Request a Demo
Rewterz
Multiple D-Link Products Vulnerabilities
July 16, 2025
Rewterz
Multiple WordPress Plugins Vulnerabilities
July 16, 2025

Multiple Microsoft Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-47988 CVSS:7.5

Microsoft Azure Monitor could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper control of generation of code ('code injection') in Agent.

CVE-2025-21195 CVSS:6

Microsoft Azure Service Fabric could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper link resolution before file access ('link following') in Service Fabric Runtime.

CVE-2025-48001 CVSS:6.8

Microsoft Windows could allow a physical attacker to bypass security restrictions, caused by time-of-check time-of-use (toctou) race condition in BitLocker.

CVE-2025-48003 CVSS:6.8

Microsoft Windows could allow a physical attacker to bypass security restrictions, caused by protection mechanism failure in BitLocker.

CVE-2025-48800 CVSS:6.8

Microsoft Windows could allow a physical attacker to bypass security restrictions, caused by protection mechanism failure in BitLocker.

CVE-2025-48804 CVSS:6.8

Microsoft Windows could allow a physical attacker to bypass a security feature, caused by acceptance of extraneous untrusted data with trusted data in the BitLocker component.

CVE-2025-48818 CVSS:6.8

Microsoft Windows could allow a physical attacker to bypass security restrictions, caused by time-of-check time-of-use (toctou) race condition in BitLocker.

Impact

  • Privilege Escalation
  • Security Bypass
  • Code Execution

Indicators of Compromise

CVE

  • CVE-2025-47988

  • CVE-2025-21195

  • CVE-2025-48001

  • CVE-2025-48003

  • CVE-2025-48800

  • CVE-2025-48804

  • CVE-2025-48818

Affected Vendors

  • Microsoft

Affected Products

  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2019
  • Microsoft Windows 10 for 32-bit Systems
  • Microsoft Windows 10 for x64-based Systems
  • Microsoft Windows 10 Version 1607 for 32-bit Systems
  • Microsoft Windows 10 Version 1607 for x64-based Systems
  • Microsoft Windows 10 Version 1809 for 32-bit Systems
  • Microsoft Windows 10 Version 1809 for x64-based Systems
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2022
  • Microsoft Azure Service Fabric
  • Microsoft Windows Server 2019 (Server Core installation)
  • Microsoft Windows Server 2012 (Server Core installation)
  • Microsoft Windows Server 2012 R2 (Server Core installation)
  • Microsoft Windows Server 2016 (Server Core installation)
  • Microsoft Azure Monitor Agent
  • Microsoft Windows Server 2025
  • Microsoft Windows 11 Version 24H2 for x64-based Systems
  • Microsoft Windows 11 Version 24H2 for ARM64-based Systems
  • Microsoft Windows 11 Version 23H2 for x64-based Systems
  • Microsoft Windows 11 Version 23H2 for ARM64-based Systems
  • Microsoft Windows Server 2025 (Server Core installation)
  • Microsoft Windows 10 Version 22H2 for x64-based Systems
  • Microsoft Windows 11 Version 22H2 for x64-based Systems
  • Microsoft Windows 11 Version 22H2 for ARM64-based Systems
  • Microsoft Windows 10 Version 21H2 for x64-based Systems
  • Microsoft Windows 10 Version 22H2 for 32-bit Systems
  • Microsoft Windows 10 Version 22H2 for ARM64-based Systems
  • Microsoft Windows 10 Version 21H2 for ARM64-based Systems
  • Microsoft Windows 10 Version 21H2 for 32-bit Systems
  • Microsoft Windows Server 2022 23H2 Edition (Server Core installation)

Remediation

Refer to Microsoft Website for patch, upgrade, or suggested workaround information.

CVE-2025-47988

CVE-2025-21195

CVE-2025-48001

CVE-2025-48003

CVE-2025-48800

CVE-2025-48804

CVE-2025-48818