vulnerability. Upon successful exploitation, an attacker could gain SYSTEM privileges.
31. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2025-62217) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00036, EPSS Percentile is 0.10337 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-59512 is an elevation of privilege vulnerability in the Customer Experience Improvement Program (CEIP). An improper access control flaw may allow an authenticated attacker to gain SYSTEM privileges. CVE-2025-60705 is an elevation of privilege vulnerability in the Windows Client-Side Caching. An improper access control flaw may allow an authenticated attacker to gain administrator privileges. CVE-2025-60719 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2025-62217 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2025-62213 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Tenable: CVE-2025-60719, CVE-2025-62213, and CVE-2025-62217 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Tenable: CVE-2025-60719, CVE-2025-62213 and CVE-2025-62217 are EoP vulnerabilities affecting the Ancillary Function Driver for WinSock for Microsoft Windows. All three were assigned CVSSv3 scores of 7.0, were rated as important and assessed as “Exploitation More Likely.” A local, authenticated attacker could exploit these vulnerabilities to elevate to SYSTEM level privileges.
32. Elevation of Privilege - Windows Broadcast DVR User Service (CVE-2025-59515) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.12407 |
33. Elevation of Privilege - Windows Broadcast DVR User Service (CVE-2025-60717) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.12407 |
34. Elevation of Privilege - Windows Speech Recognition (CVE-2025-59508) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00038, EPSS Percentile is 0.10826 |
35. Elevation of Privilege - Windows Speech Runtime (CVE-2025-59507) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00038, EPSS Percentile is 0.10826 |
36. 
Information Disclosure - Windows License Manager (CVE-2025-62208) - Medium [376]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00053, EPSS Percentile is 0.16652 |
37. Information Disclosure - Windows License Manager (CVE-2025-62209) - Medium [376]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00053, EPSS Percentile is 0.16652 |
38. Information Disclosure - Windows Speech Recognition (CVE-2025-59509) - Medium [376]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00053, EPSS Percentile is 0.16652 |
39. Elevation of Privilege - Microsoft SQL Server (CVE-2025-59499) - Medium [366]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00072, EPSS Percentile is 0.22296 |
Rapid7: SQL Server admins should take note of CVE-2025-59499, which describes an elevation of privilege (EoP) vulnerability. Although some level existing privileges are required, successful exploitation will permit an attacker to run arbitrary Transact-SQL (T-SQL) commands. T-SQL is the language which SQL Server databases and clients use to communicate with one another. Although the default configuration for SQL Server disables the xp_cmdshell functionality which allows direct callouts to the underlying OS, there’s more than one way to shine a penny, and the only safe assumption here is that exploitation will lead to code execution in the context of SQL Server itself. Patches are available for all supported versions of SQL Server.
40. Information Disclosure - Windows Bluetooth RFCOM Protocol Driver (CVE-2025-59513) - Medium [364]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00039, EPSS Percentile is 0.11373 |
41. Remote Code Execution - Azure Monitor Agent (CVE-2025-59504) - Medium [357]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Azure Monitor Agent | |
| 0.7 | 10 | CVSS Base Score is 7.3. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.12543 |
42. Information Disclosure - Microsoft Excel (CVE-2025-60726) - Medium [355]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.6 | 14 | MS Office product | |
| 0.7 | 10 | CVSS Base Score is 7.1. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00053, EPSS Percentile is 0.16597 |
43. Information Disclosure - Microsoft Excel (CVE-2025-62202) - Medium [355]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.6 | 14 | MS Office product | |
| 0.7 | 10 | CVSS Base Score is 7.1. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00053, EPSS Percentile is 0.16597 |
44. Elevation of Privilege - Customer Experience Improvement Program (CEIP) (CVE-2025-59512) - Medium [354]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Customer Experience Improvement Program (CEIP) | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00056, EPSS Percentile is 0.17552 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-59512 is an elevation of privilege vulnerability in the Customer Experience Improvement Program (CEIP). An improper access control flaw may allow an authenticated attacker to gain SYSTEM privileges. CVE-2025-60705 is an elevation of privilege vulnerability in the Windows Client-Side Caching. An improper access control flaw may allow an authenticated attacker to gain administrator privileges. CVE-2025-60719 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2025-62217 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2025-62213 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
45. 
