Common Vulnerabilities and Exposures (CVE)
CVE-2025-64666
Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-64667
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-64658
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2025-62573
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2025-62572
Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally.
CVE-2025-62571
Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2025-62564
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62563
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62562
Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.
CVE-2025-62561
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62549
Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-62473
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-62472
Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-62470
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62469
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.