CVE-2025-60716 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Published November 15, 2025
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
Microsoft Security Response Center Blog Alerts
CVE-2025-59515 Windows Broadcast DVR User Service Elevation of Privilege Vulnerability
Published November 15, 2025
Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59509 Windows Speech Recognition Information Disclosure Vulnerability
Published November 15, 2025
Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.
CVE-2025-59508 Windows Speech Recognition Elevation of Privilege Vulnerability
Published November 15, 2025
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2025-59505 Windows Smart Card Reader Elevation of Privilege Vulnerability
Published November 15, 2025
Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.
CVE-2025-62452 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Published November 15, 2025
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2025-47179 Configuration Manager Elevation of Privilege Vulnerability
Published November 15, 2025
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-59507 Windows Speech Runtime Elevation of Privilege Vulnerability
Published November 15, 2025
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2025-59506 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Published November 15, 2025
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows DirectX allows an authorized attacker to elevate privileges locally.
Chromium: CVE-2025-13042 Inappropriate implementation in V8
Published November 15, 2025
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
