CVE-2025-65037 Azure Container Apps Remote Code Execution Vulnerability
Published December 19, 2025
Improper control of generation of code (‘code injection’) in Azure Container Apps allows an unauthorized attacker to execute code over a network.
Microsoft Security Response Center Blog Alerts
CVE-2025-65041 Microsoft Partner Center Elevation of Privilege Vulnerability
Published December 19, 2025
Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-64663 Custom Question Answering Elevation of Privilege Vulnerability
Published December 19, 2025
Information published.
CVE-2025-64675 Azure Cosmos DB Spoofing Vulnerability
Published December 19, 2025
Improper neutralization of input during web page generation (‘cross-site scripting’) in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-64677 Office Out-of-Box Experience Spoofing Vulnerability
Published December 19, 2025
Improper neutralization of input during web page generation (‘cross-site scripting’) in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-65046 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Published December 19, 2025
Information published.
CVE-2025-64676 Microsoft Purview eDiscovery Remote Code Execution Vulnerability
Published December 19, 2025
‘…/…//’ in Microsoft Purview allows an authorized attacker to execute code over a network.
CVE-2024-6485 XSS in Bootstrap button component
Published December 19, 2025
Information published.
CVE-2025-38131 coresight: prevent deactivate active config while enabling the config
Published December 19, 2025
Information published.
CVE-2025-38126 net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping
Published December 19, 2025
Information published.
