Microsoft Security Response Center Blog Alerts

CVE-2025-65037 Azure Container Apps Remote Code Execution Vulnerability

Published December 19, 2025

Improper control of generation of code (‘code injection’) in Azure Container Apps allows an unauthorized attacker to execute code over a network.

CVE-2025-65041 Microsoft Partner Center Elevation of Privilege Vulnerability

Published December 19, 2025

Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-64663 Custom Question Answering Elevation of Privilege Vulnerability

Published December 19, 2025

Information published.

CVE-2025-64675 Azure Cosmos DB Spoofing Vulnerability

Published December 19, 2025

Improper neutralization of input during web page generation (‘cross-site scripting’) in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-64677 Office Out-of-Box Experience Spoofing Vulnerability

Published December 19, 2025

Improper neutralization of input during web page generation (‘cross-site scripting’) in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-65046 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Published December 19, 2025

Information published.

Chromium: CVE-2025-14765 Out of bounds read and write in V8

Published December 19, 2025

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.