Msrc Windows 11 Version 25H2 vulnerabilities

CVE-2025-59190 [MEDIUM] CWE-20 Windows Search Service Denial of Service Vulnerability Windows Search Service Denial of Service Vulnerability Description: Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to access a malicious folder or directory. Users should never open anything that they d

CVE-2025-59203 [MEDIUM] CWE-532 Windows State Repository API Server File Information Disclosure Vulnerability Windows State Repository API Server File Information Disclosure Vulnerability Description: Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploi

CVE-2025-55695 [MEDIUM] CWE-125 Windows WLAN AutoConfig Service Information Disclosure Vulnerability Windows WLAN AutoConfig Service Information Disclosure Vulnerability Description: Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read portions of heap memory. Windows WLAN Auto

CVE-2025-55332 [MEDIUM] CWE-841 Windows BitLocker Security Feature Bypass Vulnerability Windows BitLocker Security Feature Bypass Vulnerability Description: Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A successful attacker could bypass the BitLocker Device Encryption feature on the system st

CVE-2025-59214 [MEDIUM] CWE-200 Microsoft Windows File Explorer Spoofing Vulnerability Microsoft Windows File Explorer Spoofing Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user would need to be tricked into opening a folder that contains a speci

CVE-2025-59209 [MEDIUM] CWE-200 Windows Push Notification Information Disclosure Vulnerability Windows Push Notification Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerab

CVE-2025-59211 [MEDIUM] CWE-200 Windows Push Notification Information Disclosure Vulnerability Windows Push Notification Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read portions of heap m

CVE-2025-58717 [MEDIUM] CWE-125 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could po

CVE-2025-55333 [MEDIUM] CWE-1023 Windows BitLocker Security Feature Bypass Vulnerability Windows BitLocker Security Feature Bypass Vulnerability Description: Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A successful attacker could bypass the BitLocker Device Encryption feature on the system st

CVE-2025-59198 [MEDIUM] CWE-20 Windows Search Service Denial of Service Vulnerability Windows Search Service Denial of Service Vulnerability Description: Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? The vulnerability can be exploited by a regular user without admin righ

CVE-2025-59197 [MEDIUM] CWE-532 Windows ETL Channel Information Disclosure Vulnerability Windows ETL Channel Information Disclosure Vulnerability Description: Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the local memory address

CVE-2025-59294 [LOW] CWE-200 Windows Taskbar Live Preview Information Disclosure Vulnerability Windows Taskbar Live Preview Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited thi

CVE-2025-6965 [HIGH] CWE-197 Integer Truncation on SQLite Integer Truncation on SQLite FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transp

CVE-2020-35538 [MEDIUM] CWE-476 A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is th