CVE-2023-36038 ASP.NET Core Denial of Service Vulnerability
Corrected Article links in the Security Updates table. This is an informational change only.
CVE-2025-59489 MITRE: CVE-2025-59489 Unity Gaming Engine Editor vulnerability
The following updates have been made to CVE-2025-59489: 1) In the Security Updates table, added Microsoft Mesh and Microsoft Mesh for Meta Quest as they affected by this vulnerability. 2) Further, to comprehensively address this vulnerability, Microsoft has released the 5.2514 build for these applications. Microsoft recommends that customers install the updates to be fully […]
Chromium: CVE-2025-11219 Use after free in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
Chromium: CVE-2025-11216 Inappropriate implementation in Storage
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
Chromium: CVE-2025-11215 Off by one error in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
Chromium: CVE-2025-11213 Inappropriate implementation in Omnibox
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
CVE-2025-59271 Redis Enterprise Elevation of Privilege Vulnerability
Information published.
CVE-2025-59252 M365 Copilot Spoofing Vulnerability
Information published.
CVE-2025-55321 Azure Monitor Log Analytics Spoofing Vulnerability
Improper neutralization of input during web page generation (‘cross-site scripting’) in Azure Monitor allows an authorized attacker to perform spoofing over a network.
CVE-2025-0033 AMD CVE-2025-0033: RMP Corruption During SNP Initialization
Microsoft is aware of [AMD-SB-3020 | CVE-2025-0033](http://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3020.html) disclosed by AMD on October 13, 2025. CVE-2025-0033 is a vulnerability in AMD EPYC processors using Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP). It involves a race condition during Reverse Map Table (RMP) initialization that could allow a malicious or compromised hypervisor to modify RMP entries before […]
