cvelistv5 - cve-2025-60710

CVE-2025-60710 (GCVE-0-2025-60710)

Vulnerability from cvelistv5 – Published: 2025-11-11 17:59 – Updated: 2025-12-16 17:21

Title

Host Process for Windows Tasks Elevation of Privilege Vulnerability

Summary

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Assigner

microsoft

References

URL

Tags

https://msrc.microsoft.com/update-guide/vulnerabi…

vendor-advisory

Impacted products

Vendor

Product

Version

Microsoft

Windows Server 2025 (Server Core installation)

Affected: 10.0.26100.0 , < 10.0.26100.7462 (custom)

Microsoft	Windows 11 Version 25H2	Affected: 10.0.26200.0 , < 10.0.26200.7462 (custom)
Microsoft	Windows 11 Version 24H2	Affected: 10.0.26100.0 , < 10.0.26100.7462 (custom)
Microsoft	Windows Server 2025	Affected: 10.0.26100.0 , < 10.0.26100.7462 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-60710",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-12T04:57:39.596311Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-11T15:40:49.287Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-12-16T17:21:13.750Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-60710-detection-script-eop-vulnerability-in-host-process-for-windows-tasks"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-60710-mitigation-script-eop-vulnerability-in-host-process-for-windows-tasks"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2025 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.7462",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Windows 11 Version 25H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26200.7462",
              "status": "affected",
              "version": "10.0.26200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 24H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.7462",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2025",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.7462",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.26100.7462",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.26200.7462",
                  "versionStartIncluding": "10.0.26200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.26100.7462",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.26100.7462",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-11-11T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper link resolution before file access (\u0027link following\u0027) in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T22:39:32.938Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Host Process for Windows Tasks Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710"
        }
      ],
      "title": "Host Process for Windows Tasks Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-60710",
    "datePublished": "2025-11-11T17:59:25.479Z",
    "dateReserved": "2025-09-26T05:03:24.536Z",
    "dateUpdated": "2025-12-16T17:21:13.750Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-60710\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2025-11-11T18:15:39.073\",\"lastModified\":\"2025-12-16T18:16:13.323\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper link resolution before file access (\u0027link following\u0027) in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.26200.7092\",\"matchCriteriaId\":\"5A547AA3-FC6B-46D9-8D22-995C3CA33140\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/cve-2025-60710-detection-script-eop-vulnerability-in-host-process-for-windows-tasks\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.vicarius.io/vsociety/posts/cve-2025-60710-mitigation-script-eop-vulnerability-in-host-process-for-windows-tasks\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.vicarius.io/vsociety/posts/cve-2025-60710-detection-script-eop-vulnerability-in-host-process-for-windows-tasks\"}, {\"url\": \"https://www.vicarius.io/vsociety/posts/cve-2025-60710-mitigation-script-eop-vulnerability-in-host-process-for-windows-tasks\"}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-12-16T17:21:13.750Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-60710\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-12T04:57:39.596311Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-11T15:15:33.924Z\"}}], \"cna\": {\"title\": \"Host Process for Windows Tasks Elevation of Privilege Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Windows Server 2025 (Server Core installation)\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.26100.0\", \"lessThan\": \"10.0.26100.7462\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows 11 Version 25H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.26200.0\", \"lessThan\": \"10.0.26200.7462\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows 11 Version 24H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.26100.0\", \"lessThan\": \"10.0.26100.7462\", \"versionType\": \"custom\"}], \"platforms\": [\"ARM64-based Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows Server 2025\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.26100.0\", \"lessThan\": \"10.0.26100.7462\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}], \"datePublic\": \"2025-11-11T08:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710\", \"name\": \"Host Process for Windows Tasks Elevation of Privilege Vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Improper link resolution before file access (\u0027link following\u0027) in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-59\", \"description\": \"CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.26100.7462\", \"versionStartIncluding\": \"10.0.26100.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.26200.7462\", \"versionStartIncluding\": \"10.0.26200.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.26100.7462\", \"versionStartIncluding\": \"10.0.26100.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.26100.7462\", \"versionStartIncluding\": \"10.0.26100.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2025-12-09T22:39:32.938Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-60710\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-16T17:21:13.750Z\", \"dateReserved\": \"2025-09-26T05:03:24.536Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2025-11-11T17:59:25.479Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2025-AVI-0996

