CVE-2025-65037 Azure Container Apps Remote Code Execution Vulnerability
Published December 19, 2025
Improper control of generation of code (‘code injection’) in Azure Container Apps allows an unauthorized attacker to execute code over a network.
Microsoft Security Response Center Blog Alerts
CVE-2025-65041 Microsoft Partner Center Elevation of Privilege Vulnerability
Published December 19, 2025
Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-64663 Custom Question Answering Elevation of Privilege Vulnerability
Published December 19, 2025
Information published.
CVE-2025-64675 Azure Cosmos DB Spoofing Vulnerability
Published December 19, 2025
Improper neutralization of input during web page generation (‘cross-site scripting’) in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-64677 Office Out-of-Box Experience Spoofing Vulnerability
Published December 19, 2025
Improper neutralization of input during web page generation (‘cross-site scripting’) in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-65046 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Published December 19, 2025
Information published.
CVE-2025-38074 vhost-scsi: protect vq->log_used with vq->mutex
Published December 19, 2025
Information published.
CVE-2025-38071 x86/mm: Check return value from memblock_phys_alloc_range()
Published December 19, 2025
Information published.
CVE-2025-38067 rseq: Fix segfault on registration when rseq_cs is non-zero
Published December 19, 2025
Information published.
CVE-2025-38063 dm: fix unconditional IO throttle caused by REQ_PREFLUSH
Published December 19, 2025
Information published.
