Report Name: Microsoft Patch Tuesday, October 2025
Generated: 2025-10-15 00:12:50

Vulristics Vulnerability Scores

All vulnerabilities: 213
Urgent: 0
Critical: 4
High: 14
Medium: 186
Low: 9

Basic Vulnerability Scores

All vulnerabilities: 213
Critical: 7
High: 137
Medium: 52
Low: 0

Products

Product Name Prevalence U C H M L A Comment

Windows Kernel 0.9 10 10 Windows Kernel

Windows NTLM 0.9 3 3 A suite of security protocols to authenticate users' identity and protect the integrity and confidentiality of their activity

Windows SMB Client 0.9 1 1 Windows component

ASP.NET 0.8 1 1 An open-source, server-side web-application framework designed for web development

Chromium 0.8 1 2 14 6 23 Chromium is a free and open-source web browser project, mainly developed and maintained by Google

Desktop Windows Manager 0.8 1 1 Windows component

DirectX Graphics Kernel 0.8 2 2 DirectX Graphics Kernel

Microsoft DWM Core Library 0.8 2 2 Windows component

Microsoft Edge 0.8 1 1 Web browser

Microsoft Exchange 0.8 3 3 Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft

Microsoft Office 0.8 2 1 3 Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer

Microsoft PowerShell 0.8 1 1 PowerShell or Microsoft PowerShell (formerly Windows PowerShell) is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language

Microsoft Windows File Explorer 0.8 2 2 Windows component

Windows Active Directory Federation Services (ADFS) 0.8 1 1 Windows component

Windows Agere Modem Driver 0.8 1 1 2 Windows component

Windows Ancillary Function Driver for WinSock 0.8 2 2 Windows component

Windows Authentication 0.8 4 4 Windows component

Windows BitLocker 0.8 6 6 Windows component

Windows Bluetooth Service 0.8 4 4 Windows component

Windows COM+ Event System Service 0.8 1 1 Windows component

Windows Cloud Files Mini Filter Driver 0.8 2 2 Windows component

Windows Connected Devices Platform Service 0.8 3 3 Windows component

Windows Connected Devices Platform Service (Cdpsvc) 0.8 1 1 Windows component

Windows Cryptographic Services 0.8 1 1 Windows component

Windows DWM Core Library 0.8 1 1 Windows component

Windows Device Association Broker Service 0.8 2 2 Windows component

Windows Digital Media 0.8 2 2 Windows component

Windows ETL Channel 0.8 1 1 Windows component

Windows Error Reporting Service 0.8 2 2 Windows component

Windows Graphics Component 0.8 4 4 Windows component

Windows Health and Optimized Experiences 0.8 1 1 Windows component

Windows Hello 0.8 1 1 Windows component

Windows Local Session Manager (LSM) 0.8 3 3 Windows component

Windows Management Services 0.8 2 2 Windows component

Windows MapUrlToZone 0.8 1 1 Windows component

Windows NTFS 0.8 1 1 The default file system of the Windows NT family

Windows Network Driver Interface Specification Driver 0.8 1 1 Windows component

Windows PrintWorkflowUserSvc 0.8 8 8 Windows component

Windows Push Notification 0.8 2 2 Windows component

Windows Remote Access Connection Manager 0.8 1 1 Windows component

Windows Remote Desktop 0.8 1 1 Windows component

Windows Remote Desktop Client 0.8 1 1 Remote Desktop Protocol Client

Windows Remote Desktop Protocol 0.8 1 1 Windows component

Windows Remote Desktop Services 0.8 1 1 Remote Desktop Services, known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection

Windows Resilient File System (ReFS) 0.8 1 1 Windows component

Windows Resilient File System (ReFS) Deduplication Service 0.8 2 2 Windows component

Windows Routing and Remote Access Service (RRAS) 0.8 2 2 Windows component

Windows SMB Server 0.8 1 1 Windows component

Windows Search Service 0.8 3 3 Windows component

Windows Server Update Service (WSUS) 0.8 1 1 Windows component

Windows Simple Search and Discovery Protocol (SSDP) Service 0.8 1 1 Windows component

Windows Speech Runtime 0.8 2 2 Windows component

Windows State Repository API Server File 0.8 1 1 Windows component

Windows Storage Management Provider 0.8 1 1 Windows component

Windows Taskbar Live Preview 0.8 1 1 Windows component

Windows URL Parsing 0.8 1 1 Windows component

Windows USB Video Class System Driver 0.8 1 1 Windows component

Windows Virtualization-Based Security (VBS) Enclave 0.8 1 1 Windows component

Windows WLAN AutoConfig Service 0.8 1 1 Windows сomponent

.NET 0.7 1 1 .NET

Microsoft SharePoint 0.7 2 2 Microsoft SharePoint

Storage Spaces Direct 0.7 1 1 Storage Spaces Direct is a feature of Azure Stack HCI and Windows Server that enables you to cluster servers with internal storage into a software-defined storage solution

Microsoft Excel 0.6 9 9 MS Office product

Microsoft Office Visio 0.6 1 1 Microsoft Visio

Microsoft PowerPoint 0.6 1 1 Microsoft PowerPoint

Microsoft Word 0.6 2 2 Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product.

Windows Hyper-V 0.6 1 1 Hardware virtualization component of the client editions of Windows NT

.NET, .NET Framework, and Visual Studio 0.5 1 1 .NET, .NET Framework, and Visual Studio

Agentic AI and Visual Studio Code 0.5 1 1 Agentic AI and Visual Studio Code

Arc Enabled Servers - Azure Connected Machine Agent 0.5 1 1 Arc Enabled Servers - Azure Connected Machine Agent

Azure Compute Gallery 0.5 1 1 Azure Compute Gallery

Azure Connected Machine Agent 0.5 1 1 Azure Connected Machine Agent

Azure Entra ID 0.5 2 2 Azure Entra ID

Azure Local 0.5 1 1 Azure Local

Azure Monitor Agent 0.5 2 2 Azure Monitor Agent

Azure Monitor Log Analytics 0.5 1 1 Azure Monitor Log Analytics

Azure PlayFab 0.5 1 1 Azure PlayFab

Confidential Azure Container Instances 0.5 1 1 Confidential Azure Container Instances

Configuration Manager 0.5 2 2 Configuration Manager

Copilot 0.5 2 2 Copilot

Data Sharing Service 0.5 1 1 Data Sharing Service

IGEL OS 0.5 1 1 IGEL OS

Inbox COM Objects (Global Memory) 0.5 8 8 Inbox COM Objects (Global Memory)

Internet Information Services (IIS) Inbox COM Objects (Global Memory) 0.5 1 1 Internet Information Services (IIS) Inbox COM Objects (Global Memory)

JDBC Driver for SQL Server 0.5 1 1 JDBC Driver for SQL Server

M365 Copilot 0.5 1 1 M365 Copilot

MITRE CVE-2016-9535: LibTIFF Heap 0.5 1 1 MITRE CVE-2016-9535: LibTIFF Heap

Microsoft Brokering File System 0.5 2 2 Microsoft Brokering File System

Microsoft Defender for Linux 0.5 1 1 Microsoft Defender for Linux

Microsoft Edge (Chromium-based) for Android 0.5 1 1 Microsoft Edge (Chromium-based) for Android

Microsoft Failover Cluster 0.5 2 2 Microsoft Failover Cluster

Microsoft Failover Cluster Virtual Driver 0.5 1 1 Microsoft Failover Cluster Virtual Driver

Microsoft Graphics Component 0.5 2 2 Microsoft Graphics Component

Microsoft PC Manager 0.5 1 1 Microsoft PC Manager

Network Connection Status Indicator (NCSI) 0.5 1 1 Network Connection Status Indicator (NCSI)

NtQueryInformation Token function (ntifs.h) 0.5 1 1 NtQueryInformation Token function (ntifs.h)

OmniParser 0.5 1 1 OmniParser

Playwright 0.5 1 1 Playwright

Redis Enterprise 0.5 1 1 Redis Enterprise

Remote Procedure Call 0.5 1 1 Remote Procedure Call

Software Protection Platform (SPP) 0.5 1 1 Software Protection Platform (SPP)

Storport.sys Driver 0.5 1 1 Storport.sys Driver

Unity Runtime 0.5 1 1 Unity Runtime

Virtual Secure Mode 0.5 1 1 Virtual Secure Mode

Xbox Gaming Services 0.5 1 1 Xbox Gaming Services

Xbox IStorageService 0.5 1 1 Xbox IStorageService

cursor 0.5 1 1 Product detected by a:anysphere:cursor (does NOT exist in CPE dict)

