CVE-2025-30389 Azure Bot Framework SDK Elevation of Privilege Vulnerability
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-30391 Microsoft Dynamics Information Disclosure Vulnerability
Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network.
Chromium: CVE-2025-3619 Heap buffer overflow in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
Chromium: CVE-2025-3620 Use after free in USB
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
CVE-2025-29817 Microsoft Power Automate Desktop Information Disclosure Vulnerability
Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network.
CVE-2024-21302 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
To comprehensively address CVE-2024-21302, Microsoft has released April 2025 security updates for all supported editions of Windows. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
CVE-2025-29809 Windows Kerberos Security Feature Bypass Vulnerability
Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.
CVE-2025-27729 Windows Shell Remote Code Execution Vulnerability
Use after free in Windows Shell allows an unauthorized attacker to execute code locally.
CVE-2025-26679 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally.
CVE-2025-26640 Windows Digital Media Elevation of Privilege Vulnerability
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