Vulnerability from certfr_avis - Published: 2025-11-12 - Updated: 2025-11-12

De multiples vulnérabilités ont été découvertes dans Microsoft Windows. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Microsoft indique que la vulnérabilité CVE-2025-62215 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes x64 versions antérieures à 10.0.19045.6575
Microsoft	Windows	Windows 10 Version 1607 pour systèmes x64 versions antérieures à 10.0.14393.8594
Microsoft	Windows	Windows 10 pour systèmes x64 versions antérieures à 10.0.10240.21161
Microsoft	Windows	Windows Server 2025 (Server Core installation) versions antérieures à 10.0.26100.7092
Microsoft	Windows	Windows Server 2022 versions antérieures à 10.0.20348.4346
Microsoft	Windows	Windows Server 2022 (Server Core installation) versions antérieures à 10.0.20348.4346
Microsoft	Windows	Windows Subsystem pour Linux GUI versions antérieures à 2.6.2
Microsoft	Windows	Windows Server 2012 (Server Core installation) versions antérieures à 6.2.9200.25768
Microsoft	Windows	Windows Server 2019 versions antérieures à 10.0.17763.8027
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes 32 bits versions antérieures à 10.0.19044.6575
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.19045.6575
Microsoft	Windows	Windows 11 Version 22H2 pour systèmes x64 versions antérieures à 10.0.22631.6060
Microsoft	Windows	Windows 11 Version 23H2 pour systèmes x64 versions antérieures à 10.0.22631.6199
Microsoft	Windows	Windows Server 2019 (Server Core installation) versions antérieures à 10.0.17763.8027
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes 32 bits versions antérieures à 10.0.19045.6575
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes x64 versions antérieures à 10.0.19044.6575
Microsoft	Windows	Windows Server 2012 versions antérieures à 6.2.9200.25768
Microsoft	Windows	Windows 10 Version 1809 pour systèmes x64 versions antérieures à 10.0.17763.8027
Microsoft	Windows	Windows Server 2008 R2 pour systèmes x64 Service Pack 1 versions antérieures à 6.1.7601.28021
Microsoft	Windows	Windows 11 Version 25H2 pour systèmes ARM64 versions antérieures à 10.0.26200.7092
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes ARM64 versions antérieures à 10.0.19044.6575
Microsoft	Windows	Windows Server 2016 (Server Core installation) versions antérieures à 10.0.14393.8594
Microsoft	Windows	Windows Server 2025 versions antérieures à 10.0.26100.7092
Microsoft	Windows	Windows Server 2008 pour systèmes x64 Service Pack 2 versions antérieures à 6.0.6003.23624
Microsoft	Windows	Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) versions antérieures à 6.0.6003.23624
Microsoft	Windows	Windows 10 Version 1607 pour systèmes 32 bits versions antérieures à 10.0.14393.8594
Microsoft	Windows	Windows 11 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.22631.6060
Microsoft	Windows	Windows Server 2008 pour systèmes 32 bits Service Pack 2 versions antérieures à 6.0.6003.23624
Microsoft	Windows	Windows Server 2012 R2 (Server Core installation) versions antérieures à 6.3.9600.22869
Microsoft	Windows	Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) versions antérieures à 6.1.7601.28021
Microsoft	Windows	Windows 11 Version 24H2 pour systèmes ARM64 versions antérieures à 10.0.26100.7092
Microsoft	Windows	Windows Server 2016 versions antérieures à 10.0.14393.8594
Microsoft	Windows	Windows Server 2022, 23H2 Edition (Server Core installation) versions antérieures à 10.0.25398.1965
Microsoft	Windows	Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) versions antérieures à 6.0.6003.23624
Microsoft	Windows	Windows 11 Version 24H2 pour systèmes x64 versions antérieures à 10.0.26100.7092
Microsoft	Windows	Windows 11 Version 23H2 pour systèmes ARM64 versions antérieures à 10.0.22631.6199
Microsoft	Windows	Windows 10 Version 1809 pour systèmes 32 bits versions antérieures à 10.0.17763.8027
Microsoft	Windows	Windows 11 Version 25H2 pour systèmes x64 versions antérieures à 10.0.26200.7092
Microsoft	Windows	Windows 10 pour systèmes 32 bits versions antérieures à 10.0.10240.21161

