Common Vulnerabilities and Exposures (CVE)
CVE-2025-59252
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2025-59497
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.
CVE-2025-59289
Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59287
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
CVE-2025-59285
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-59278
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
CVE-2025-59275
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
CVE-2025-59261
Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-59260
Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally.
CVE-2025-59253
Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.
CVE-2025-59230
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.