Denial of Service - DirectX Graphics Kernel (CVE-2025-60723) - Medium [353]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | DirectX Graphics Kernel | |
| 0.6 | 10 | CVSS Base Score is 6.3. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00055, EPSS Percentile is 0.1717 |
46. Denial of Service - libxml2 (CVE-2025-12863) - Medium [344]
Description: A flaw was found in the xmlSetTreeDoc() function of the
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.6 | 14 | libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to NVD data source | |
| 0.2 | 10 | EPSS Probability is 0.00052, EPSS Percentile is 0.16004 |
47. Elevation of Privilege - Microsoft Streaming Service Proxy (CVE-2025-59514) - Medium [342]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Streaming Service Proxy | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.12443 |
48. Elevation of Privilege - Multimedia Class Scheduler Service (MMCSS) Driver (CVE-2025-60707) - Medium [342]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Multimedia Class Scheduler Service (MMCSS) Driver | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.13752 |
49. Denial of Service - Windows Routing and Remote Access Service (RRAS) (CVE-2025-59510) - Medium [341]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00048, EPSS Percentile is 0.1467 |
50. 
Security Feature Bypass - Microsoft Visual Studio Code CoPilot Chat Extension (CVE-2025-62449) - Medium [339]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.5 | 14 | Microsoft Visual Studio Code CoPilot Chat Extension | |
| 0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00039, EPSS Percentile is 0.1141 |
51. Information Disclosure - Microsoft Dynamics 365 (On-Premises) (CVE-2025-62206) - Medium [338]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.5 | 14 | Microsoft Dynamics 365 (On-Premises) | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00078, EPSS Percentile is 0.23808 |
52. Information Disclosure - Nuance PowerScribe 360 (CVE-2025-30398) - Medium [338]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.5 | 14 | Nuance PowerScribe 360 | |
| 0.8 | 10 | CVSS Base Score is 8.1. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00041, EPSS Percentile is 0.12234 |
Qualys: CVE-2025-30398: Nuance PowerScribe 360 Information Disclosure Vulnerability Missing authorization in Nuance PowerScribe may allow an unauthenticated attacker to disclose information over a network. An unauthenticated attacker could exploit this vulnerability by making an API call to a specific endpoint. The attacker could then use the data to gain access to sensitive information on the server.
53. Information Disclosure - Microsoft Excel (CVE-2025-59240) - Medium [331]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.6 | 14 | MS Office product | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00048, EPSS Percentile is 0.14908 |
54. Information Disclosure - Windows Hyper-V (CVE-2025-60706) - Medium [331]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00039, EPSS Percentile is 0.11373 |
55. Elevation of Privilege - Configuration Manager (CVE-2025-47179) - Medium [330]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Configuration Manager | |
| 0.7 | 10 | CVSS Base Score is 6.7. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00048, EPSS Percentile is 0.14749 |
56. Elevation of Privilege - Microsoft Wireless Provisioning System (CVE-2025-62218) - Medium [330]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Wireless Provisioning System | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00036, EPSS Percentile is 0.10337 |
57. Elevation of Privilege - Microsoft Wireless Provisioning System (CVE-2025-62219) - Medium [330]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Wireless Provisioning System | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00036, EPSS Percentile is 0.10337 |
58. Security Feature Bypass - GitHub Copilot and Visual Studio Code (CVE-2025-62453) - Medium [327]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.5 | 14 | GitHub Copilot and Visual Studio Code | |
| 0.5 | 10 | CVSS Base Score is 5.0. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00052, EPSS Percentile is 0.16052 |
59. Elevation of Privilege - Microsoft OneDrive for Android (CVE-2025-60722) - Medium [325]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.4 | 14 | Microsoft OneDrive for Android | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00057, EPSS Percentile is 0.17867 |
60. Remote Code Execution - Visual Studio (CVE-2025-62214) - Medium [323]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.3 | 14 | Integrated development environment | |
| 0.7 | 10 | CVSS Base Score is 6.7. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.13801 |
Qualys: CVE-2025-62214: Visual Studio Remote Code Execution Vulnerability A command injection vulnerability in Visual Studio may allow an authenticated attacker to execute code locally.
