Request a Demo
Rewterz
SideWinder APT Group aka Rattlesnake Targeting Pakistan – Active IOCs
October 27, 2025
Rewterz
Oracle VirtualBox Zero-Days Enable Full Control of Host Machines
October 28, 2025

Multiple Microsoft Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-59228 CVSS:8.8

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2025-59237 CVSS:8.8

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2025-59221 CVSS:7

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-59222 CVSS:7.8

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-59185 CVSS:6.5

External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-59244 CVSS:6.5

External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-25004 CVSS:7.3

Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.

CVE-2025-58718 CVSS:8.8

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2025-58737 CVSS:7

Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally.

CVE-2025-59502 CVSS:7.5

Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network.

CVE-2025-55240 CVSS:7.3

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

Impact

  • Denial of Service
  • Gain Access
  • Code Execution
  • Privilege Escalation

Indicators of Compromise

CVE

  • CVE-2025-59228

  • CVE-2025-59237

  • CVE-2025-59221

  • CVE-2025-59222

  • CVE-2025-59185

  • CVE-2025-59244

  • CVE-2025-25004

  • CVE-2025-58718

  • CVE-2025-58737

  • CVE-2025-59502

  • CVE-2025-55240

Affected Vendors

  • Microsoft

Affected Products

  • Microsoft Windows 10 for 32-bit Systems
  • Microsoft Windows 10 for x64-based Systems
  • Microsoft Windows 10 Version 1607 for 32-bit Systems
  • Microsoft Windows 10 Version 1607 for x64-based Systems
  • Microsoft Windows 10 Version 1809 for 32-bit Systems
  • Microsoft Windows 10 Version 1809 for x64-based Systems
  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Server 2019
  • Microsoft SharePoint Server Subscription Edition
  • Microsoft Office LTSC for Mac 2021
  • Microsoft Windows Server 2019 (Server Core installation)
  • Microsoft Windows Server 2022 (Server Core installation)
  • Microsoft Windows Server 2012 R2 (Server Core installation)
  • Microsoft Windows Server 2016 (Server Core installation)
  • Microsoft 365 Apps for Enterprise for 32-bit Systems
  • Microsoft 365 Apps for Enterprise for 64-bit Systems
  • Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
  • Microsoft Office 2019 for 32-bit editions
  • Microsoft Office 2019 for 64-bit editions
  • Microsoft Office LTSC 2021 for 32-bit editions
  • Microsoft Office LTSC 2021 for 64-bit editions
  • Microsoft Visual Studio 2022 version 17.10
  • Microsoft Windows Server 2025
  • Microsoft Windows 11 Version 24H2 for x64-based Systems
  • Microsoft Windows 11 Version 24H2 for ARM64-based Systems
  • Microsoft Windows 11 Version 23H2 for x64-based Systems
  • Microsoft Windows 11 Version 23H2 for ARM64-based Systems
  • Microsoft Windows Server 2025 (Server Core installation)
  • Microsoft Windows 10 Version 22H2 for x64-based Systems
  • Microsoft Windows 11 Version 22H2 for x64-based Systems
  • Microsoft Windows 11 Version 22H2 for ARM64-based Systems
  • Microsoft Windows 10 Version 21H2 for x64-based Systems
  • Microsoft Windows 10 Version 22H2 for 32-bit Systems
  • Microsoft Windows 10 Version 22H2 for ARM64-based Systems
  • Microsoft Windows 10 Version 21H2 for ARM64-based Systems
  • Microsoft Office LTSC 2024 for 64-bit editions
  • Microsoft Office LTSC 2024 for 32-bit editions
  • Microsoft visual studio 2022 version 17.12
  • Microsoft Office LTSC for Mac 2024
  • Microsoft Word 2016 (64-bit edition)
  • Microsoft Word 2016 (32-bit edition)
  • Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
  • Microsoft Windows App Client for Windows Desktop
  • Microsoft Visual Studio 2022 version 17.14
  • Microsoft Windows Server 2022 - 23H2 Edition (Server Core installation)
  • Microsoft Windows 11 Version 25H2 for ARM64-based Systems
  • Microsoft Windows 11 Version 25H2 for x64-based Systems
  • Microsoft PowerShell 7.5
  • Microsoft PowerShell 7.4

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2025-59228

CVE-2025-59237

CVE-2025-59221

CVE-2025-59222

CVE-2025-59185

CVE-2025-59244

CVE-2025-25004

CVE-2025-58718

CVE-2025-58737

CVE-2025-59502

CVE-2025-55240