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft Windows CVE-2025-60721	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60707	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59514	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60716	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60717	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60720	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59510	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59509	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-62219	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-62213	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60708	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60706	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59513	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59506	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59515	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59507	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60714	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-62215	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-62209	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-62208	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60715	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-62220	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60723	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60719	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-62217	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59512	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-62452	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59505	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60724	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60704	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60713	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60710	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60709	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59511	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60703	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59508	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60718	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60705	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-62218	2025-11-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19045.6575",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.14393.8594",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.10240.21161",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2025 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.26100.7092",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 versions ant\u00e9rieures \u00e0 10.0.20348.4346",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.20348.4346",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Subsystem pour Linux GUI versions ant\u00e9rieures \u00e0 2.6.2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 (Server Core installation) versions ant\u00e9rieures \u00e0 6.2.9200.25768",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 versions ant\u00e9rieures \u00e0 10.0.17763.8027",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19044.6575",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19045.6575",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22631.6060",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 23H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22631.6199",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.17763.8027",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19045.6575",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19044.6575",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 versions ant\u00e9rieures \u00e0 6.2.9200.25768",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.17763.8027",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 versions ant\u00e9rieures \u00e0 6.1.7601.28021",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 25H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.26200.7092",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19044.6575",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.14393.8594",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2025 versions ant\u00e9rieures \u00e0 10.0.26100.7092",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 versions ant\u00e9rieures \u00e0 6.0.6003.23624",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.0.6003.23624",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.14393.8594",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22631.6060",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 versions ant\u00e9rieures \u00e0 6.0.6003.23624",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.3.9600.22869",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation) versions ant\u00e9rieures \u00e0 6.1.7601.28021",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 24H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.26100.7092",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 versions ant\u00e9rieures \u00e0 10.0.14393.8594",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022, 23H2 Edition (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.25398.1965",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.0.6003.23624",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 24H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.26100.7092",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 23H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22631.6199",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.17763.8027",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 25H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.26200.7092",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.10240.21161",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-60714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60714"
    },
    {
      "name": "CVE-2025-62209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62209"
    },
    {
      "name": "CVE-2025-62213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62213"
    },
    {
      "name": "CVE-2025-59507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59507"
    },
    {
      "name": "CVE-2025-60719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60719"
    },
    {
      "name": "CVE-2025-60709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60709"
    },
    {
      "name": "CVE-2025-62217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62217"
    },
    {
      "name": "CVE-2025-59510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59510"
    },
    {
      "name": "CVE-2025-60705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60705"
    },
    {
      "name": "CVE-2025-60716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60716"
    },
    {
      "name": "CVE-2025-62215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62215"
    },
    {
      "name": "CVE-2025-59514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59514"
    },
    {
      "name": "CVE-2025-62452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62452"
    },
    {
      "name": "CVE-2025-60704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60704"
    },
    {
      "name": "CVE-2025-60720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60720"
    },
    {
      "name": "CVE-2025-60724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60724"
    },
    {
      "name": "CVE-2025-60708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60708"
    },
    {
      "name": "CVE-2025-60723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60723"
    },
    {
      "name": "CVE-2025-60706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60706"
    },
    {
      "name": "CVE-2025-60718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60718"
    },
    {
      "name": "CVE-2025-60713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60713"
    },
    {
      "name": "CVE-2025-59505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59505"
    },
    {
      "name": "CVE-2025-59515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59515"
    },
    {
      "name": "CVE-2025-60707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60707"
    },
    {
      "name": "CVE-2025-62220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62220"
    },
    {
      "name": "CVE-2025-59513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59513"
    },
    {
      "name": "CVE-2025-59511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59511"
    },
    {
      "name": "CVE-2025-60715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60715"
    },
    {
      "name": "CVE-2025-62218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62218"
    },
    {
      "name": "CVE-2025-59508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59508"
    },
    {
      "name": "CVE-2025-60710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60710"
    },
    {
      "name": "CVE-2025-59509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59509"
    },
    {
      "name": "CVE-2025-59506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59506"
    },
    {
      "name": "CVE-2025-62208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62208"
    },
    {
      "name": "CVE-2025-60721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60721"
    },
    {
      "name": "CVE-2025-62219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62219"
    },
    {
      "name": "CVE-2025-60717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60717"
    },
    {
      "name": "CVE-2025-60703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60703"
    },
    {
      "name": "CVE-2025-59512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59512"
    }
  ],
  "initial_release_date": "2025-11-12T00:00:00",
  "last_revision_date": "2025-11-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0996",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-11-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Windows. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nMicrosoft indique que la vuln\u00e9rabilit\u00e9 CVE-2025-62215 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60721",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60721"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60707",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60707"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59514",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59514"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60716",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60716"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60717",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60717"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60720",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60720"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59510",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59510"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59509",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59509"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-62219",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62219"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-62213",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62213"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60708",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60708"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60706",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60706"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59513",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59513"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59506",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59506"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59515",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59515"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59507",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59507"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60714",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60714"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-62215",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62215"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-62209",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62209"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-62208",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62208"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60715",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60715"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-62220",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62220"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60723",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60723"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60719",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60719"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-62217",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62217"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59512",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59512"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-62452",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62452"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59505",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59505"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60724",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60724"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60704",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60704"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60713",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60713"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60710",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60709",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60709"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59511",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59511"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60703",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60703"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59508",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59508"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60718",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60718"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60705",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60705"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-62218",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62218"
    }
  ]
}

