Microsoft Security Response Center Blog Alerts

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.

Information published.

Information published.

Improper neutralization of input during web page generation (‘cross-site scripting’) in Azure Monitor allows an authorized attacker to perform spoofing over a network.

Corrected Article links in the Security Updates table. This is an informational change only.

The following updates have been made to CVE-2025-59489: 1) In the Security Updates table, added Microsoft Mesh and Microsoft Mesh for Meta Quest as they affected by this vulnerability. 2) Further, to comprehensively address this vulnerability, Microsoft has released the 5.2514 build for these applications. Microsoft recommends that customers install the updates to be fully […]

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.

Microsoft is aware of [AMD-SB-3020 | CVE-2025-0033](http://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3020.html) disclosed by AMD on October 13, 2025. CVE-2025-0033 is a vulnerability in AMD EPYC processors using Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP). It involves a race condition during Reverse Map Table (RMP) initialization that could allow a malicious or compromised hypervisor to modify RMP entries before […]

Added acknowledgements. This is an informational change only.