You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 53717
About this tag
CVE-2025-53717 is a high-impact elevation-of-privilege vulnerability in Windows Virtualization-Based Security (VBS) Enclave, disclosed by Microsoft on October 14, 2025. The flaw, rated CVSS 7.0, stems from reliance on untrusted inputs in a security decision, allowing an attacker with limited local access to gain higher privileges and access secrets normally protected inside VBS. Microsoft has released security updates to address this issue. Discussions on WindowsForum.com cover the technical details, impact, and patching guidance for this vulnerability, along with related CVEs affecting Linux kernel components and Microsoft Office applications.
Libsodium's ed25519 point-validation routine contains a subtle but important bug that can let malformed points slip past validation in niche workflows, a flaw tracked as CVE-2025-69277 and fixed in the commit ad3004e. Background
Libsodium has long been the portable, easy-to-use cryptography...
A recently disclosed Linux kernel vulnerability in the Btrfs filesystem — tracked as CVE-2023-53247 — can trigger a kernel oops or panic by misordering page state operations in the buffered write path, allowing an attacker with local access to cause a sustained denial-of-service on impacted...
A narrowly targeted but important Linux kernel fix addressing CVE-2023-53218 changes how the rxrpc subsystem handles a queued call so a waiting process can be aborted instead of leaving subsequent calls blocked with EBUSY — a behavior that could cause sustained denial-of-service for local users...
Microsoft has published an advisory for CVE-2025-59238, a use‑after‑free vulnerability in Microsoft PowerPoint that can allow an attacker to execute arbitrary code on a local system when a user opens a crafted presentation. Microsoft’s advisory and multiple third‑party trackers place the CVSS...
Microsoft has published an advisory for CVE-2025-53717, a high‑impact elevation‑of‑privilege vulnerability in Windows Virtualization‑Based Security (VBS) Enclave that Microsoft characterizes as “reliance on untrusted inputs in a security decision.” The vendor‑published metrics list a CVSS v3.1...
Microsoft today disclosed CVE-2025-59236, a high-severity Microsoft Excel vulnerability that vendors and investigators classify as a use‑after‑free memory corruption capable of allowing remote delivery and local code execution when a specially crafted workbook is processed, and Microsoft has...