Today’s Microsoft Patch Tuesday offers fixes for 80 different vulnerabilities. One of the vulnerabilities is already being exploited, and five are rated as critical.
Notable Vulnerabilities:
CVE-2025-62215: This vulnerability is already being exploited. It is a privilege escalation vulnerability in the Windows Kernel. These types of vulnerabilities are often exploited as part of a more complex attack chain; however, exploiting this specific vulnerability is likely to be relatively straightforward, given the existence of prior similar vulnerabilities.
CVE-2025-60274: A critical GDI+ remote execution vulnerability. GDI+ parses various graphics files. The attack surface is likely huge, as anything in Windows (Browsers, email, and Office Documents) will use this library at some point to display images. We also have a critical vulnerability in Direct-X CVE-2025-60716. Microsoft classifies this as a privilege escalation issue, yet still rates it as critical.
CVE-2025-62199: A code execution vulnerability in Microsoft Office. Another component with a huge attack surface that is often exploited.
Given the number and type of vulnerabilities, I would consider this patch Tuesday “lighter than normal”. There are no “Patch Now” vulnerabilities, and I suggest applying these vulnerabilities in accordance with your vulnerability management program.
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| Agentic AI and Visual Studio Code Remote Code Execution Vulnerability | |||||||
| CVE-2025-62222 | No | No | – | – | Important | 8.8 | 7.7 |
| An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash). | |||||||
| CVE-2025-60753 | No | No | – | – | Moderate | 5.5 | 5.2 |
| Azure Monitor Agent Remote Code Execution Vulnerability | |||||||
| CVE-2025-59504 | No | No | – | – | Important | 7.3 | 6.4 |
| Configuration Manager Elevation of Privilege Vulnerability | |||||||
| CVE-2025-47179 | No | No | – | – | Important | 6.7 | 5.8 |
| Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability | |||||||
| CVE-2025-59512 | No | No | – | – | Important | 7.8 | 6.8 |
| DirectX Graphics Kernel Denial of Service Vulnerability | |||||||
| CVE-2025-60723 | No | No | – | – | Important | 6.3 | 5.5 |
| DirectX Graphics Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2025-59506 | No | No | – | – | Important | 7.0 | 6.1 |
| CVE-2025-60716 | No | No | – | – | Critical | 7.0 | 6.1 |
| Dynamics 365 Field Service (online) Spoofing Vulnerability | |||||||
| CVE-2025-62210 | No | No | – | – | Important | 8.7 | 7.6 |
| CVE-2025-62211 | No | No | – | – | Important | 8.7 | 7.6 |
| GDI+ Remote Code Execution Vulnerability | |||||||
| CVE-2025-60724 | No | No | – | – | Critical | 9.8 | 8.5 |
| GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability | |||||||
| CVE-2025-62453 | No | No | – | – | Important | 5.0 | 4.4 |
| Host Process for Windows Tasks Elevation of Privilege Vulnerability | |||||||
| CVE-2025-60710 | No | No | – | – | Important | 7.8 | 6.8 |
| KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer | |||||||
| CVE-2025-64432 | No | No | – | – | Moderate | 4.7 | 4.5 |
| KubeVirt Arbitrary Container File Read | |||||||
| CVE-2025-64433 | No | No | – | – | Moderate | 6.5 | 6.2 |
| KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes | |||||||
| CVE-2025-64436 | No | No | – | – | Moderate | ||
| KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing | |||||||
| CVE-2025-64434 | No | No | – | – | Moderate | 4.7 | 4.5 |
| KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes | |||||||
| CVE-2025-64437 | No | No | – | – | Moderate | 5.0 | 4.7 |
| KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation | |||||||
| CVE-2025-64435 | No | No | – | – | Moderate | 5.3 | 5.0 |
| Libxml2: namespace use-after-free in xmlsettreedoc() function of libxml2 | |||||||
| CVE-2025-12863 | No | No | – | – | Important | 7.5 | 7.1 |
| Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | |||||||
| CVE-2025-62206 | No | No | – | – | Important | 6.5 | 5.7 |
| Microsoft Excel Information Disclosure Vulnerability | |||||||
| CVE-2025-60726 | No | No | – | – | Important | 7.1 | 6.2 |
| CVE-2025-60728 | No | No | – | – | Important | 4.3 | 3.8 |
| CVE-2025-59240 | No | No | – | – | Important | 5.5 | 4.8 |
| CVE-2025-62202 | No | No | – | – | Important | 7.1 | 6.2 |
| Microsoft Excel Remote Code Execution Vulnerability | |||||||
| CVE-2025-60727 | No | No | – | – | Important | 7.8 | 6.8 |
| CVE-2025-62200 | No | No | – | – | Important | 7.8 | 6.8 |
| CVE-2025-62201 | No | No | – | – | Important | 7.8 | 6.8 |
| CVE-2025-62203 | No | No | – | – | Important | 7.8 | 6.8 |
| Microsoft Office Remote Code Execution Vulnerability | |||||||
| CVE-2025-62199 | No | No | – | – | Critical | 7.8 | 6.8 |
| CVE-2025-62216 | No | No | – | – | Important | 7.8 | 6.8 |
| CVE-2025-62205 | No | No | – | – | Important | 7.8 | 6.8 |
| Microsoft OneDrive for Android Elevation of Privilege Vulnerability | |||||||
| CVE-2025-60722 | No | No | – | – | Important | 6.5 | 5.7 |
| Microsoft SQL Server Elevation of Privilege Vulnerability | |||||||
| CVE-2025-59499 | No | No | – | – | Important | 8.8 | 7.7 |
| Microsoft SharePoint Remote Code Execution Vulnerability | |||||||
| CVE-2025-62204 | No | No | – | – | Important | 8.0 | 7.0 |
| Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability | |||||||
| CVE-2025-59514 | No | No | – | – | Important | 7.8 | 6.8 |
| Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability | |||||||
| CVE-2025-62449 | No | No | – | – | Important | 6.8 | 5.9 |
| Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability | |||||||
| CVE-2025-62218 | No | No | – | – | Important | 7.0 | 6.1 |
| CVE-2025-62219 | No | No | – | – | Important | 7.0 | 6.1 |
| Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-60707 | No | No | – | – | Important | 7.8 | 6.8 |
| Nuance PowerScribe 360 Information Disclosure Vulnerability | |||||||
| CVE-2025-30398 | No | No | – | – | Critical | 8.1 | 7.1 |
| Storvsp.sys Driver Denial of Service Vulnerability | |||||||
| CVE-2025-60708 | No | No | – | – | Important | 6.5 | 5.7 |
| Visual Studio Remote Code Execution Vulnerability | |||||||
| CVE-2025-62214 | No | No | – | – | Critical | 6.7 | 5.8 |
| Windows Administrator Protection Elevation of Privilege Vulnerability | |||||||
| CVE-2025-60718 | No | No | – | – | Important | 7.8 | 6.8 |
| CVE-2025-60721 | No | No | – | – | Important | 7.8 | 6.9 |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||||||
| CVE-2025-60719 | No | No | – | – | Important | 7.0 | 6.1 |
| CVE-2025-62217 | No | No | – | – | Important | 7.0 | 6.1 |
| CVE-2025-62213 | No | No | – | – | Important | 7.0 | 6.1 |
| Windows Bluetooth RFCOM Protocol Driver Information Disclosure Vulnerability | |||||||
| CVE-2025-59513 | No | No | – | – | Important | 5.5 | 4.8 |
| Windows Broadcast DVR User Service Elevation of Privilege Vulnerability | |||||||
| CVE-2025-59515 | No | No | – | – | Important | 7.0 | 6.1 |
| CVE-2025-60717 | No | No | – | – | Important | 7.0 | 6.1 |
| Windows Client-Side Caching Elevation of Privilege Vulnerability | |||||||
