November 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
SideWinder APT Group aka Rattlesnake Targeting Pakistan – Active IOCs
October 27, 2025Oracle VirtualBox Zero-Days Enable Full Control of Host Machines
October 28, 2025SideWinder APT Group aka Rattlesnake Targeting Pakistan – Active IOCs
October 27, 2025Oracle VirtualBox Zero-Days Enable Full Control of Host Machines
October 28, 2025
Severity
High
Analysis Summary
CVE-2025-59228 CVSS:8.8
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-59237 CVSS:8.8
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-59221 CVSS:7
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-59222 CVSS:7.8
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-59185 CVSS:6.5
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59244 CVSS:6.5
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-25004 CVSS:7.3
Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
CVE-2025-58718 CVSS:8.8
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2025-58737 CVSS:7
Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally.
CVE-2025-59502 CVSS:7.5
Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network.
CVE-2025-55240 CVSS:7.3
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
Impact
- Denial of Service
- Gain Access
- Code Execution
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-59228
CVE-2025-59237
CVE-2025-59221
CVE-2025-59222
CVE-2025-59185
CVE-2025-59244
CVE-2025-25004
CVE-2025-58718
CVE-2025-58737
CVE-2025-59502
CVE-2025-55240
Affected Vendors
- Microsoft
Affected Products
- Microsoft Windows 10 for 32-bit Systems
- Microsoft Windows 10 for x64-based Systems
- Microsoft Windows 10 Version 1607 for 32-bit Systems
- Microsoft Windows 10 Version 1607 for x64-based Systems
- Microsoft Windows 10 Version 1809 for 32-bit Systems
- Microsoft Windows 10 Version 1809 for x64-based Systems
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Server 2019
- Microsoft SharePoint Server Subscription Edition
- Microsoft Office LTSC for Mac 2021
- Microsoft Windows Server 2019 (Server Core installation)
- Microsoft Windows Server 2022 (Server Core installation)
- Microsoft Windows Server 2012 R2 (Server Core installation)
- Microsoft Windows Server 2016 (Server Core installation)
- Microsoft 365 Apps for Enterprise for 32-bit Systems
- Microsoft 365 Apps for Enterprise for 64-bit Systems
- Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
- Microsoft Office 2019 for 32-bit editions
- Microsoft Office 2019 for 64-bit editions
- Microsoft Office LTSC 2021 for 32-bit editions
- Microsoft Office LTSC 2021 for 64-bit editions
- Microsoft Visual Studio 2022 version 17.10
- Microsoft Windows Server 2025
- Microsoft Windows 11 Version 24H2 for x64-based Systems
- Microsoft Windows 11 Version 24H2 for ARM64-based Systems
- Microsoft Windows 11 Version 23H2 for x64-based Systems
- Microsoft Windows 11 Version 23H2 for ARM64-based Systems
- Microsoft Windows Server 2025 (Server Core installation)
- Microsoft Windows 10 Version 22H2 for x64-based Systems
- Microsoft Windows 11 Version 22H2 for x64-based Systems
- Microsoft Windows 11 Version 22H2 for ARM64-based Systems
- Microsoft Windows 10 Version 21H2 for x64-based Systems
- Microsoft Windows 10 Version 22H2 for 32-bit Systems
- Microsoft Windows 10 Version 22H2 for ARM64-based Systems
- Microsoft Windows 10 Version 21H2 for ARM64-based Systems
- Microsoft Office LTSC 2024 for 64-bit editions
- Microsoft Office LTSC 2024 for 32-bit editions
- Microsoft visual studio 2022 version 17.12
- Microsoft Office LTSC for Mac 2024
- Microsoft Word 2016 (64-bit edition)
- Microsoft Word 2016 (32-bit edition)
- Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
- Microsoft Windows App Client for Windows Desktop
- Microsoft Visual Studio 2022 version 17.14
- Microsoft Windows Server 2022 - 23H2 Edition (Server Core installation)
- Microsoft Windows 11 Version 25H2 for ARM64-based Systems
- Microsoft Windows 11 Version 25H2 for x64-based Systems
- Microsoft PowerShell 7.5
- Microsoft PowerShell 7.4
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.