cve 2025 60724

FRRouting has been flagged for a serious Denial-of-Service hole: a NULL pointer dereference in OSPF packet handling (CVE-2025-61107) that can crash the ospfd daemon when a crafted LSA Update containing an opaque LSA is processed, and the problem was patched upstream via a targeted set of checks...

CISA’s addition of a Fortinet authentication‑bypass bug to the Known Exploited Vulnerabilities (KEV) Catalog spotlights a high‑risk class of flaws: improper verification of cryptographic signatures in SAML responses. The vulnerability, tracked as CVE‑2025‑59718, affects multiple Fortinet...

This advisory explains CVE-2025-6075 (quadratic complexity in os.path.expandvars, what Microsoft’s MSRC statement means when it calls out Azure Linux, and practical steps for defenders to verify and remediate exposure across Microsoft products and services. Executive summary — short answer...

Microsoft’s advisory tracker lists CVE-2025-62207 as an Elevation of Privilege vulnerability affecting Azure Monitor components, but public technical details are currently limited and the vendor entry does not disclose an exploit proof‑of‑concept; defenders should treat this as an urgent signal...

Microsoft’s November patch cycle exposed a widespread and urgent remote‑code execution risk in the Microsoft Graphics Component (GDI+) that national incident response teams have flagged as high severity — a heap‑based buffer overflow (tracked as CVE‑2025‑60724) that can be triggered by specially...

Microsoft’s November security cycle delivered a high‑urgency wake‑up call: a heap‑based buffer overflow in the Microsoft Graphics Component (GDI+), tracked as CVE‑2025‑60724, can lead to remote code execution across a wide range of Windows and Microsoft Office platforms — and national incident...

The Indian national CERT’s “HIGH” severity advisory tied to CVE‑2025‑60724 is more than a regional warning — it points to a critical heap‑based buffer‑overflow in the Microsoft Graphics Component (GDI+) that Microsoft has already fixed, and which affects a wide range of Windows, Office and...

Microsoft’s November Patch Tuesday landed a high‑urgency security wake‑up call: a critical heap‑based buffer overflow in the Microsoft Graphics Component (GDI+) — tracked as CVE‑2025‑60724 — plus multiple browser and Office fixes that together widen the attack surface for both consumer PCs and...

Microsoft has shipped the November 2025 security rollup and an urgent out‑of‑band (OOB) patch that fixes a bug which prevented some Windows 10 PCs from enrolling in the consumer Extended Security Updates (ESU) program — a release that also closes an actively exploited Windows kernel zero‑day and...

Microsoft has published an advisory for CVE-2025-59505: a local Elevation of Privilege (EoP) in the Windows Smart Card subsystem that Microsoft classifies as a double‑free (CWE‑415) memory‑corruption bug; community trackers assign a CVSS v3.1 base score of 7.8 (High) and report vendor-supplied...

Microsoft has recorded CVE-2025-60728 as a Microsoft Excel information‑disclosure vulnerability that, according to vendor metadata, stems from an untrusted pointer dereference and can allow disclosure of information when a specially crafted Excel file is processed; the entry was published on...

Microsoft has published an advisory for CVE‑2025‑60721, a high‑severity elevation‑of‑privilege flaw that targets the new Windows Administrator Protection elevation flow and can let a local, authenticated attacker obtain administrative‑equivalent privileges by abusing a privilege context...

Microsoft has published a security update addressing CVE-2025-60723, a race-condition vulnerability in the DirectX Graphics Kernel that can be manipulated by an authenticated, low‑privilege attacker to trigger a denial‑of‑service (DoS) on affected Windows hosts; Microsoft’s fix was released as...

Microsoft has published a security update addressing CVE-2025-60715 — a heap‑based buffer‑overflow in the Windows Routing and Remote Access Service (RRAS) that can lead to remote code execution on RRAS‑enabled hosts, and administrators should treat any internet‑facing or otherwise reachable RRAS...

Microsoft’s public advisories list CVE-2025-60713 as a genuine, high‑priority vulnerability in the Windows Routing and Remote Access Service (RRAS) that can allow a local, low‑privileged user to elevate to higher privileges through an untrusted pointer dereference in RRAS — administrators must...

Microsoft has assigned CVE-2025-62219 to a newly disclosed local elevation‑of‑privilege defect in the Windows Wireless Provisioning System — a double‑free memory corruption that, if successfully exploited by a low‑privileged local actor, can permit privilege escalation to higher system...

Microsoft has assigned CVE‑2025‑60722 to an elevation of privilege vulnerability affecting OneDrive for Android; the vendor entry in Microsoft’s Security Update Guide confirms the record while public technical details remain sparse, leaving security teams to treat the issue as a priority for...

Microsoft has published an advisory for CVE‑2025‑60710, an elevation‑of‑privilege vulnerability in the Host Process for Windows Tasks (commonly exposed as taskhostw / taskhostex), and security teams must treat this as a high‑priority local escalation risk until their estates are confirmed...

Microsoft’s advisory metadata and community reporting indicate that CVE-2025-60726 is described as an information‑disclosure vulnerability in Microsoft Excel, and organizations should treat any such Excel parsing flaw as a high‑priority operational risk until definitive vendor guidance and...

Microsoft has confirmed a denial‑of‑service flaw in the Storvsp.sys storage Virtualization Service Provider (VSP) driver — tracked as CVE‑2025‑60708 — that allows a locally authorized attacker to trigger a kernel‑mode crash by exploiting an untrusted pointer dereference in the driver, and...