| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.
This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you. |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| Windows Storage Elevation of Privilege Vulnerability |
| Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally. |
| Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. |
| Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally. |
| Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally. |
| Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack. |
| Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
| Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. |
| Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. |
| Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. |
| External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network. |
| Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.
Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild.
Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation. |
| Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. |