Rapid7: Some attacks are straightforward, with only a single step needed to reach the finish line. Others, like Visual Studio critical RCE CVE-2025-62214, require that the attacker execute a complex chain of events. In this case, exploitation demands multi-stage abuse of recent advances in Visual Studio AI development capabilities, including prompt injection, Agent interaction, and triggering a build. The advisory doesn’t describe the context of code execution. If the prize is simply code execution on an asset in the context of the user, there’s no obvious advancement for the attacker, since exploitation already requires code execution on the asset by the attacker or the targeted user. The brief description of the attack chain does mention that the attacker would need to trigger a build. On that basis, possible outcomes might include execution in an elevated context, or compromised build artifacts, although the advisory does not provide enough information to be certain either way.
Rapid7: 2025-11-11: clarified the description of CVE-2025-62214.
61. Information Disclosure - Microsoft Excel (CVE-2025-60728) - Medium [319]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.6 | 14 | MS Office product | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00055, EPSS Percentile is 0.17133 |
62. Denial of Service - Storvsp.sys Driver (CVE-2025-60708) - Medium [303]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | Storvsp.sys Driver | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00039, EPSS Percentile is 0.1137 |
63. 
Spoofing - Dynamics 365 Field Service (online) (CVE-2025-62210) - Medium [285]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Dynamics 365 Field Service (online) | |
| 0.9 | 10 | CVSS Base Score is 8.7. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00049, EPSS Percentile is 0.15045 |
64. Denial of Service - Libarchive (CVE-2025-60753) - Medium [279]
Description: An issue was discovered in
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | Multi-format archive and compression library | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
| 0.0 | 10 | EPSS Probability is 0.00019, EPSS Percentile is 0.0365 |
65. Spoofing - Dynamics 365 Field Service (online) (CVE-2025-62211) - Medium [273]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Dynamics 365 Field Service (online) | |
| 0.9 | 10 | CVSS Base Score is 8.7. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00047, EPSS Percentile is 0.14464 |
Elevation of Privilege (1)Qualys: CVE-2025-62215: Windows Kernel Elevation of Privilege Vulnerability Successful exploitation of the vulnerability may allow an authenticated attacker to gain SYSTEM privileges. An attacker must win a race condition to exploit the vulnerability.
Tenable: Microsoft’s November 2025 Patch Tuesday Addresses 63 CVEs (CVE-2025-62215)
Tenable: CVE-2025-62215 | Windows Kernel Elevation of Privilege Vulnerability
Tenable: CVE-2025-62215 is an EoP vulnerability in the Windows Kernel. It was assigned a CVSSv3 score of 7.0 and rated important. A local, authenticated attacker could exploit this vulnerability by winning a race condition in order to gain SYSTEM privileges. According to Microsoft, this vulnerability was exploited in the wild as a zero-day.
Tenable: Including CVE-2025-62215, there have been 11 EoP vulnerabilities patched in the Windows Kernel in 2025, with five of these included in the October 2025 Patch Tuesday release.
ZDI: CVE-2025-62215 - Windows Kernel Elevation of Privilege Vulnerability. This is the bug currently under exploit, but Microsoft offers no indication of the extent of the exploitation. It’s also interesting to note there’s a race condition here, and it shows that some race conditions are more reliable than others. Bugs like these are often paired with a code execution bug by malware to completely take over a system. If you must prioritize, this should be at the top of your list.
Remote Code Execution (16)Qualys: CVE-2025-60724: GDI+ Remote Code Execution Vulnerability A heap-based buffer overflow flaw in the Microsoft Graphics Component may allow an unauthenticated attacker to execute code over a network. An attacker could exploit this vulnerability by convincing a user to download and open a document containing a specially crafted metafile.
Tenable: CVE-2025-60724 | GDI+ Remote Code Execution Vulnerability
Tenable: CVE-2025-60724 is a RCE vulnerability affecting the Windows Graphics Device Interface (GDI). It was assigned a CVSSv3 score of 9.8, rated as critical and assessed as “Exploitation Less Likely.” A remote attacker could exploit this flaw by convincing a victim to download and open a crafted file which could exploit a heap-based buffer overflow in order to execute arbitrary code.
