Common Vulnerabilities and Exposures (CVE)
CVE-2025-59503
Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-59273
Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-59286
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-55321
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59272
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59252
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59497
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.
CVE-2025-59289
Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59287
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
CVE-2025-59285
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-59278
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.