Visual Studio 0.3 1 1 Integrated development environment

Unknown Product 0 1 2 3 Unknown Product

Product Name	Prevalence	C	H	M	L	A	Comment
Windows Kernel	0.9			10		10	Windows Kernel
Windows NTLM	0.9			3		3	A suite of security protocols to authenticate users' identity and protect the integrity and confidentiality of their activity
Windows SMB Client	0.9			1		1	Windows component
ASP.NET	0.8		1			1	An open-source, server-side web-application framework designed for web development
Chromium	0.8	1	2	14	6	23	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
Desktop Windows Manager	0.8			1		1	Windows component
DirectX Graphics Kernel	0.8			2		2	DirectX Graphics Kernel
Microsoft DWM Core Library	0.8			2		2	Windows component
Microsoft Edge	0.8		1			1	Web browser
Microsoft Exchange	0.8			3		3	Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft
Microsoft Office	0.8		2	1		3	Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer
Microsoft PowerShell	0.8			1		1	PowerShell or Microsoft PowerShell (formerly Windows PowerShell) is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language
Microsoft Windows File Explorer	0.8			2		2	Windows component
Windows Active Directory Federation Services (ADFS)	0.8			1		1	Windows component
Windows Agere Modem Driver	0.8	1	1			2	Windows component
Windows Ancillary Function Driver for WinSock	0.8			2		2	Windows component
Windows Authentication	0.8			4		4	Windows component
Windows BitLocker	0.8			6		6	Windows component
Windows Bluetooth Service	0.8			4		4	Windows component
Windows COM+ Event System Service	0.8			1		1	Windows component
Windows Cloud Files Mini Filter Driver	0.8			2		2	Windows component
Windows Connected Devices Platform Service	0.8			3		3	Windows component
Windows Connected Devices Platform Service (Cdpsvc)	0.8		1			1	Windows component
Windows Cryptographic Services	0.8			1		1	Windows component
Windows DWM Core Library	0.8			1		1	Windows component
Windows Device Association Broker Service	0.8			2		2	Windows component
Windows Digital Media	0.8			2		2	Windows component
Windows ETL Channel	0.8			1		1	Windows component
Windows Error Reporting Service	0.8			2		2	Windows component
Windows Graphics Component	0.8			4		4	Windows component
Windows Health and Optimized Experiences	0.8			1		1	Windows component
Windows Hello	0.8			1		1	Windows component
Windows Local Session Manager (LSM)	0.8			3		3	Windows component
Windows Management Services	0.8			2		2	Windows component
Windows MapUrlToZone	0.8			1		1	Windows component
Windows NTFS	0.8			1		1	The default file system of the Windows NT family
Windows Network Driver Interface Specification Driver	0.8			1		1	Windows component
Windows PrintWorkflowUserSvc	0.8			8		8	Windows component
Windows Push Notification	0.8			2		2	Windows component
Windows Remote Access Connection Manager	0.8	1				1	Windows component
Windows Remote Desktop	0.8			1		1	Windows component
Windows Remote Desktop Client	0.8		1			1	Remote Desktop Protocol Client
Windows Remote Desktop Protocol	0.8			1		1	Windows component
Windows Remote Desktop Services	0.8			1		1	Remote Desktop Services, known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection
Windows Resilient File System (ReFS)	0.8			1		1	Windows component
Windows Resilient File System (ReFS) Deduplication Service	0.8			2		2	Windows component
Windows Routing and Remote Access Service (RRAS)	0.8			2		2	Windows component
Windows SMB Server	0.8			1		1	Windows component
Windows Search Service	0.8			3		3	Windows component
Windows Server Update Service (WSUS)	0.8		1			1	Windows component
Windows Simple Search and Discovery Protocol (SSDP) Service	0.8			1		1	Windows component
Windows Speech Runtime	0.8			2		2	Windows component
Windows State Repository API Server File	0.8			1		1	Windows component
Windows Storage Management Provider	0.8			1		1	Windows component
Windows Taskbar Live Preview	0.8			1		1	Windows component
Windows URL Parsing	0.8		1			1	Windows component
Windows USB Video Class System Driver	0.8			1		1	Windows component
Windows Virtualization-Based Security (VBS) Enclave	0.8			1		1	Windows component
Windows WLAN AutoConfig Service	0.8			1		1	Windows сomponent
.NET	0.7			1		1	.NET
Microsoft SharePoint	0.7		2			2	Microsoft SharePoint
Storage Spaces Direct	0.7			1		1	Storage Spaces Direct is a feature of Azure Stack HCI and Windows Server that enables you to cluster servers with internal storage into a software-defined storage solution
Microsoft Excel	0.6			9		9	MS Office product
Microsoft Office Visio	0.6			1		1	Microsoft Visio
Microsoft PowerPoint	0.6			1		1	Microsoft PowerPoint
Microsoft Word	0.6			2		2	Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product.
Windows Hyper-V	0.6			1		1	Hardware virtualization component of the client editions of Windows NT
.NET, .NET Framework, and Visual Studio	0.5			1		1	.NET, .NET Framework, and Visual Studio
Agentic AI and Visual Studio Code	0.5			1		1	Agentic AI and Visual Studio Code
Arc Enabled Servers - Azure Connected Machine Agent	0.5			1		1	Arc Enabled Servers - Azure Connected Machine Agent
Azure Compute Gallery	0.5			1		1	Azure Compute Gallery
Azure Connected Machine Agent	0.5			1		1	Azure Connected Machine Agent
Azure Entra ID	0.5			2		2	Azure Entra ID
Azure Local	0.5			1		1	Azure Local
Azure Monitor Agent	0.5			2		2	Azure Monitor Agent
Azure Monitor Log Analytics	0.5			1		1	Azure Monitor Log Analytics
Azure PlayFab	0.5			1		1	Azure PlayFab
Confidential Azure Container Instances	0.5			1		1	Confidential Azure Container Instances
Configuration Manager	0.5			2		2	Configuration Manager
Copilot	0.5			2		2	Copilot
Data Sharing Service	0.5			1		1	Data Sharing Service
IGEL OS	0.5	1				1	IGEL OS
Inbox COM Objects (Global Memory)	0.5			8		8	Inbox COM Objects (Global Memory)
Internet Information Services (IIS) Inbox COM Objects (Global Memory)	0.5			1		1	Internet Information Services (IIS) Inbox COM Objects (Global Memory)
JDBC Driver for SQL Server	0.5			1		1	JDBC Driver for SQL Server
M365 Copilot	0.5			1		1	M365 Copilot
MITRE CVE-2016-9535: LibTIFF Heap	0.5			1		1	MITRE CVE-2016-9535: LibTIFF Heap
Microsoft Brokering File System	0.5			2		2	Microsoft Brokering File System
Microsoft Defender for Linux	0.5			1		1	Microsoft Defender for Linux
Microsoft Edge (Chromium-based) for Android	0.5			1		1	Microsoft Edge (Chromium-based) for Android
Microsoft Failover Cluster	0.5			2		2	Microsoft Failover Cluster
Microsoft Failover Cluster Virtual Driver	0.5			1		1	Microsoft Failover Cluster Virtual Driver
Microsoft Graphics Component	0.5			2		2	Microsoft Graphics Component
Microsoft PC Manager	0.5			1		1	Microsoft PC Manager
Network Connection Status Indicator (NCSI)	0.5			1		1	Network Connection Status Indicator (NCSI)
NtQueryInformation Token function (ntifs.h)	0.5			1		1	NtQueryInformation Token function (ntifs.h)
OmniParser	0.5			1		1	OmniParser
Playwright	0.5			1		1	Playwright
Redis Enterprise	0.5			1		1	Redis Enterprise
Remote Procedure Call	0.5			1		1	Remote Procedure Call
Software Protection Platform (SPP)	0.5			1		1	Software Protection Platform (SPP)
Storport.sys Driver	0.5			1		1	Storport.sys Driver
Unity Runtime	0.5		1			1	Unity Runtime
Virtual Secure Mode	0.5			1		1	Virtual Secure Mode
Xbox Gaming Services	0.5			1		1	Xbox Gaming Services
Xbox IStorageService	0.5			1		1	Xbox IStorageService
cursor	0.5				1	1	Product detected by a:anysphere:cursor (does NOT exist in CPE dict)
Visual Studio	0.3			1		1	Integrated development environment
Unknown Product	0			1	2	3	Unknown Product

Vulnerability Types

Vulnerability Type Criticality U C H M L A

Remote Code Execution 1.0 10 23 33

Authentication Bypass 0.98 1 2 3

Security Feature Bypass 0.9 1 2 9 12

Elevation of Privilege 0.85 2 1 84 87

Information Disclosure 0.83 28 28

Denial of Service 0.7 11 11

Incorrect Calculation 0.5 2 1 3

Memory Corruption 0.5 1 11 1 13

Spoofing 0.4 15 15

Tampering 0.3 1 1

Unknown Vulnerability Type 0 7 7

Vulnerability Type	Criticality	C	H	M	L	A
Remote Code Execution	1.0		10	23		33
Authentication Bypass	0.98		1	2		3
Security Feature Bypass	0.9	1	2	9		12
Elevation of Privilege	0.85	2	1	84		87
Information Disclosure	0.83			28		28
Denial of Service	0.7			11		11
Incorrect Calculation	0.5			2	1	3
Memory Corruption	0.5	1		11	1	13
Spoofing	0.4			15		15
Tampering	0.3			1		1
Unknown Vulnerability Type	0				7	7

Comments

Source U C H M L A

MS PT Extended 1 4 30 6 41

Qualys 3 4 18 1 26

Tenable 2 4 1 7

Rapid7

ZDI 3 1 4

Source	C	H	M	L	A
MS PT Extended	1	4	30	6	41
Qualys	3	4	18	1	26
Tenable	2	4	1		7
Rapid7
ZDI	3	1			4

Vulnerabilities

Urgent (0)

Critical (4)

1. Security Feature Bypass - IGEL OS (CVE-2025-47827) - Critical [720]

Description: In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.

