CVE-2025-30389 Azure Bot Framework SDK Elevation of Privilege Vulnerability
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-30391 Microsoft Dynamics Information Disclosure Vulnerability
Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network.
Chromium: CVE-2025-3619 Heap buffer overflow in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
Chromium: CVE-2025-3620 Use after free in USB
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
CVE-2024-21302 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
To comprehensively address CVE-2024-21302, Microsoft has released April 2025 security updates for all supported editions of Windows. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
CVE-2025-29817 Microsoft Power Automate Desktop Information Disclosure Vulnerability
Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network.
CVE-2025-29808 Windows Cryptographic Services Information Disclosure Vulnerability
Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
CVE-2025-27728 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Out-of-bounds read in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2025-27467 Windows Digital Media Elevation of Privilege Vulnerability
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
CVE-2025-26641 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.