CERTFR-2025-AVI-0996

Vulnerability from certfr_avis - Published: 2025-11-12 - Updated: 2025-11-12

Microsoft indique que la vulnérabilité CVE-2025-62215 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes x64 versions antérieures à 10.0.19045.6575
Microsoft	Windows	Windows 10 Version 1607 pour systèmes x64 versions antérieures à 10.0.14393.8594
Microsoft	Windows	Windows 10 pour systèmes x64 versions antérieures à 10.0.10240.21161
Microsoft	Windows	Windows Server 2025 (Server Core installation) versions antérieures à 10.0.26100.7092
Microsoft	Windows	Windows Server 2022 versions antérieures à 10.0.20348.4346
Microsoft	Windows	Windows Server 2022 (Server Core installation) versions antérieures à 10.0.20348.4346
Microsoft	Windows	Windows Subsystem pour Linux GUI versions antérieures à 2.6.2
Microsoft	Windows	Windows Server 2012 (Server Core installation) versions antérieures à 6.2.9200.25768
Microsoft	Windows	Windows Server 2019 versions antérieures à 10.0.17763.8027
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes 32 bits versions antérieures à 10.0.19044.6575
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.19045.6575
Microsoft	Windows	Windows 11 Version 22H2 pour systèmes x64 versions antérieures à 10.0.22631.6060
Microsoft	Windows	Windows 11 Version 23H2 pour systèmes x64 versions antérieures à 10.0.22631.6199
Microsoft	Windows	Windows Server 2019 (Server Core installation) versions antérieures à 10.0.17763.8027
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes 32 bits versions antérieures à 10.0.19045.6575
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes x64 versions antérieures à 10.0.19044.6575
Microsoft	Windows	Windows Server 2012 versions antérieures à 6.2.9200.25768
Microsoft	Windows	Windows 10 Version 1809 pour systèmes x64 versions antérieures à 10.0.17763.8027
Microsoft	Windows	Windows Server 2008 R2 pour systèmes x64 Service Pack 1 versions antérieures à 6.1.7601.28021
Microsoft	Windows	Windows 11 Version 25H2 pour systèmes ARM64 versions antérieures à 10.0.26200.7092
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes ARM64 versions antérieures à 10.0.19044.6575
Microsoft	Windows	Windows Server 2016 (Server Core installation) versions antérieures à 10.0.14393.8594
Microsoft	Windows	Windows Server 2025 versions antérieures à 10.0.26100.7092
Microsoft	Windows	Windows Server 2008 pour systèmes x64 Service Pack 2 versions antérieures à 6.0.6003.23624
Microsoft	Windows	Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) versions antérieures à 6.0.6003.23624
Microsoft	Windows	Windows 10 Version 1607 pour systèmes 32 bits versions antérieures à 10.0.14393.8594
Microsoft	Windows	Windows 11 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.22631.6060
Microsoft	Windows	Windows Server 2008 pour systèmes 32 bits Service Pack 2 versions antérieures à 6.0.6003.23624
Microsoft	Windows	Windows Server 2012 R2 (Server Core installation) versions antérieures à 6.3.9600.22869
Microsoft	Windows	Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) versions antérieures à 6.1.7601.28021
Microsoft	Windows	Windows 11 Version 24H2 pour systèmes ARM64 versions antérieures à 10.0.26100.7092
Microsoft	Windows	Windows Server 2016 versions antérieures à 10.0.14393.8594
Microsoft	Windows	Windows Server 2022, 23H2 Edition (Server Core installation) versions antérieures à 10.0.25398.1965
Microsoft	Windows	Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) versions antérieures à 6.0.6003.23624
Microsoft	Windows	Windows 11 Version 24H2 pour systèmes x64 versions antérieures à 10.0.26100.7092
Microsoft	Windows	Windows 11 Version 23H2 pour systèmes ARM64 versions antérieures à 10.0.22631.6199
Microsoft	Windows	Windows 10 Version 1809 pour systèmes 32 bits versions antérieures à 10.0.17763.8027
Microsoft	Windows	Windows 11 Version 25H2 pour systèmes x64 versions antérieures à 10.0.26200.7092
Microsoft	Windows	Windows 10 pour systèmes 32 bits versions antérieures à 10.0.10240.21161