Component	Value	Weight	Comment
Exploited in the Wild	1.0	18	Exploitation in the wild is mentioned on Microsoft website
Exploit Exists	1.0	17	The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:ZEDELDI:CVE-2025-47827 website
Criticality of Vulnerability Type	0.9	15	Security Feature Bypass
Vulnerable Product is Common	0.5	14	IGEL OS
CVSS Base Score	0.5	10	CVSS Base Score is 4.6. According to Microsoft data source
EPSS Percentile	0.0	10	EPSS Probability is 6e-05, EPSS Percentile is 0.00244

Qualys: CVE-2025-47827: MITRE CVE-2025-47827: Secure Boot bypass in IGEL OS before 11 Microsoft describes, “In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. A crafted root filesystem can be mounted from an unverified SquashFS image.”

ZDI: CVE-2025-47827 - MITRE CVE-2025-47827: Secure Boot bypass in IGEL OS before 11. This one is a bit of an odd duck, but I’m fascinated by it. IGEL is a Linux-based OS designed to be app centric and modular. According to the vendor, apps can be delivered irrespective of the underlying OS. If anything, that makes this even more intriguing. Somehow, an attacker was able to get physical access to a device in this configuration and bypass the secure boot feature to gain access. Marvelous. I would suspect this to be an extremely targeted attack, but this impacts all supported versions of Windows, so don’t sleep on the patch.

2. Elevation of Privilege - Windows Agere Modem Driver (CVE-2025-24990) - Critical [716]

Description: Windows Agere Modem Driver Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	1.0	18	Exploitation in the wild is mentioned on Microsoft website
Exploit Exists	0.6	17	The existence of a private exploit is mentioned on Microsoft:PrivateExploit:Functional website
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

Qualys: CVE-2025-24990: Windows Agere Modem Driver Elevation of Privilege Vulnerability The Windows Agere Modem Driver is a software component that allows a computer to communicate with an Agere (or LSI) modem, often a dial-up or fax modem integrated into older computers. The vulnerability exists in the third-party Agere Modem driver that ships natively with supported Windows operating systems. The driver has been removed in the October cumulative update. Successful exploitation of the vulnerability may allow an attacker to gain administrator privileges. CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch it before November 4, 2025.

Tenable: Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230)

Tenable: CVE-2025-24052 and CVE-2025-24990 | Windows Agere Modem Driver Elevation of Privilege Vulnerabilities

Tenable: CVE-2025-24052 and CVE-2025-24990 are EoP vulnerabilities in the third party Agere Modem driver. Both CVEs were assigned CVSSv3 scores of 7.8 and rated as important. Microsoft reports that CVE-2025-24990 has been exploited in the wild and CVE-2025-24052 was disclosed prior to a patch being made available. Successful exploitation would allow an attacker to gain administrator privileges on an affected system.

ZDI: CVE-2025-24990 - Windows Agere Modem Driver Elevation of Privilege Vulnerability. This bug allows attackers to elevate to administrative privileges on systems where the Agere modem drivers are installed. The problem is that these drivers ship natively on supported Windows versions. Since these are legacy drivers, the solution is to remove the offending files. Microsoft gives no indication of how widespread these attacks are, but considering the vulnerable files are on all Windows systems, you should treat this as a broad attack and update quickly.

3. Elevation of Privilege - Windows Remote Access Connection Manager (CVE-2025-59230) - Critical [716]

Description: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	1.0	18	Exploitation in the wild is mentioned on Microsoft website
Exploit Exists	0.6	17	The existence of a private exploit is mentioned on Microsoft:PrivateExploit:Functional website
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

Qualys: CVE-2025-59230: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager (RASMan) is a core Windows service that manages dial-up and Virtual Private Network (VPN) connections, allowing your computer to connect to remote networks securely. An improper access control flaw in Windows Remote Access Connection Manager may allow an authenticated attacker to elevate privileges locally. Upon successful exploitation of the vulnerability, an attacker could gain SYSTEM privileges. CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch it before November 4, 2025.

Tenable: Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230)

Tenable: CVE-2025-59230 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Tenable: CVE-2025-59230 is an EoP vulnerability affecting Windows Remote Access Connection Manager. According to Microsoft, this vulnerability has been exploited in the wild. It was assigned a CVSSv3 score of 7.8 and is rated as important. Exploitation of this vulnerability involves improper access control in Windows Remote Access Connection Manager and could allow a local attacker to gain SYSTEM privileges.

Tenable: Including CVE-2025-59230, there have been 22 reported and patched vulnerabilities for the Windows Remote Access Connection Manager service (RasMan) since January 2022. CVE-2025-59230 is the first reported RasMan CVE to be exploited as a zero-day.

ZDI: CVE-2025-59230 - Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. This privilege escalation bug allows threat actors to execute their code as SYSTEM on an affected target. These types of bugs are often paired with a code execution bug to completely take over a system. Again, there’s no indication on how widespread these attacks may be, so test and deploy these patches rapidly – especially since all versions of Windows are impacted.

4. Memory Corruption - Chromium (CVE-2025-10585) - Critical [651]

Description: Chromium: CVE-2025-10585 Type Confusion in V8

Component	Value	Weight	Comment
Exploited in the Wild	1.0	18	Exploitation in the wild is mentioned on Vulners (CISA object, cisa_kev object), AttackerKB, NVD:CISAKEV websites
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.5	15	Memory Corruption
Vulnerable Product is Common	0.8	14	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score	1.0	10	CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile	0.8	10	EPSS Probability is 0.01277, EPSS Percentile is 0.78809

MS PT Extended: CVE-2025-10585 was published before October 2025 Patch Tuesday from 2025-09-10 to 2025-10-13

High (14)

5. Remote Code Execution - Unity Runtime (CVE-2025-59489) - High [571]

Description: Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an adversary may be able to execute code on, and exfiltrate confidential information from, the machine on which that application is running. NOTE: product status is provided for Unity Editor because that is the information available from the Supplier. However, updating Unity Editor typically does not address the effects of the vulnerability; instead, it is necessary to rebuild and redeploy all affected applications.

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	1.0	17	The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:GITHUBKILLSMYOPSEC:CVE-2025-59489-POC, Vulners:PublicExploit:GitHub:ADRIIANFDZ:EXPLOIT-CVE-2025-59489, Vulners:PublicExploit:GitHub:TAPTAP:CVE-2025-59489 websites
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.5	14	Unity Runtime
CVSS Base Score	0.8	10	CVSS Base Score is 8.4. According to Microsoft data source
EPSS Percentile	0.1	10	EPSS Probability is 0.00027, EPSS Percentile is 0.06146

MS PT Extended: CVE-2025-59489 was published before October 2025 Patch Tuesday from 2025-09-10 to 2025-10-13

6. Elevation of Privilege - Windows Agere Modem Driver (CVE-2025-24052) - High [461]

Description: Windows Agere Modem Driver Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0.4	17	The existence of a private exploit is mentioned on Microsoft:PrivateExploit:PoC website
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

Qualys: CVE-2025-24052: Windows Agere Modem Driver Elevation of Privilege Vulnerability The vulnerability exists in the third-party Agere Modem driver that ships natively with supported Windows operating systems. The driver has been removed in the October cumulative update. Successful exploitation of the vulnerability may allow an attacker to gain administrator privileges.

Tenable: CVE-2025-24052 and CVE-2025-24990 | Windows Agere Modem Driver Elevation of Privilege Vulnerabilities

Tenable: CVE-2025-24052 and CVE-2025-24990 are EoP vulnerabilities in the third party Agere Modem driver. Both CVEs were assigned CVSSv3 scores of 7.8 and rated as important. Microsoft reports that CVE-2025-24990 has been exploited in the wild and CVE-2025-24052 was disclosed prior to a patch being made available. Successful exploitation would allow an attacker to gain administrator privileges on an affected system.

7. Remote Code Execution - Microsoft Edge (CVE-2025-59251) - High [430]

Description: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.8	14	Web browser
CVSS Base Score	0.8	10	CVSS Base Score is 7.6. According to Microsoft data source
EPSS Percentile	0.2	10	EPSS Probability is 0.00062, EPSS Percentile is 0.19595

MS PT Extended: CVE-2025-59251 was published before October 2025 Patch Tuesday from 2025-09-10 to 2025-10-13

8. Remote Code Execution - Windows Server Update Service (WSUS) (CVE-2025-59287) - High [430]

Description: Windows Server Update Service (WSUS) Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	1.0	10	CVSS Base Score is 9.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

Qualys: CVE-2025-59287: Windows Server Update Service (WSUS) Remote Code Execution Vulnerability Windows Server Update Service (WSUS) is a feature of Windows Server that allows IT administrators to manage the download and distribution of Microsoft product updates to computers on a local network. An unauthenticated attacker can execute code over a network by deserializing untrusted data in the Windows Server Update Service. A remote, unauthenticated attacker could send a crafted event that triggers unsafe object deserialization in a legacy serialization mechanism, resulting in remote code execution.

