CVE-2025-59218 Azure Entra ID Elevation of Privilege Vulnerability
Published November 9, 2025
Azure Entra ID Elevation of Privilege Vulnerability
Microsoft Security Response Center Blog Alerts
CVE-2025-0033 AMD CVE-2025-0033: RMP Corruption During SNP Initialization
Published November 9, 2025
Microsoft is aware of [AMD-SB-3020 | CVE-2025-0033](http://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3020.html) disclosed by AMD on October 13, 2025. CVE-2025-0033 is a vulnerability in AMD EPYC processors using Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP). It involves a race condition during Reverse Map Table (RMP) initialization that could allow a malicious or compromised hypervisor to modify RMP entries before […]
CVE-2025-59220 Windows Bluetooth Service Elevation of Privilege Vulnerability
Published November 9, 2025
Added acknowledgements. This is an informational change only.
Chromium: CVE-2025-11211 Out of bounds read in WebCodecs
Published November 9, 2025
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
Chromium: CVE-2025-11460 Use after free in Storage
Published November 9, 2025
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
Chromium: CVE-2025-11458 Heap buffer overflow in Sync
Published November 9, 2025
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
CVE-2025-59286 Copilot Spoofing Vulnerability
Published November 9, 2025
Information published.
CVE-2025-59272 Copilot Spoofing Vulnerability
Published November 9, 2025
Information published.
Chromium: CVE-2025-12433 Inappropriate implementation in V8
Published November 9, 2025
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
Chromium: CVE-2025-12432 Race in V8
Published November 9, 2025
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
