CVE-2025-53772 CVSS:8.8

Microsoft Web Deploy could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data.

CVE-2025-53729 CVSS:7.8

Microsoft Azure File Sync could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control.

CVE-2025-53793 CVSS:7.5

Microsoft Azure Stack Hub could allow a local attacker to obtain sensitive information, caused by improper authentication that allows the exposure of private personal information to an unauthorized actor.

CVE-2025-53140 CVSS:7

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free error in the Kernel Transaction Manager component.

CVE-2025-53149 CVSS:7.8

Microsoft Windows is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the Kernel Streaming WOW Thunk Service Driver component. A local authenticated attacker could exploit this vulnerability to gain elevated privileges on the system.

CVE-2025-50154 CVSS:7.5

Microsoft Windows could allow a remote attacker to conduct spoofing attacks, caused by exposure of sensitive information to an unauthorized actor in the File Explorer.

CVE-2025-25005 CVSS:6.5

Microsoft Exchange Server could allow a remote attacker to obtain sensitive information, caused by an improper input validation error.

CVE-2025-53779 CVSS:7.2

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a relative path traversal in the Kerberos component.