Tenable: CVE-2025-59287 | Windows Server Update Service (WSUS) Remote Code Execution Vulnerability

Tenable: CVE-2025-59287 is a RCE in the Windows Server Update Service (WSUS). It was assigned a CVSSv3 score of 9.8 and rated critical. It has been assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index. An attacker could exploit this vulnerability to gain RCE by sending a crafted event that leads to a deserialization of untrusted data.

ZDI: CVE-2025-59287 - Windows Server Update Service (WSUS) Remote Code Execution Vulnerability. This bug is not listed as being under active attack, but I suspect it will be targeted soon. This is a CVSS 9.8 bug that allows remote, unauthenticated attackers to exploit code with elevated privileges without user interaction. That means this is wormable between affected WSUS servers. Since WSUS remains a critical piece of anyone’s infrastructure, it’s an attractive target for those looking to do harm. If you use WSUS, don’t hesitate to test and deploy this update quickly.

9. Remote Code Execution - Windows Remote Desktop Client (CVE-2025-58718) - High [419]

Description: Remote Desktop Client Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.8	14	Remote Desktop Protocol Client
CVSS Base Score	0.9	10	CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

10. Remote Code Execution - Windows URL Parsing (CVE-2025-59295) - High [419]

Description: Windows URL Parsing Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.9	10	CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

11. Authentication Bypass - Chromium (CVE-2025-10201) - High [415]

Description: Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.98	15	Authentication Bypass
Vulnerable Product is Common	0.8	14	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score	0.9	10	CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile	0.0	10	EPSS Probability is 0.00017, EPSS Percentile is 0.02998

MS PT Extended: CVE-2025-10201 was published before October 2025 Patch Tuesday from 2025-09-10 to 2025-10-13

12. Security Feature Bypass - ASP.NET (CVE-2025-55315) - High [413]

Description: ASP.NET Security Feature Bypass Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.9	15	Security Feature Bypass
Vulnerable Product is Common	0.8	14	An open-source, server-side web-application framework designed for web development
CVSS Base Score	1.0	10	CVSS Base Score is 9.9. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

13. Security Feature Bypass - Chromium (CVE-2025-10890) - High [413]

Description: Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.9	15	Security Feature Bypass
Vulnerable Product is Common	0.8	14	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score	0.9	10	CVSS Base Score is 9.1. According to NVD data source
EPSS Percentile	0.1	10	EPSS Probability is 0.00037, EPSS Percentile is 0.1041

MS PT Extended: CVE-2025-10890 was published before October 2025 Patch Tuesday from 2025-09-10 to 2025-10-13

14. Remote Code Execution - Microsoft Office (CVE-2025-59227) - High [407]

Description: Microsoft Office Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.8	14	Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

Qualys: CVE-2025-59227: Microsoft Office Remote Code Execution Vulnerability A use-after-free flaw in Microsoft Office could allow an unauthenticated attacker to execute code locally.

Tenable: CVE-2025-59227, CVE-2025-59234 | Microsoft Office Remote Code Execution Vulnerability

Tenable: CVE-2025-59227 and CVE-2025-59234 are RCE vulnerabilities in Microsoft Office. Both vulnerabilities were assigned a CVSSv3 score of 7.8, rated critical and assessed as “Exploitation Less Likely.” An attacker could exploit these flaws through social engineering by sending the malicious Microsoft Office document file to an intended target. Successful exploitation would grant code execution privileges to the attacker.

15. Remote Code Execution - Microsoft Office (CVE-2025-59234) - High [407]

Description: Microsoft Office Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.8	14	Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

Qualys: CVE-2025-59234: Microsoft Office Remote Code Execution Vulnerability A use-after-free flaw in Microsoft Office could allow an unauthenticated attacker to execute code locally. An attacker must send the user a malicious file and convince the user to open it.

Tenable: CVE-2025-59227, CVE-2025-59234 | Microsoft Office Remote Code Execution Vulnerability

Tenable: CVE-2025-59227 and CVE-2025-59234 are RCE vulnerabilities in Microsoft Office. Both vulnerabilities were assigned a CVSSv3 score of 7.8, rated critical and assessed as “Exploitation Less Likely.” An attacker could exploit these flaws through social engineering by sending the malicious Microsoft Office document file to an intended target. Successful exploitation would grant code execution privileges to the attacker.

16. Remote Code Execution - Windows Connected Devices Platform Service (Cdpsvc) (CVE-2025-55326) - High [407]

Description: Windows Connected Devices Platform Service (Cdpsvc) Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.5. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

17. Remote Code Execution - Microsoft SharePoint (CVE-2025-59228) - High [402]

Description: Microsoft SharePoint Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.7	14	Microsoft SharePoint
CVSS Base Score	0.9	10	CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

18. Remote Code Execution - Microsoft SharePoint (CVE-2025-59237) - High [402]

Description: Microsoft SharePoint Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.7	14	Microsoft SharePoint
CVSS Base Score	0.9	10	CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

Medium (186)

19. Elevation of Privilege - Windows Kernel (CVE-2025-50152) - Medium [397]

Description: Windows Kernel Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.9	14	Windows Kernel
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

20. Elevation of Privilege - Windows Kernel (CVE-2025-59187) - Medium [397]

Description: Windows Kernel Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.9	14	Windows Kernel
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

21. Elevation of Privilege - Windows Kernel (CVE-2025-59207) - Medium [397]

Description: Windows Kernel Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.9	14	Windows Kernel
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

22. Remote Code Execution - Windows Remote Desktop Protocol (CVE-2025-58737) - Medium [395]

Description: Remote Desktop Protocol Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

23. Elevation of Privilege - Microsoft Exchange (CVE-2025-59249) - Medium [392]

Description: Microsoft Exchange Server Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft
CVSS Base Score	0.9	10	CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

24. Elevation of Privilege - Windows Speech Runtime (CVE-2025-58715) - Medium [392]

Description: Windows Speech Runtime Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.9	10	CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

25. Elevation of Privilege - Windows Speech Runtime (CVE-2025-58716) - Medium [392]

Description: Windows Speech Runtime Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.9	10	CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

26. Remote Code Execution - Agentic AI and Visual Studio Code (CVE-2025-55319) - Medium [392]

Description: Agentic AI and Visual Studio Code Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.5	14	Agentic AI and Visual Studio Code
CVSS Base Score	0.9	10	CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile	0.2	10	EPSS Probability is 0.0008, EPSS Percentile is 0.244

MS PT Extended: CVE-2025-55319 was published before October 2025 Patch Tuesday from 2025-09-10 to 2025-10-13

27. Authentication Bypass - Windows Remote Desktop (CVE-2025-55340) - Medium [391]

Description: Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally.

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.98	15	Authentication Bypass
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

28. Elevation of Privilege - Azure Entra ID (CVE-2025-59246) - Medium [389]

Description: Azure Entra ID Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.5	14	Azure Entra ID
CVSS Base Score	1.0	10	CVSS Base Score is 9.8. According to Microsoft data source
EPSS Percentile	0.3	10	EPSS Probability is 0.00089, EPSS Percentile is 0.26207

MS PT Extended: CVE-2025-59246 was published before October 2025 Patch Tuesday from 2025-09-10 to 2025-10-13

Qualys: CVE-2025-59246: Azure Entra ID Elevation of Privilege Vulnerability Successful exploitation of the vulnerability may allow an attacker to elevate privileges.

29. Security Feature Bypass - Windows Hello (CVE-2025-53139) - Medium [389]

Description: Windows Hello Security Feature Bypass Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.9	15	Security Feature Bypass
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.7. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

30. Elevation of Privilege - Windows Kernel (CVE-2025-55693) - Medium [385]

Description: Windows Kernel Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.9	14	Windows Kernel
CVSS Base Score	0.7	10	CVSS Base Score is 7.4. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

Qualys: Other Microsoft Vulnerability Highlights CVE-2025-48004 is an elevation of privilege vulnerability in the Microsoft Brokering File System. An attacker must win a race condition to exploit the vulnerability. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-55676 is an information disclosure vulnerability in the Windows USB Video Class System Driver. Successful exploitation of the vulnerability could allow the disclosure of certain memory addresses within kernel space. CVE-2025-55681 is an elevation of privilege vulnerability in Desktop Windows Manager. An out-of-bounds read flaw may allow an attacker to gain SYSTEM privileges. CVE-2025-58722 is an elevation of privilege vulnerability in Microsoft DWM Core Library. A heap-based buffer overflow in Windows DWM may allow an attacker to gain SYSTEM privileges. CVE-2025-59199 is an elevation of privilege vulnerability in the Software Protection Platform (SPP). The improper access control flaw may allow an unauthenticated attacker to elevate privileges locally. CVE-2025-55680 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-55692 is an elevation of privilege vulnerability in the Windows Error Reporting Service. An attacker who successfully exploited this vulnerability could gain administrator privileges. CVE-2025-55693 is an elevation of privilege vulnerability in the Windows Kernel. An attacker must win a race condition to exploit the vulnerability. An attacker who successfully exploits the vulnerability could crash the system by exploiting the use-after-free vulnerability, even as a standard user. CVE-2025-55694 is an elevation of privilege vulnerability in the Windows Error Reporting Service. An attacker who exploits this vulnerability could gain administrator privileges. CVE-2025-59194 is an elevation of privilege vulnerability in the Windows Kernel. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2025-59502 is a denial-of-service vulnerability in the Remote Procedure Call. An uncontrolled resource consumption flaw could allow an unauthenticated attacker to deny service over a network.

