Analysis Summary

CVE-2025-24053 CVSS:7.2

Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.

CVE-2025-24076 CVSS:7.3

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

CVE-2025-24072 CVSS:7.8

Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally.

CVE-2025-24998 CVSS:7.3

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

CVE-2025-26630 CVSS:7.8

Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally.

CVE-2025-25003 CVSS:7.3

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

CVE-2025-24989 CVSS:8.2

Microsoft Power Pages could allow a remote attacker to gain elevated privileges on the system, caused by improper access control.

CVE-2025-21355 CVSS:8.6

Microsoft Bing could allow a remote attacker to execute arbitrary code on the system, caused by improper authentication validation.

Impact

• Privilege Escalation
• Code Execution

Indicators of Compromise

CVE

• CVE-2025-24053

• CVE-2025-24076

• CVE-2025-24072

• CVE-2025-24998

• CVE-2025-26630

• CVE-2025-25003

• CVE-2025-24989

• CVE-2025-21355

Affected Vendors

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2025-24053

CVE-2025-24076

CVE-2025-24072

CVE-2025-24998

CVE-2025-26630

CVE-2025-25003

CVE-2025-24989

CVE-2025-21355