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft Windows CVE-2025-60721	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60707	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59514	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60716	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60717	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60720	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59510	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59509	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-62219	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-62213	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60708	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60706	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59513	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59506	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59515	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59507	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60714	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-62215	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-62209	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-62208	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60715	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-62220	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60723	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60719	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-62217	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59512	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-62452	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59505	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60724	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60704	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60713	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60710	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60709	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59511	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60703	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59508	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60718	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-60705	2025-11-11	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-62218	2025-11-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19045.6575",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.14393.8594",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.10240.21161",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2025 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.26100.7092",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 versions ant\u00e9rieures \u00e0 10.0.20348.4346",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.20348.4346",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Subsystem pour Linux GUI versions ant\u00e9rieures \u00e0 2.6.2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 (Server Core installation) versions ant\u00e9rieures \u00e0 6.2.9200.25768",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 versions ant\u00e9rieures \u00e0 10.0.17763.8027",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19044.6575",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19045.6575",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22631.6060",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 23H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22631.6199",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.17763.8027",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19045.6575",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19044.6575",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 versions ant\u00e9rieures \u00e0 6.2.9200.25768",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.17763.8027",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 versions ant\u00e9rieures \u00e0 6.1.7601.28021",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 25H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.26200.7092",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19044.6575",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.14393.8594",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2025 versions ant\u00e9rieures \u00e0 10.0.26100.7092",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 versions ant\u00e9rieures \u00e0 6.0.6003.23624",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.0.6003.23624",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.14393.8594",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22631.6060",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 versions ant\u00e9rieures \u00e0 6.0.6003.23624",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.3.9600.22869",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation) versions ant\u00e9rieures \u00e0 6.1.7601.28021",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 24H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.26100.7092",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 versions ant\u00e9rieures \u00e0 10.0.14393.8594",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022, 23H2 Edition (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.25398.1965",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.0.6003.23624",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 24H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.26100.7092",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 23H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22631.6199",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.17763.8027",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 25H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.26200.7092",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.10240.21161",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-60714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60714"
    },
    {
      "name": "CVE-2025-62209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62209"
    },
    {
      "name": "CVE-2025-62213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62213"
    },
    {
      "name": "CVE-2025-59507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59507"
    },
    {
      "name": "CVE-2025-60719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60719"
    },
    {
      "name": "CVE-2025-60709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60709"
    },
    {
      "name": "CVE-2025-62217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62217"
    },
    {
      "name": "CVE-2025-59510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59510"
    },
    {
      "name": "CVE-2025-60705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60705"
    },
    {
      "name": "CVE-2025-60716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60716"
    },
    {
      "name": "CVE-2025-62215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62215"
    },
    {
      "name": "CVE-2025-59514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59514"
    },
    {
      "name": "CVE-2025-62452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62452"
    },
    {
      "name": "CVE-2025-60704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60704"
    },
    {
      "name": "CVE-2025-60720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60720"
    },
    {
