June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Gafgyt aka Bashlite Malware – Active IOCs
April 17, 2025
ICS: Multiple Hitachi Vantara Pentaho Vulnerabilities
April 17, 2025
Gafgyt aka Bashlite Malware – Active IOCs
April 17, 2025
ICS: Multiple Hitachi Vantara Pentaho Vulnerabilities
April 17, 2025
Severity
High
Analysis Summary
CVE-2025-27470 CVSS:7.5
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-26688 CVSS:7.8
Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.
CVE-2025-26686 CVSS:7.5
Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
CVE-2025-26687 CVSS:7.5
Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-26680 CVSS:7.5
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-26681 CVSS:6.7
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2025-26668 CVSS:7.5
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-26667 CVSS:6.5
Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-26669 CVSS:8.6
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-26666 CVSS:7.8
Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.
CVE-2025-26665 CVSS:7
Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.
CVE-2025-26664 CVSS:6.5
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-26663 CVSS:8.1
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.
CVE-2025-29796 CVSS:4.7
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-29815 CVSS:7.6
Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network.
CVE-2025-25001 CVSS:4.3
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-25000 CVSS:8.8
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2025-21384 CVSS:8.3
An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
CVE-2025-29795 CVSS:7.8
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.
Impact
- Denial of Service
- Gain Access
- Code Execution
- Buffer Overflow
- Privilege Escalation
- Cross-Site Scripting
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2025-27470
- CVE-2025-26688
- CVE-2025-26686
- CVE-2025-26687
- CVE-2025-26680
- CVE-2025-26681
- CVE-2025-26668
- CVE-2025-26667
- CVE-2025-26669
- CVE-2025-26666
- CVE-2025-26665
- CVE-2025-26664
- CVE-2025-26663
- CVE-2025-29796
- CVE-2025-29815
- CVE-2025-25001
- CVE-2025-25000
- CVE-2025-21384
- CVE-2025-29795
Affected Vendors
- Microsoft
Affected Products
- Microsoft Azure Health Bot
- Microsoft Windows 10 Version 1809 - 10.0.17763.0
- Microsoft Windows Server 2019 - 10.0.17763.0
- Microsoft Windows Server 2019 (Server Core installation) - 10.0.17763.0
- Microsoft Windows Server 2022 - 10.0.20348.0
- Microsoft Windows 11 version 22H2 - 10.0.22621.0
- Microsoft Windows 10 Version 22H2 - 10.0.19045.0
- Microsoft Windows Server 2025 (Server Core installation) - 10.0.26100.0
- Microsoft Windows 11 version 22H3 - 10.0.22631.0
- Microsoft Windows Server 2012 (Server Core installation) - 6.2.9200.0
- Microsoft Windows Server 2012 R2 - 6.3.9600.0
- Microsoft Windows Server 2012 R2 (Server Core installation) - 6.3.9600.0
- Microsoft Windows 11 Version 23H2 - 10.0.22631.0
- Microsoft Windows Server 2012 - 6.2.9200.0
- Microsoft Windows 11 Version 24H2 - 10.0.26100.0
- Microsoft Windows Server 2016 - 10.0.14393.0
- Microsoft Windows Server 2016 (Server Core installation) - 10.0.14393.0
- Microsoft Windows 10 Version 21H2 - 10.0.19043.0
- Microsoft Windows Server 2025 - 10.0.26100.0
- Microsoft Windows 10 Version 1607 - 10.0.14393.0
- Microsoft Edge Update Setup - 1.0.0.0
- Microsoft Edge for iOS - 1.0.0.0
- Microsoft Windows 10 Version 1507
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.
