Microsoft Security Response Center Blog Alerts

CVE-2025-2925 HDF5 H5MM.c H5MM_realloc double free

Published December 20, 2025

Information published.

CVE-2025-2310 HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow

Published December 20, 2025

Information published.

CVE-2025-2153 HDF5 h5 File H5SM.c H5SM_delete heap-based overflow

Published December 20, 2025

Information published.

CVE-2025-64677 Office Out-of-Box Experience Spoofing Vulnerability

Published December 19, 2025

Improper neutralization of input during web page generation (‘cross-site scripting’) in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-65046 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Published December 19, 2025

Information published.

CVE-2025-65037 Azure Container Apps Remote Code Execution Vulnerability

Published December 19, 2025

Improper control of generation of code (‘code injection’) in Azure Container Apps allows an unauthorized attacker to execute code over a network.

CVE-2025-65041 Microsoft Partner Center Elevation of Privilege Vulnerability

Published December 19, 2025

Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-64663 Custom Question Answering Elevation of Privilege Vulnerability

Published December 19, 2025

Information published.

CVE-2025-64675 Azure Cosmos DB Spoofing Vulnerability

Published December 19, 2025

Improper neutralization of input during web page generation (‘cross-site scripting’) in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-38131 coresight: prevent deactivate active config while enabling the config

Published December 19, 2025

Information published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

AbuseIPDB Contributor Badge

© 2026, Network Services Group |  216.73.216.97
Contributor,  Detroit Internet Exchange