Microsoft Security Response Center Blog Alerts

CVE-2025-30390 Azure ML Compute Elevation of Privilege Vulnerability

Posted on Wednesday April 30, 2025

Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.

 

CVE-2025-33074 Azure Functions Remote Code Execution Vulnerability

Posted on Wednesday April 30, 2025

Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network.

 

CVE-2025-30389 Azure Bot Framework SDK Elevation of Privilege Vulnerability

Posted on Wednesday April 30, 2025

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.

 

CVE-2025-30391 Microsoft Dynamics Information Disclosure Vulnerability

Posted on Wednesday April 30, 2025

Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network.

 

Chromium: CVE-2025-3619 Heap buffer overflow in Codecs

Posted on Thursday April 17, 2025

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.

 

Chromium: CVE-2025-3620 Use after free in USB

Posted on Thursday April 17, 2025

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.

 

Page:   1...252627282930313233...172

Celebrating 35+ Years

Off-Site Cloud Backups

Contact Us

Support Ends for Windows 10 22H2, Windows Server 2012 R2, Exchange 2013, Office 2016