Common Vulnerabilities and Exposures (CVE)
CVE-2025-29830
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29829
Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.
CVE-2025-26685
Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network.
CVE-2025-27488
Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally.
CVE-2025-26677
Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.
CVE-2025-32709
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-33072
Improper access control in Azure allows an unauthorized attacker to disclose information over a network.
CVE-2025-32706
Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-32703
Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.
CVE-2025-32701
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-30400
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
CVE-2025-29826
Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
CVE-2025-30393
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-27468
Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.
CVE-2025-30387
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.