31. Elevation of Privilege - Windows Kernel (CVE-2025-59194) - Medium [385]

Description: Windows Kernel Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.9	14	Windows Kernel
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

Qualys: Other Microsoft Vulnerability Highlights CVE-2025-48004 is an elevation of privilege vulnerability in the Microsoft Brokering File System. An attacker must win a race condition to exploit the vulnerability. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-55676 is an information disclosure vulnerability in the Windows USB Video Class System Driver. Successful exploitation of the vulnerability could allow the disclosure of certain memory addresses within kernel space. CVE-2025-55681 is an elevation of privilege vulnerability in Desktop Windows Manager. An out-of-bounds read flaw may allow an attacker to gain SYSTEM privileges. CVE-2025-58722 is an elevation of privilege vulnerability in Microsoft DWM Core Library. A heap-based buffer overflow in Windows DWM may allow an attacker to gain SYSTEM privileges. CVE-2025-59199 is an elevation of privilege vulnerability in the Software Protection Platform (SPP). The improper access control flaw may allow an unauthenticated attacker to elevate privileges locally. CVE-2025-55680 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-55692 is an elevation of privilege vulnerability in the Windows Error Reporting Service. An attacker who successfully exploited this vulnerability could gain administrator privileges. CVE-2025-55693 is an elevation of privilege vulnerability in the Windows Kernel. An attacker must win a race condition to exploit the vulnerability. An attacker who successfully exploits the vulnerability could crash the system by exploiting the use-after-free vulnerability, even as a standard user. CVE-2025-55694 is an elevation of privilege vulnerability in the Windows Error Reporting Service. An attacker who exploits this vulnerability could gain administrator privileges. CVE-2025-59194 is an elevation of privilege vulnerability in the Windows Kernel. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2025-59502 is a denial-of-service vulnerability in the Remote Procedure Call. An uncontrolled resource consumption flaw could allow an unauthenticated attacker to deny service over a network.

32. Security Feature Bypass - Windows Kernel (CVE-2025-55334) - Medium [382]

Description: Windows Kernel Security Feature Bypass Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.9	15	Security Feature Bypass
Vulnerable Product is Common	0.9	14	Windows Kernel
CVSS Base Score	0.6	10	CVSS Base Score is 6.2. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

33. Elevation of Privilege - Microsoft DWM Core Library (CVE-2025-58722) - Medium [380]

Description: Microsoft DWM Core Library Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

Qualys: Other Microsoft Vulnerability Highlights CVE-2025-48004 is an elevation of privilege vulnerability in the Microsoft Brokering File System. An attacker must win a race condition to exploit the vulnerability. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-55676 is an information disclosure vulnerability in the Windows USB Video Class System Driver. Successful exploitation of the vulnerability could allow the disclosure of certain memory addresses within kernel space. CVE-2025-55681 is an elevation of privilege vulnerability in Desktop Windows Manager. An out-of-bounds read flaw may allow an attacker to gain SYSTEM privileges. CVE-2025-58722 is an elevation of privilege vulnerability in Microsoft DWM Core Library. A heap-based buffer overflow in Windows DWM may allow an attacker to gain SYSTEM privileges. CVE-2025-59199 is an elevation of privilege vulnerability in the Software Protection Platform (SPP). The improper access control flaw may allow an unauthenticated attacker to elevate privileges locally. CVE-2025-55680 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-55692 is an elevation of privilege vulnerability in the Windows Error Reporting Service. An attacker who successfully exploited this vulnerability could gain administrator privileges. CVE-2025-55693 is an elevation of privilege vulnerability in the Windows Kernel. An attacker must win a race condition to exploit the vulnerability. An attacker who successfully exploits the vulnerability could crash the system by exploiting the use-after-free vulnerability, even as a standard user. CVE-2025-55694 is an elevation of privilege vulnerability in the Windows Error Reporting Service. An attacker who exploits this vulnerability could gain administrator privileges. CVE-2025-59194 is an elevation of privilege vulnerability in the Windows Kernel. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2025-59502 is a denial-of-service vulnerability in the Remote Procedure Call. An uncontrolled resource consumption flaw could allow an unauthenticated attacker to deny service over a network.

34. Elevation of Privilege - Microsoft DWM Core Library (CVE-2025-59254) - Medium [380]

Description: Microsoft DWM Core Library Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

35. Elevation of Privilege - Microsoft Exchange (CVE-2025-53782) - Medium [380]

Description: Microsoft Exchange Server Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft
CVSS Base Score	0.8	10	CVSS Base Score is 8.4. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

36. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2025-58714) - Medium [380]

Description: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

37. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2025-59242) - Medium [380]

Description: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

38. Elevation of Privilege - Windows Authentication (CVE-2025-55701) - Medium [380]

Description: Windows Authentication Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

39. Elevation of Privilege - Windows Authentication (CVE-2025-59275) - Medium [380]

Description: Windows Authentication Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

40. Elevation of Privilege - Windows Authentication (CVE-2025-59277) - Medium [380]

Description: Windows Authentication Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

41. Elevation of Privilege - Windows Authentication (CVE-2025-59278) - Medium [380]

Description: Windows Authentication Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

42. Elevation of Privilege - Windows Bluetooth Service (CVE-2025-58728) - Medium [380]

Description: Windows Bluetooth Service Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

43. Elevation of Privilege - Windows Bluetooth Service (CVE-2025-59220) - Medium [380]

Description: Windows Bluetooth Service Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0.1	10	EPSS Probability is 0.00041, EPSS Percentile is 0.12076

MS PT Extended: CVE-2025-59220 was published before October 2025 Patch Tuesday from 2025-09-10 to 2025-10-13

44. Elevation of Privilege - Windows Bluetooth Service (CVE-2025-59290) - Medium [380]

Description: Windows Bluetooth Service Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

45. Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2025-55680) - Medium [380]

Description: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

Qualys: Other Microsoft Vulnerability Highlights CVE-2025-48004 is an elevation of privilege vulnerability in the Microsoft Brokering File System. An attacker must win a race condition to exploit the vulnerability. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-55676 is an information disclosure vulnerability in the Windows USB Video Class System Driver. Successful exploitation of the vulnerability could allow the disclosure of certain memory addresses within kernel space. CVE-2025-55681 is an elevation of privilege vulnerability in Desktop Windows Manager. An out-of-bounds read flaw may allow an attacker to gain SYSTEM privileges. CVE-2025-58722 is an elevation of privilege vulnerability in Microsoft DWM Core Library. A heap-based buffer overflow in Windows DWM may allow an attacker to gain SYSTEM privileges. CVE-2025-59199 is an elevation of privilege vulnerability in the Software Protection Platform (SPP). The improper access control flaw may allow an unauthenticated attacker to elevate privileges locally. CVE-2025-55680 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-55692 is an elevation of privilege vulnerability in the Windows Error Reporting Service. An attacker who successfully exploited this vulnerability could gain administrator privileges. CVE-2025-55693 is an elevation of privilege vulnerability in the Windows Kernel. An attacker must win a race condition to exploit the vulnerability. An attacker who successfully exploits the vulnerability could crash the system by exploiting the use-after-free vulnerability, even as a standard user. CVE-2025-55694 is an elevation of privilege vulnerability in the Windows Error Reporting Service. An attacker who exploits this vulnerability could gain administrator privileges. CVE-2025-59194 is an elevation of privilege vulnerability in the Windows Kernel. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2025-59502 is a denial-of-service vulnerability in the Remote Procedure Call. An uncontrolled resource consumption flaw could allow an unauthenticated attacker to deny service over a network.

Tenable: CVE-2025-55680 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Tenable: CVE-2025-55680 is an EoP vulnerability in the Windows Cloud Files Mini Filter Driver. It was assigned a CVSSv3 score of 7.8, rated important and assessed as “Exploitation More Likely.” A local, authenticated attacker would need to win a race condition in order to exploit this vulnerability. Successful exploitation would allow the attacker to elevate to SYSTEM privileges.

