July 23, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple D-Link Products Vulnerabilities
July 16, 2025
Multiple WordPress Plugins Vulnerabilities
July 16, 2025
Multiple D-Link Products Vulnerabilities
July 16, 2025
Multiple WordPress Plugins Vulnerabilities
July 16, 2025
Severity
Medium
Analysis Summary
CVE-2025-47988 CVSS:7.5
Microsoft Azure Monitor could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper control of generation of code ('code injection') in Agent.
CVE-2025-21195 CVSS:6
Microsoft Azure Service Fabric could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper link resolution before file access ('link following') in Service Fabric Runtime.
CVE-2025-48001 CVSS:6.8
Microsoft Windows could allow a physical attacker to bypass security restrictions, caused by time-of-check time-of-use (toctou) race condition in BitLocker.
CVE-2025-48003 CVSS:6.8
Microsoft Windows could allow a physical attacker to bypass security restrictions, caused by protection mechanism failure in BitLocker.
CVE-2025-48800 CVSS:6.8
Microsoft Windows could allow a physical attacker to bypass security restrictions, caused by protection mechanism failure in BitLocker.
CVE-2025-48804 CVSS:6.8
Microsoft Windows could allow a physical attacker to bypass a security feature, caused by acceptance of extraneous untrusted data with trusted data in the BitLocker component.
CVE-2025-48818 CVSS:6.8
Microsoft Windows could allow a physical attacker to bypass security restrictions, caused by time-of-check time-of-use (toctou) race condition in BitLocker.
Impact
- Privilege Escalation
- Security Bypass
- Code Execution
Indicators of Compromise
CVE
CVE-2025-47988
CVE-2025-21195
CVE-2025-48001
CVE-2025-48003
CVE-2025-48800
CVE-2025-48804
CVE-2025-48818
Affected Vendors
- Microsoft
Affected Products
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows 10 for 32-bit Systems
- Microsoft Windows 10 for x64-based Systems
- Microsoft Windows 10 Version 1607 for 32-bit Systems
- Microsoft Windows 10 Version 1607 for x64-based Systems
- Microsoft Windows 10 Version 1809 for 32-bit Systems
- Microsoft Windows 10 Version 1809 for x64-based Systems
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
- Microsoft Windows Server 2022
- Microsoft Azure Service Fabric
- Microsoft Windows Server 2019 (Server Core installation)
- Microsoft Windows Server 2012 (Server Core installation)
- Microsoft Windows Server 2012 R2 (Server Core installation)
- Microsoft Windows Server 2016 (Server Core installation)
- Microsoft Azure Monitor Agent
- Microsoft Windows Server 2025
- Microsoft Windows 11 Version 24H2 for x64-based Systems
- Microsoft Windows 11 Version 24H2 for ARM64-based Systems
- Microsoft Windows 11 Version 23H2 for x64-based Systems
- Microsoft Windows 11 Version 23H2 for ARM64-based Systems
- Microsoft Windows Server 2025 (Server Core installation)
- Microsoft Windows 10 Version 22H2 for x64-based Systems
- Microsoft Windows 11 Version 22H2 for x64-based Systems
- Microsoft Windows 11 Version 22H2 for ARM64-based Systems
- Microsoft Windows 10 Version 21H2 for x64-based Systems
- Microsoft Windows 10 Version 22H2 for 32-bit Systems
- Microsoft Windows 10 Version 22H2 for ARM64-based Systems
- Microsoft Windows 10 Version 21H2 for ARM64-based Systems
- Microsoft Windows 10 Version 21H2 for 32-bit Systems
- Microsoft Windows Server 2022 23H2 Edition (Server Core installation)
Remediation
Refer to Microsoft Website for patch, upgrade, or suggested workaround information.