| CVE-2025-60705 | No | No | – | – | Important | 7.8 | 6.8 |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-60709 | No | No | – | – | Important | 7.8 | 6.8 |
| Windows Hyper-V Information Disclosure Vulnerability | |||||||
| CVE-2025-60706 | No | No | – | – | Important | 5.5 | 4.8 |
| Windows Kerberos Elevation of Privilege Vulnerability | |||||||
| CVE-2025-60704 | No | No | – | – | Important | 7.5 | 6.5 |
| Windows Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2025-62215 | No | Yes | – | – | Important | 7.0 | 6.5 |
| Windows License Manager Information Disclosure Vulnerability | |||||||
| CVE-2025-62208 | No | No | – | – | Important | 5.5 | 4.8 |
| CVE-2025-62209 | No | No | – | – | Important | 5.5 | 4.8 |
| Windows OLE Remote Code Execution Vulnerability | |||||||
| CVE-2025-60714 | No | No | – | – | Important | 7.8 | 6.8 |
| Windows Remote Desktop Services Elevation of Privilege Vulnerability | |||||||
| CVE-2025-60703 | No | No | – | – | Important | 7.8 | 6.8 |
| Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability | |||||||
| CVE-2025-59510 | No | No | – | – | Important | 5.5 | 4.8 |
| Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability | |||||||
| CVE-2025-60713 | No | No | – | – | Important | 7.8 | 6.8 |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||||
| CVE-2025-62452 | No | No | – | – | Important | 8.0 | 7.0 |
| CVE-2025-60715 | No | No | – | – | Important | 8.0 | 7.0 |
| Windows Smart Card Reader Elevation of Privilege Vulnerability | |||||||
| CVE-2025-59505 | No | No | – | – | Important | 7.8 | 6.8 |
| Windows Speech Recognition Elevation of Privilege Vulnerability | |||||||
| CVE-2025-59508 | No | No | – | – | Important | 7.0 | 6.1 |
| Windows Speech Recognition Information Disclosure Vulnerability | |||||||
| CVE-2025-59509 | No | No | – | – | Important | 5.5 | 4.8 |
| Windows Speech Runtime Elevation of Privilege Vulnerability | |||||||
| CVE-2025-59507 | No | No | – | – | Important | 7.0 | 6.1 |
| Windows Subsystem for Linux GUI Remote Code Execution Vulnerability | |||||||
| CVE-2025-62220 | No | No | – | – | Important | 8.8 | 7.7 |
| Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-60720 | No | No | – | – | Important | 7.8 | 6.8 |
| Windows WLAN Service Elevation of Privilege Vulnerability | |||||||
| CVE-2025-59511 | No | No | – | – | Important | 7.8 | 6.8 |
| can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled | |||||||
| CVE-2025-40107 | No | No | – | – | Moderate | 5.5 | 5.5 |
| container escape due to /dev/console mount and related races | |||||||
| CVE-2025-52565 | No | No | – | – | Important | ||
| containerd CRI server: Host memory exhaustion through Attach goroutine leak | |||||||
| CVE-2025-64329 | No | No | – | – | Moderate | ||
| containerd affected by a local privilege escalation via wide permissions on CRI directory | |||||||
| CVE-2024-25621 | No | No | – | – | Important | 7.3 | 7.3 |
| crypto: rng – Ensure set_ent is always present | |||||||
| CVE-2025-40109 | No | No | – | – | Moderate | 4.2 | 4.2 |
| missing SFTP host verification with wolfSSH | |||||||
| CVE-2025-10966 | No | No | – | – | Moderate | 6.8 | 6.8 |
| mruby array.c ary_fill_exec out-of-bounds write | |||||||
| CVE-2025-12875 | No | No | – | – | Moderate | 5.3 | 4.8 |
| runc container escape via “masked path” abuse due to mount race conditions | |||||||
| CVE-2025-31133 | No | No | – | – | Important | ||
| runc: LSM labels can be bypassed with malicious config using dummy procfs files | |||||||
| CVE-2025-52881 | No | No | – | – | Important | ||
—
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