46. Elevation of Privilege - Windows Connected Devices Platform Service (CVE-2025-59191) - Medium [380]

Description: Windows Connected Devices Platform Service Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

47. Elevation of Privilege - Windows DWM Core Library (CVE-2025-59255) - Medium [380]

Description: Windows DWM Core Library Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

48. Elevation of Privilege - Windows Device Association Broker Service (CVE-2025-55677) - Medium [380]

Description: Windows Device Association Broker Service Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

49. Elevation of Privilege - Windows Digital Media (CVE-2025-50175) - Medium [380]

Description: Windows Digital Media Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

50. Elevation of Privilege - Windows Digital Media (CVE-2025-53150) - Medium [380]

Description: Windows Digital Media Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

51. Elevation of Privilege - Windows Error Reporting Service (CVE-2025-55692) - Medium [380]

Description: Windows Error Reporting Service Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

Qualys: Other Microsoft Vulnerability Highlights CVE-2025-48004 is an elevation of privilege vulnerability in the Microsoft Brokering File System. An attacker must win a race condition to exploit the vulnerability. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-55676 is an information disclosure vulnerability in the Windows USB Video Class System Driver. Successful exploitation of the vulnerability could allow the disclosure of certain memory addresses within kernel space. CVE-2025-55681 is an elevation of privilege vulnerability in Desktop Windows Manager. An out-of-bounds read flaw may allow an attacker to gain SYSTEM privileges. CVE-2025-58722 is an elevation of privilege vulnerability in Microsoft DWM Core Library. A heap-based buffer overflow in Windows DWM may allow an attacker to gain SYSTEM privileges. CVE-2025-59199 is an elevation of privilege vulnerability in the Software Protection Platform (SPP). The improper access control flaw may allow an unauthenticated attacker to elevate privileges locally. CVE-2025-55680 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-55692 is an elevation of privilege vulnerability in the Windows Error Reporting Service. An attacker who successfully exploited this vulnerability could gain administrator privileges. CVE-2025-55693 is an elevation of privilege vulnerability in the Windows Kernel. An attacker must win a race condition to exploit the vulnerability. An attacker who successfully exploits the vulnerability could crash the system by exploiting the use-after-free vulnerability, even as a standard user. CVE-2025-55694 is an elevation of privilege vulnerability in the Windows Error Reporting Service. An attacker who exploits this vulnerability could gain administrator privileges. CVE-2025-59194 is an elevation of privilege vulnerability in the Windows Kernel. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2025-59502 is a denial-of-service vulnerability in the Remote Procedure Call. An uncontrolled resource consumption flaw could allow an unauthenticated attacker to deny service over a network.

52. Elevation of Privilege - Windows Error Reporting Service (CVE-2025-55694) - Medium [380]

Description: Windows Error Reporting Service Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

Qualys: Other Microsoft Vulnerability Highlights CVE-2025-48004 is an elevation of privilege vulnerability in the Microsoft Brokering File System. An attacker must win a race condition to exploit the vulnerability. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-55676 is an information disclosure vulnerability in the Windows USB Video Class System Driver. Successful exploitation of the vulnerability could allow the disclosure of certain memory addresses within kernel space. CVE-2025-55681 is an elevation of privilege vulnerability in Desktop Windows Manager. An out-of-bounds read flaw may allow an attacker to gain SYSTEM privileges. CVE-2025-58722 is an elevation of privilege vulnerability in Microsoft DWM Core Library. A heap-based buffer overflow in Windows DWM may allow an attacker to gain SYSTEM privileges. CVE-2025-59199 is an elevation of privilege vulnerability in the Software Protection Platform (SPP). The improper access control flaw may allow an unauthenticated attacker to elevate privileges locally. CVE-2025-55680 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-55692 is an elevation of privilege vulnerability in the Windows Error Reporting Service. An attacker who successfully exploited this vulnerability could gain administrator privileges. CVE-2025-55693 is an elevation of privilege vulnerability in the Windows Kernel. An attacker must win a race condition to exploit the vulnerability. An attacker who successfully exploits the vulnerability could crash the system by exploiting the use-after-free vulnerability, even as a standard user. CVE-2025-55694 is an elevation of privilege vulnerability in the Windows Error Reporting Service. An attacker who exploits this vulnerability could gain administrator privileges. CVE-2025-59194 is an elevation of privilege vulnerability in the Windows Kernel. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2025-59502 is a denial-of-service vulnerability in the Remote Procedure Call. An uncontrolled resource consumption flaw could allow an unauthenticated attacker to deny service over a network.

53. Elevation of Privilege - Windows Graphics Component (CVE-2025-59215) - Medium [380]

Description: Windows Graphics Component Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0.1	10	EPSS Probability is 0.00045, EPSS Percentile is 0.13615

MS PT Extended: CVE-2025-59215 was published before October 2025 Patch Tuesday from 2025-09-10 to 2025-10-13

54. Elevation of Privilege - Windows Graphics Component (CVE-2025-59216) - Medium [380]

Description: Windows Graphics Component Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0.1	10	EPSS Probability is 0.00041, EPSS Percentile is 0.12076

MS PT Extended: CVE-2025-59216 was published before October 2025 Patch Tuesday from 2025-09-10 to 2025-10-13

55. Elevation of Privilege - Windows Health and Optimized Experiences (CVE-2025-59241) - Medium [380]

Description: Windows Health and Optimized Experiences Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

56. Elevation of Privilege - Windows Network Driver Interface Specification Driver (CVE-2025-55339) - Medium [380]

Description: Windows Network Driver Interface Specification Driver Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

57. Elevation of Privilege - Windows SMB Server (CVE-2025-58726) - Medium [380]

Description: Windows SMB Server Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.5. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

58. Remote Code Execution - OmniParser (CVE-2025-55322) - Medium [380]

Description: OmniParser Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.5	14	OmniParser
CVSS Base Score	0.7	10	CVSS Base Score is 7.3. According to Microsoft data source
EPSS Percentile	0.3	10	EPSS Probability is 0.00084, EPSS Percentile is 0.2537

MS PT Extended: CVE-2025-55322 was published before October 2025 Patch Tuesday from 2025-09-10 to 2025-10-13

59. Elevation of Privilege - Azure Entra ID (CVE-2025-59218) - Medium [377]

Description: Azure Entra ID Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.5	14	Azure Entra ID
CVSS Base Score	1.0	10	CVSS Base Score is 9.6. According to Microsoft data source
EPSS Percentile	0.2	10	EPSS Probability is 0.00074, EPSS Percentile is 0.22985

MS PT Extended: CVE-2025-59218 was published before October 2025 Patch Tuesday from 2025-09-10 to 2025-10-13

60. Information Disclosure - Windows Cryptographic Services (CVE-2025-58720) - Medium [376]

Description: Windows Cryptographic Services Information Disclosure Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.83	15	Information Disclosure
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

61. Remote Code Execution - Microsoft Excel (CVE-2025-59223) - Medium [373]

Description: Microsoft Excel Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.6	14	MS Office product
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

62. Remote Code Execution - Microsoft Excel (CVE-2025-59224) - Medium [373]

Description: Microsoft Excel Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.6	14	MS Office product
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

63. Remote Code Execution - Microsoft Excel (CVE-2025-59225) - Medium [373]

Description: Microsoft Excel Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.6	14	MS Office product
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

64. Remote Code Execution - Microsoft Excel (CVE-2025-59231) - Medium [373]

Description: Microsoft Excel Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.6	14	MS Office product
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

65. Remote Code Execution - Microsoft Excel (CVE-2025-59233) - Medium [373]

Description: Microsoft Excel Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.6	14	MS Office product
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

66. Remote Code Execution - Microsoft Excel (CVE-2025-59236) - Medium [373]

Description: Microsoft Excel Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.6	14	MS Office product
CVSS Base Score	0.8	10	CVSS Base Score is 8.4. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

Qualys: CVE-2025-59236: Microsoft Excel Remote Code Execution Vulnerability A use-after-free flaw in Microsoft Office could allow an unauthenticated attacker to execute code locally.

