Severity
High
Analysis Summary
CVE-2025-62569 CVSS:7
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2025-64666 CVSS:7.5
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2025-64667 CVSS:5.3
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62455 CVSS:7.8
Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally.
CVE-2025-64672 CVSS:8.8
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2025-62458 CVSS:7.8
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
Impact
- Gain Access
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-62569
CVE-2025-64666
CVE-2025-64667
CVE-2025-62455
CVE-2025-64672
CVE-2025-62458
Affected Vendors
- Microsoft
Affected Products
- Microsoft SharePoint Server Subscription Edition
- Microsoft Exchange Server 2016 Cumulative Update 23
- Microsoft Exchange Server 2019 Cumulative Update 14
- Microsoft Windows Server 2025
- Microsoft Windows 11 Version 24H2 for x64-based Systems
- Microsoft Windows 11 Version 24H2 for ARM64-based Systems
- Microsoft Windows Server 2025 (Server Core installation)
- Microsoft Exchange Server Subscription Edition RTM
- Microsoft Exchange Server 2019 Cumulative Update 15
- Microsoft Windows Server 2022 - 23H2 Edition (Server Core installation)
- Microsoft Windows 11 Version 25H2 for ARM64-based Systems
- Microsoft Windows 11 Version 25H2 for x64-based Systems
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.