Severity
High
Analysis Summary
CVE-2025-48004 CVSS:7.4
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
CVE-2025-59189 CVSS:7.4
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
CVE-2025-59497 CVSS:7
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.
CVE-2025-58722 CVSS:7.8
Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally.
CVE-2025-59254 CVSS:7.8
Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally.
CVE-2025-53782 CVSS:8.4
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
CVE-2025-59249 CVSS:8.8
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
CVE-2025-59248 CVSS:7.5
Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59195 CVSS:7
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally.
CVE-2025-59229 CVSS:5.5
Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally.
CVE-2025-59226 CVSS:7.8
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
CVE-2025-59238 CVSS:7.8
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
Impact
- Denial of Service
- Gain Access
- Code Execution
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-48004
CVE-2025-59189
CVE-2025-59497
CVE-2025-58722
CVE-2025-59254
CVE-2025-53782
CVE-2025-59249
CVE-2025-59248
CVE-2025-59195
CVE-2025-59229
CVE-2025-59226
CVE-2025-59238
Affected Vendors
- Microsoft
Affected Products
- Microsoft Defender for Endpoint for Linux
- Microsoft Exchange Server 2016 Cumulative Update 23
- Microsoft Exchange Server 2019 Cumulative Update 14
- Microsoft 365 Apps for Enterprise for 32-bit Systems
- Microsoft 365 Apps for Enterprise for 64-bit Systems
- Microsoft Windows Server 2025
- Microsoft Windows 11 Version 24H2 for x64-based Systems
- Microsoft Windows 11 Version 24H2 for ARM64-based Systems
- Microsoft Windows 11 Version 23H2 for x64-based Systems
- Microsoft Windows 11 Version 23H2 for ARM64-based Systems
- Microsoft Windows Server 2025 (Server Core installation)
- Microsoft Windows 11 Version 22H2 for x64-based Systems
- Microsoft Windows 11 Version 22H2 for ARM64-based Systems
- Microsoft Office LTSC 2024 for 64-bit editions
- Microsoft Office LTSC 2024 for 32-bit editions
- Microsoft Exchange Server Subscription Edition RTM
- Microsoft Exchange Server 2019 Cumulative Update 15
- Microsoft Windows Server 2022 - 23H2 Edition (Server Core installation)
- Microsoft Windows 11 Version 25H2 for ARM64-based Systems
- Microsoft Windows 11 Version 25H2 for x64-based Systems
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.