67. Remote Code Execution - Microsoft Excel (CVE-2025-59243) - Medium [373]

Description: Microsoft Excel Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.6	14	MS Office product
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

68. Remote Code Execution - Microsoft Office Visio (CVE-2025-59226) - Medium [373]

Description: Microsoft Office Visio Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.6	14	Microsoft Visio
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

69. Remote Code Execution - Microsoft PowerPoint (CVE-2025-59238) - Medium [373]

Description: Microsoft PowerPoint Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.6	14	Microsoft PowerPoint
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

70. Remote Code Execution - Microsoft Word (CVE-2025-59222) - Medium [373]

Description: Microsoft Word Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.6	14	Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product.
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

71. Information Disclosure - Windows Kernel (CVE-2025-55683) - Medium [369]

Description: Windows Kernel Information Disclosure Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.83	15	Information Disclosure
Vulnerable Product is Common	0.9	14	Windows Kernel
CVSS Base Score	0.6	10	CVSS Base Score is 5.5. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

72. Information Disclosure - Windows Kernel (CVE-2025-55699) - Medium [369]

Description: Windows Kernel Information Disclosure Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.83	15	Information Disclosure
Vulnerable Product is Common	0.9	14	Windows Kernel
CVSS Base Score	0.6	10	CVSS Base Score is 5.5. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

73. Information Disclosure - Windows Kernel (CVE-2025-59186) - Medium [369]

Description: Windows Kernel Information Disclosure Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.83	15	Information Disclosure
Vulnerable Product is Common	0.9	14	Windows Kernel
CVSS Base Score	0.6	10	CVSS Base Score is 5.5. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

74. Elevation of Privilege - Desktop Windows Manager (CVE-2025-55681) - Medium [368]

Description: Desktop Windows Manager Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

Qualys: Other Microsoft Vulnerability Highlights CVE-2025-48004 is an elevation of privilege vulnerability in the Microsoft Brokering File System. An attacker must win a race condition to exploit the vulnerability. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-55676 is an information disclosure vulnerability in the Windows USB Video Class System Driver. Successful exploitation of the vulnerability could allow the disclosure of certain memory addresses within kernel space. CVE-2025-55681 is an elevation of privilege vulnerability in Desktop Windows Manager. An out-of-bounds read flaw may allow an attacker to gain SYSTEM privileges. CVE-2025-58722 is an elevation of privilege vulnerability in Microsoft DWM Core Library. A heap-based buffer overflow in Windows DWM may allow an attacker to gain SYSTEM privileges. CVE-2025-59199 is an elevation of privilege vulnerability in the Software Protection Platform (SPP). The improper access control flaw may allow an unauthenticated attacker to elevate privileges locally. CVE-2025-55680 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-55692 is an elevation of privilege vulnerability in the Windows Error Reporting Service. An attacker who successfully exploited this vulnerability could gain administrator privileges. CVE-2025-55693 is an elevation of privilege vulnerability in the Windows Kernel. An attacker must win a race condition to exploit the vulnerability. An attacker who successfully exploits the vulnerability could crash the system by exploiting the use-after-free vulnerability, even as a standard user. CVE-2025-55694 is an elevation of privilege vulnerability in the Windows Error Reporting Service. An attacker who exploits this vulnerability could gain administrator privileges. CVE-2025-59194 is an elevation of privilege vulnerability in the Windows Kernel. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2025-59502 is a denial-of-service vulnerability in the Remote Procedure Call. An uncontrolled resource consumption flaw could allow an unauthenticated attacker to deny service over a network.

75. Elevation of Privilege - DirectX Graphics Kernel (CVE-2025-55678) - Medium [368]

Description: DirectX Graphics Kernel Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	DirectX Graphics Kernel
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

76. Elevation of Privilege - Microsoft PowerShell (CVE-2025-25004) - Medium [368]

Description: PowerShell Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	PowerShell or Microsoft PowerShell (formerly Windows PowerShell) is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language
CVSS Base Score	0.7	10	CVSS Base Score is 7.3. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

77. Elevation of Privilege - Windows Bluetooth Service (CVE-2025-59289) - Medium [368]

Description: Windows Bluetooth Service Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

78. Elevation of Privilege - Windows COM+ Event System Service (CVE-2025-58725) - Medium [368]

Description: Windows COM+ Event System Service Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

79. Elevation of Privilege - Windows Connected Devices Platform Service (CVE-2025-58727) - Medium [368]

Description: Windows Connected Devices Platform Service Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

80. Elevation of Privilege - Windows Device Association Broker Service (CVE-2025-50174) - Medium [368]

Description: Windows Device Association Broker Service Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

81. Elevation of Privilege - Windows Graphics Component (CVE-2025-59205) - Medium [368]

Description: Windows Graphics Component Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

82. Elevation of Privilege - Windows Graphics Component (CVE-2025-59261) - Medium [368]

Description: Windows Graphics Component Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

83. Elevation of Privilege - Windows Management Services (CVE-2025-59193) - Medium [368]

Description: Windows Management Services Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

84. Elevation of Privilege - Windows NTFS (CVE-2025-55335) - Medium [368]

Description: Windows NTFS Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	The default file system of the Windows NT family
CVSS Base Score	0.7	10	CVSS Base Score is 7.4. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

85. Elevation of Privilege - Windows PrintWorkflowUserSvc (CVE-2025-55331) - Medium [368]

Description: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

86. Elevation of Privilege - Windows PrintWorkflowUserSvc (CVE-2025-55684) - Medium [368]

Description: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

87. Elevation of Privilege - Windows PrintWorkflowUserSvc (CVE-2025-55685) - Medium [368]

Description: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

88. Elevation of Privilege - Windows PrintWorkflowUserSvc (CVE-2025-55686) - Medium [368]

Description: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

89. Elevation of Privilege - Windows PrintWorkflowUserSvc (CVE-2025-55688) - Medium [368]

Description: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

90. Elevation of Privilege - Windows PrintWorkflowUserSvc (CVE-2025-55689) - Medium [368]

Description: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

91. Elevation of Privilege - Windows PrintWorkflowUserSvc (CVE-2025-55690) - Medium [368]

Description: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

92. Elevation of Privilege - Windows PrintWorkflowUserSvc (CVE-2025-55691) - Medium [368]

Description: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

93. Elevation of Privilege - Windows Remote Desktop Services (CVE-2025-59202) - Medium [368]

Description: Windows Remote Desktop Services Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Remote Desktop Services, known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

94. Elevation of Privilege - Windows Resilient File System (ReFS) (CVE-2025-55687) - Medium [368]

Description: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.4. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

95. Elevation of Privilege - Windows Resilient File System (ReFS) Deduplication Service (CVE-2025-59206) - Medium [368]

Description: Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.4. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

96. Elevation of Privilege - Windows Resilient File System (ReFS) Deduplication Service (CVE-2025-59210) - Medium [368]

Description: Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.4. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

97. Elevation of Privilege - Windows Simple Search and Discovery Protocol (SSDP) Service (CVE-2025-59196) - Medium [368]

Description: Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

98. Elevation of Privilege - Windows Virtualization-Based Security (VBS) Enclave (CVE-2025-53717) - Medium [368]

Description: Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

99. Elevation of Privilege - Azure PlayFab (CVE-2025-59247) - Medium [366]

Description: Azure PlayFab Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.5	14	Azure PlayFab
CVSS Base Score	0.9	10	CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile	0.2	10	EPSS Probability is 0.00077, EPSS Percentile is 0.23644

MS PT Extended: CVE-2025-59247 was published before October 2025 Patch Tuesday from 2025-09-10 to 2025-10-13

100. Elevation of Privilege - Redis Enterprise (CVE-2025-59271) - Medium [366]

Description: Redis Enterprise Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.5	14	Redis Enterprise
CVSS Base Score	0.9	10	CVSS Base Score is 8.7. According to Microsoft data source
EPSS Percentile	0.2	10	EPSS Probability is 0.00063, EPSS Percentile is 0.19723

MS PT Extended: CVE-2025-59271 was published before October 2025 Patch Tuesday from 2025-09-10 to 2025-10-13

101. Memory Corruption - Chromium (CVE-2025-10200) - Medium [365]

Description: Chromium: CVE-2025-10200 Use after free in Serviceworker

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.5	15	Memory Corruption
Vulnerable Product is Common	0.8	14	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score	0.9	10	CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile	0.3	10	EPSS Probability is 0.00119, EPSS Percentile is 0.31551

MS PT Extended: CVE-2025-10200 was published before October 2025 Patch Tuesday from 2025-09-10 to 2025-10-13

102. Memory Corruption - Chromium (CVE-2025-10500) - Medium [365]

Description: Chromium: CVE-2025-10500 Use after free in Dawn

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.5	15	Memory Corruption
Vulnerable Product is Common	0.8	14	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score	0.9	10	CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile	0.3	10	EPSS Probability is 0.00109, EPSS Percentile is 0.29963

MS PT Extended: CVE-2025-10500 was published before October 2025 Patch Tuesday from 2025-09-10 to 2025-10-13

103. Memory Corruption - Chromium (CVE-2025-10501) - Medium [365]

Description: Chromium: CVE-2025-10501 Use after free in WebRTC

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.5	15	Memory Corruption
Vulnerable Product is Common	0.8	14	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score	0.9	10	CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile	0.3	10	EPSS Probability is 0.00101, EPSS Percentile is 0.2849

MS PT Extended: CVE-2025-10501 was published before October 2025 Patch Tuesday from 2025-09-10 to 2025-10-13

104. Security Feature Bypass - Windows BitLocker (CVE-2025-55330) - Medium [365]

Description: Windows BitLocker Security Feature Bypass Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.9	15	Security Feature Bypass
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.6	10	CVSS Base Score is 6.1. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

105. Security Feature Bypass - Windows BitLocker (CVE-2025-55332) - Medium [365]

Description: Windows BitLocker Security Feature Bypass Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.9	15	Security Feature Bypass
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.6	10	CVSS Base Score is 6.1. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

106. Security Feature Bypass - Windows BitLocker (CVE-2025-55333) - Medium [365]

Description: Windows BitLocker Security Feature Bypass Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.9	15	Security Feature Bypass
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.6	10	CVSS Base Score is 6.1. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