Rapid7: Faced with a fresh stack of Patch Tuesday vulns, there are a few different ways to prioritize our analysis. Do we start with vulns exploited in the wild? Pre-authentication RCEs? The vuln with the highest CVSS base score? The vuln which is likely to affect just about every asset running Microsoft software? Any of these are sensible avenues of approach, and today, all roads lead to CVE-2025-60724. As the advisory notes, in the worst-case scenario, an attacker could exploit this vulnerability by uploading a malicious document to a vulnerable web service. The advisory doesn’t spell out the context of code execution, but if all the stars align for the attacker, the prize could be remote code execution as SYSTEM via the network without any need for an existing foothold. While this vuln almost certainly isn’t wormable, it’s clearly very serious and is surely a top priority for just about anyone considering how to approach this month’s patches.
Rapid7: The weakness underlying CVE-2025-60724 is CWE-122: Heap-based buffer overflow, a concept which celebrated its 50th birthday several years ago. As the authors of the original 1972 paper noted: “If the code makes use of an internal buffer, there is a possibility that a user could input enough data to overwrite other portions of the program's private storage.” Regarding computer security in general, they opined that “this problem is neither hopeless nor solved. It is, however, perfectly clear [...] that solutions to the problem will not occur spontaneously, nor will they come from the various well-intentioned attempts to provide security as an add-on to existing systems.”. Office: critical ACE
Qualys: CVE-2025-62199: Microsoft Office Remote Code Execution Vulnerability A use-after-free vulnerability in Microsoft Office may allow an unauthenticated attacker to execute code locally. For successful exploitation of the vulnerability, an attacker must send the user a malicious file and convince them to open it.
Tenable: CVE-2025-62199 | Microsoft Office Remote Code Execution Vulnerability
Tenable: CVE-2025-62199 is a RCE vulnerability in Microsoft Office. It was assigned a CVSSv3 score of 7.8, rated critical and assessed as “Exploitation Less Likely” according to Microsoft’s Exploitability Index. An attacker could exploit this flaw through social engineering by sending the malicious Microsoft Office document file to an intended target. Successful exploitation would grant code execution privileges to the attacker.
Tenable: Microsoft patched two additional Microsoft Office RCEs this month. CVE-2025-62205 and CVE-2025-62216 both were assigned CVSSv3 scores of 7.8 and rated as important. CVE-2025-62205 was assessed as “Exploitation Less Likely” while CVE-2025-62216 was assessed as “Exploitation Unlikely.” In contrast to CVE-2025-62199, the preview pane is not an attack vector for these two vulnerabilities.
Rapid7: Once again, we find ourselves wondering: “when is remote code execution really remote?” CVE-2025-62199 describes a critical RCE vulnerability in Microsoft Office, where exploitation relies on the user downloading and opening a malicious file. The attacker is remote, and that’s enough to satisfy the definition, even if the action is taken on the local system by the unwitting user. Anyone hoping that the Preview Pane is not a vector will be sadly disappointed, and this certainly increases the probability of real-world exploitation, since there’s no need for the attacker to craft a way around those pesky warnings about enabling dangerous content. Just scrolling through a list of emails in Outlook could be enough.
ZDI: CVE-2025-62199 - Microsoft Office Remote Code Execution Vulnerability. Another month – another Office bug where the Preview Pane is an attack vector. Interestingly, Microsoft notes user interaction is required despite the Preview Pane, so it’s not clear how this would be exploited. Maybe if a user previews an attachment? Still, at this point, it’s time to consider disabling the Preview Pane in Office until Microsoft clears these bugs up.
ZDI: CVE-2025-62222 - Agentic AI and Visual Studio Code Remote Code Execution Vulnerability. While there have been a few bugs impacting CoPilot, this is the first bug specifically calling out Agentic AI with a code execution bug. Based on the description, exploitation of this vulnerability would not be trivial. However, with a little bit of social engineering, it could allow remote attackers to execute their code on a target GitHub repository. There are several bugs impacting CoPilot receiving patches this month, but this one stands out above the others. If you’re using Agentic AI, pay attention here, or you could find yourself dealing with something more than just AI hallucinations.
Qualys: CVE-2025-62214: Visual Studio Remote Code Execution Vulnerability A command injection vulnerability in Visual Studio may allow an authenticated attacker to execute code locally.
