cve 2025 60724

Microsoft has confirmed an information‑disclosure vulnerability affecting .NET, .NET Framework and Visual Studio — tracked as CVE‑2025‑55248 — and published cumulative security updates on October 14, 2025 to address it; public vulnerability trackers rate the flaw as medium (CVSS 3.1 = 4.8) and...

Microsoft’s advisory that assigns CVE‑2025‑59294 to a Windows Taskbar Live Preview information‑disclosure issue is a reminder that even seemingly cosmetic UI features can leak sensitive data when combined with physical access or weak endpoint physical security. Background / Overview The...

Microsoft’s security advisory lists CVE‑2025‑59186 as a Windows Kernel — Memory Information Disclosure issue that can permit a local, authorized actor to read sensitive kernel memory; Microsoft’s guidance is clear: apply the vendor-supplied update mapped in the Security Update Guide to fully...

Microsoft has assigned CVE‑2025‑59257 to a denial‑of‑service vulnerability in the Windows Local Session Manager (LSM) that, according to vendor metadata, allows an authorized attacker to crash or otherwise deny session services over a network; the issue is described as “improper validation of...

Microsoft has assigned CVE-2025-55677 to a newly disclosed elevation-of-privilege vulnerability in the Windows Device Association Broker Service: the vendor describes the root cause as an untrusted pointer dereference that lets an authorized local user escalate privileges, and Microsoft has...

A newly cataloged vulnerability, CVE-2025-59290, affects the Windows Bluetooth Service and is described by vendors and trackers as a use‑after‑free (UAF) memory‑corruption flaw that allows an authorized local attacker to elevate privileges on an affected host. A patch was published on October...

Microsoft’s advisory for CVE-2025-59243 names a memory-safety defect in Microsoft Excel that can lead to code execution when a specially crafted spreadsheet is opened, and organizations should treat the entry as a high-priority Office remediation event while applying layered mitigations and...

Microsoft has recorded CVE-2025-59185 as an external control of file name or path vulnerability in Windows Core Shell that Microsoft classifies as a spoofing issue and that security trackers map into the broader family of NTLM hash‑disclosure and spoofing problems that have been actively...

Microsoft’s October security roll-up includes a cluster of Inbox COM object fixes that together close a set of local code-execution and memory-corruption bugs; one of the more consequential entries is CVE-2025-59282, an IIS-related Inbox COM Objects (Global Memory) vulnerability that Microsoft...

Microsoft’s SharePoint on‑premises ecosystem is at the center of a high‑urgency security crisis: a cluster of remote code execution (RCE) and authentication‑bypass issues — widely tracked under CVE identifiers such as CVE‑2025‑49704, CVE‑2025‑49706 and the emergent “ToolShell” chain...

Microsoft has published an advisory for CVE-2025-55247, a .NET elevation-of-privilege vulnerability rooted in improper link resolution before file access (commonly called “link following”), which can allow an authorized local user to escalate privileges on affected systems; industry trackers...

Microsoft’s Security Update Guide lists CVE-2025-59204 as an information‑disclosure issue tied to the Windows Management Service, a privileged management‑plane component, and the advisory (as published in Microsoft’s interactive MSRC update guide) frames the vulnerability as presenting an...

Microsoft’s Security Update Guide lists CVE-2025-59286 as a “Copilot — Spoofing” entry, but a comprehensive public record and corroborating technical details for that exact identifier are not readily available in third‑party indexes at this time — treat the advisory as vendor‑asserted while you...