107. Security Feature Bypass - Windows BitLocker (CVE-2025-55337) - Medium [365]

Description: Windows BitLocker Security Feature Bypass Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.9	15	Security Feature Bypass
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.6	10	CVSS Base Score is 6.1. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

108. Security Feature Bypass - Windows BitLocker (CVE-2025-55338) - Medium [365]

Description: Windows BitLocker Security Feature Bypass Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.9	15	Security Feature Bypass
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.6	10	CVSS Base Score is 6.1. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

109. Security Feature Bypass - Windows BitLocker (CVE-2025-55682) - Medium [365]

Description: Windows BitLocker Security Feature Bypass Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.9	15	Security Feature Bypass
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.6	10	CVSS Base Score is 6.1. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

110. Information Disclosure - Windows MapUrlToZone (CVE-2025-59208) - Medium [364]

Description: Windows MapUrlToZone Information Disclosure Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.83	15	Information Disclosure
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 7.1. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

111. Information Disclosure - Windows Routing and Remote Access Service (RRAS) (CVE-2025-55700) - Medium [364]

Description: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.83	15	Information Disclosure
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 6.5. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

112. Information Disclosure - Windows Routing and Remote Access Service (RRAS) (CVE-2025-58717) - Medium [364]

Description: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.83	15	Information Disclosure
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.7	10	CVSS Base Score is 6.5. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

113. Remote Code Execution - Microsoft Word (CVE-2025-59221) - Medium [361]

Description: Microsoft Word Remote Code Execution Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.6	14	Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product.
CVSS Base Score	0.7	10	CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

114. Information Disclosure - Windows Kernel (CVE-2025-55679) - Medium [357]

Description: Windows Kernel Information Disclosure Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.83	15	Information Disclosure
Vulnerable Product is Common	0.9	14	Windows Kernel
CVSS Base Score	0.5	10	CVSS Base Score is 5.1. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

115. Elevation of Privilege - Microsoft Graphics Component (CVE-2025-49708) - Medium [354]

Description: Microsoft Graphics Component Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.5	14	Microsoft Graphics Component
CVSS Base Score	1.0	10	CVSS Base Score is 9.9. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

Qualys: CVE-2025-49708: Windows Graphics Component Remote Code Execution Vulnerability A use-after-free flaw in Microsoft Graphics Component could allow an authenticated attacker to execute code over a network. Upon successful exploitation of the vulnerability, an attacker could gain SYSTEM privileges.

116. Denial of Service - DirectX Graphics Kernel (CVE-2025-55698) - Medium [353]

Description: DirectX Graphics Kernel Denial of Service Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.7	15	Denial of Service
Vulnerable Product is Common	0.8	14	DirectX Graphics Kernel
CVSS Base Score	0.8	10	CVSS Base Score is 7.7. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

117. Incorrect Calculation - Chromium (CVE-2025-10891) - Medium [353]

Description: Chromium: CVE-2025-10891 Integer overflow in V8

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.5	15	Incorrect Calculation
Vulnerable Product is Common	0.8	14	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score	0.9	10	CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile	0.2	10	EPSS Probability is 0.0008, EPSS Percentile is 0.24527

MS PT Extended: CVE-2025-10891 was published before October 2025 Patch Tuesday from 2025-09-10 to 2025-10-13

118. Incorrect Calculation - Chromium (CVE-2025-10892) - Medium [353]

Description: Chromium: CVE-2025-10892 Integer overflow in V8

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.5	15	Incorrect Calculation
Vulnerable Product is Common	0.8	14	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score	0.9	10	CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile	0.2	10	EPSS Probability is 0.0008, EPSS Percentile is 0.24527

MS PT Extended: CVE-2025-10892 was published before October 2025 Patch Tuesday from 2025-09-10 to 2025-10-13

119. Memory Corruption - Chromium (CVE-2025-10502) - Medium [353]

Description: Chromium: CVE-2025-10502 Heap buffer overflow in ANGLE

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.5	15	Memory Corruption
Vulnerable Product is Common	0.8	14	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score	0.9	10	CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile	0.2	10	EPSS Probability is 0.00074, EPSS Percentile is 0.2284

MS PT Extended: CVE-2025-10502 was published before October 2025 Patch Tuesday from 2025-09-10 to 2025-10-13

120. Information Disclosure - Windows Active Directory Federation Services (ADFS) (CVE-2025-59258) - Medium [352]

Description: Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.83	15	Information Disclosure
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.6	10	CVSS Base Score is 6.2. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

121. Information Disclosure - Windows Cloud Files Mini Filter Driver (CVE-2025-55336) - Medium [352]

Description: Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.83	15	Information Disclosure
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.6	10	CVSS Base Score is 5.5. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

122. Information Disclosure - Windows ETL Channel (CVE-2025-59197) - Medium [352]

Description: Windows ETL Channel Information Disclosure Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.83	15	Information Disclosure
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.6	10	CVSS Base Score is 5.5. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

123. Information Disclosure - Windows Management Services (CVE-2025-59204) - Medium [352]

Description: Windows Management Services Information Disclosure Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.83	15	Information Disclosure
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.6	10	CVSS Base Score is 5.5. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

124. Information Disclosure - Windows Push Notification (CVE-2025-59209) - Medium [352]

Description: Windows Push Notification Information Disclosure Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.83	15	Information Disclosure
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.6	10	CVSS Base Score is 5.5. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

125. Information Disclosure - Windows Push Notification (CVE-2025-59211) - Medium [352]

Description: Windows Push Notification Information Disclosure Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.83	15	Information Disclosure
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.6	10	CVSS Base Score is 5.5. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

126. Information Disclosure - Windows State Repository API Server File (CVE-2025-59203) - Medium [352]

Description: Windows State Repository API Server File Information Disclosure Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.83	15	Information Disclosure
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.6	10	CVSS Base Score is 5.5. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

127. Information Disclosure - Windows Storage Management Provider (CVE-2025-55325) - Medium [352]

Description: Windows Storage Management Provider Information Disclosure Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.83	15	Information Disclosure
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.6	10	CVSS Base Score is 5.5. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

128. Information Disclosure - Windows USB Video Class System Driver (CVE-2025-55676) - Medium [352]

Description: Windows USB Video Class System Driver Information Disclosure Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.83	15	Information Disclosure
Vulnerable Product is Common	0.8	14	Windows component
CVSS Base Score	0.6	10	CVSS Base Score is 5.5. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

Qualys: Other Microsoft Vulnerability Highlights CVE-2025-48004 is an elevation of privilege vulnerability in the Microsoft Brokering File System. An attacker must win a race condition to exploit the vulnerability. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-55676 is an information disclosure vulnerability in the Windows USB Video Class System Driver. Successful exploitation of the vulnerability could allow the disclosure of certain memory addresses within kernel space. CVE-2025-55681 is an elevation of privilege vulnerability in Desktop Windows Manager. An out-of-bounds read flaw may allow an attacker to gain SYSTEM privileges. CVE-2025-58722 is an elevation of privilege vulnerability in Microsoft DWM Core Library. A heap-based buffer overflow in Windows DWM may allow an attacker to gain SYSTEM privileges. CVE-2025-59199 is an elevation of privilege vulnerability in the Software Protection Platform (SPP). The improper access control flaw may allow an unauthenticated attacker to elevate privileges locally. CVE-2025-55680 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Upon successful exploitation, an attacker could gain SYSTEM privileges. CVE-2025-55692 is an elevation of privilege vulnerability in the Windows Error Reporting Service. An attacker who successfully exploited this vulnerability could gain administrator privileges. CVE-2025-55693 is an elevation of privilege vulnerability in the Windows Kernel. An attacker must win a race condition to exploit the vulnerability. An attacker who successfully exploits the vulnerability could crash the system by exploiting the use-after-free vulnerability, even as a standard user. CVE-2025-55694 is an elevation of privilege vulnerability in the Windows Error Reporting Service. An attacker who exploits this vulnerability could gain administrator privileges. CVE-2025-59194 is an elevation of privilege vulnerability in the Windows Kernel. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an authenticated attacker to elevate privileges locally. CVE-2025-59502 is a denial-of-service vulnerability in the Remote Procedure Call. An uncontrolled resource consumption flaw could allow an unauthenticated attacker to deny service over a network.

129. Information Disclosure - Windows WLAN AutoConfig Service (CVE-2025-55695) - Medium [352]

Description: Windows WLAN AutoConfig Service Information Disclosure Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.83	15	Information Disclosure
Vulnerable Product is Common	0.8	14	Windows сomponent
CVSS Base Score	0.6	10	CVSS Base Score is 5.5. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

130. Elevation of Privilege - .NET (CVE-2025-55247) - Medium [351]

Description: .NET Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.7	14	.NET
CVSS Base Score	0.7	10	CVSS Base Score is 7.3. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

131. Elevation of Privilege - Windows Hyper-V (CVE-2025-55328) - Medium [347]

Description: Windows Hyper-V Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.6	14	Hardware virtualization component of the client editions of Windows NT
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile	0	10	EPSS Probability is 0, EPSS Percentile is 0

132. Remote Code Execution - Inbox COM Objects (Global Memory) (CVE-2025-58730) - Medium [345]