Rapid7: Some attacks are straightforward, with only a single step needed to reach the finish line. Others, like Visual Studio critical RCE CVE-2025-62214, require that the attacker execute a complex chain of events. In this case, exploitation demands multi-stage abuse of recent advances in Visual Studio AI development capabilities, including prompt injection, Agent interaction, and triggering a build. The advisory doesn’t describe the context of code execution. If the prize is simply code execution on an asset in the context of the user, there’s no obvious advancement for the attacker, since exploitation already requires code execution on the asset by the attacker or the targeted user. The brief description of the attack chain does mention that the attacker would need to trigger a build. On that basis, possible outcomes might include execution in an elevated context, or compromised build artifacts, although the advisory does not provide enough information to be certain either way.
Rapid7: 2025-11-11: clarified the description of CVE-2025-62214.
Elevation of Privilege (28)Qualys: Other Microsoft Vulnerability Highlights CVE-2025-59512 is an elevation of privilege vulnerability in the Customer Experience Improvement Program (CEIP). An improper access control flaw may allow an authenticated attacker to gain SYSTEM privileges. CVE-2025-60705 is an elevation of privilege vulnerability in the Windows Client-Side Caching. An improper access control flaw may allow an authenticated attacker to gain administrator privileges. CVE-2025-60719 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2025-62217 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2025-62213 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-59512 is an elevation of privilege vulnerability in the Customer Experience Improvement Program (CEIP). An improper access control flaw may allow an authenticated attacker to gain SYSTEM privileges. CVE-2025-60705 is an elevation of privilege vulnerability in the Windows Client-Side Caching. An improper access control flaw may allow an authenticated attacker to gain administrator privileges. CVE-2025-60719 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2025-62217 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2025-62213 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Tenable: CVE-2025-60719, CVE-2025-62213, and CVE-2025-62217 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Tenable: CVE-2025-60719, CVE-2025-62213 and CVE-2025-62217 are EoP vulnerabilities affecting the Ancillary Function Driver for WinSock for Microsoft Windows. All three were assigned CVSSv3 scores of 7.0, were rated as important and assessed as “Exploitation More Likely.” A local, authenticated attacker could exploit these vulnerabilities to elevate to SYSTEM level privileges.
ZDI: CVE-2025-60709 - Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability. While this bug is not under active attack and simply leads to executing code as SYSTEM, I highlight this bug as CLFS has been exploited multiple times over the last few years. I will admit that I may have some recency bias with this as I just saw a presentation at the Countermeasure conference in Ottawa discussing CLFS exploitation. Still, the presentation showed how CLFS has been recently abused by threat actors.
Qualys: CVE-2025-60716: DirectX Graphics Kernel Elevation of Privilege Vulnerability A use-after-free vulnerability in Windows DirectX may allow an authenticated attacker to elevate their local privileges. An attacker must win a race condition to exploit the vulnerability. Upon successful exploitation, an attacker could gain SYSTEM privileges.
Rapid7: SQL Server admins should take note of CVE-2025-59499, which describes an elevation of privilege (EoP) vulnerability. Although some level existing privileges are required, successful exploitation will permit an attacker to run arbitrary Transact-SQL (T-SQL) commands. T-SQL is the language which SQL Server databases and clients use to communicate with one another. Although the default configuration for SQL Server disables the xp_cmdshell functionality which allows direct callouts to the underlying OS, there’s more than one way to shine a penny, and the only safe assumption here is that exploitation will lead to code execution in the context of SQL Server itself. Patches are available for all supported versions of SQL Server.
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-59512 is an elevation of privilege vulnerability in the Customer Experience Improvement Program (CEIP). An improper access control flaw may allow an authenticated attacker to gain SYSTEM privileges. CVE-2025-60705 is an elevation of privilege vulnerability in the Windows Client-Side Caching. An improper access control flaw may allow an authenticated attacker to gain administrator privileges. CVE-2025-60719 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2025-62217 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2025-62213 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Information Disclosure (11)Qualys: CVE-2025-30398: Nuance PowerScribe 360 Information Disclosure Vulnerability Missing authorization in Nuance PowerScribe may allow an unauthenticated attacker to disclose information over a network. An unauthenticated attacker could exploit this vulnerability by making an API call to a specific endpoint. The attacker could then use the data to gain access to sensitive information on the server.
Denial of Service (5)Security Feature Bypass (2)Spoofing (2)