CVE-2025-33053 Internet Shortcut Files Remote Code Execution Vulnerability
Corrected the CVE description and title. This is an informational change only.
CVE-2024-28923 Secure Boot Security Feature Bypass Vulnerability
Added an acknowledgement. This is an informational change only.
Chromium: CVE-2025-5958 Use after free in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2025-5959 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2025-32711 M365 Copilot Information Disclosure Vulnerability
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2025-47162 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-33053 Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability
External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network.
CVE-2025-33066 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-32715 Remote Desktop Protocol Client Information Disclosure Vulnerability
Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
CVE-2025-47957 Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.