      "name": "CVE-2025-60724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60724"
    },
    {
      "name": "CVE-2025-60708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60708"
    },
    {
      "name": "CVE-2025-60723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60723"
    },
    {
      "name": "CVE-2025-60706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60706"
    },
    {
      "name": "CVE-2025-60718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60718"
    },
    {
      "name": "CVE-2025-60713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60713"
    },
    {
      "name": "CVE-2025-59505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59505"
    },
    {
      "name": "CVE-2025-59515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59515"
    },
    {
      "name": "CVE-2025-60707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60707"
    },
    {
      "name": "CVE-2025-62220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62220"
    },
    {
      "name": "CVE-2025-59513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59513"
    },
    {
      "name": "CVE-2025-59511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59511"
    },
    {
      "name": "CVE-2025-60715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60715"
    },
    {
      "name": "CVE-2025-62218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62218"
    },
    {
      "name": "CVE-2025-59508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59508"
    },
    {
      "name": "CVE-2025-60710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60710"
    },
    {
      "name": "CVE-2025-59509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59509"
    },
    {
      "name": "CVE-2025-59506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59506"
    },
    {
      "name": "CVE-2025-62208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62208"
    },
    {
      "name": "CVE-2025-60721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60721"
    },
    {
      "name": "CVE-2025-62219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62219"
    },
    {
      "name": "CVE-2025-60717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60717"
    },
    {
      "name": "CVE-2025-60703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60703"
    },
    {
      "name": "CVE-2025-59512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59512"
    }
  ],
  "initial_release_date": "2025-11-12T00:00:00",
  "last_revision_date": "2025-11-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0996",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-11-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Windows. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nMicrosoft indique que la vuln\u00e9rabilit\u00e9 CVE-2025-62215 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60721",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60721"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60707",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60707"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59514",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59514"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60716",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60716"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60717",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60717"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60720",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60720"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59510",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59510"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59509",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59509"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-62219",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62219"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-62213",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62213"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60708",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60708"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60706",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60706"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59513",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59513"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59506",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59506"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59515",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59515"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59507",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59507"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60714",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60714"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-62215",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62215"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-62209",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62209"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-62208",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62208"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60715",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60715"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-62220",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62220"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60723",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60723"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60719",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60719"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-62217",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62217"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59512",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59512"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-62452",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62452"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59505",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59505"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60724",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60724"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60704",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60704"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60713",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60713"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60710",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60709",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60709"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59511",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59511"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60703",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60703"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59508",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59508"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60718",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60718"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-60705",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60705"
    },
    {
      "published_at": "2025-11-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-62218",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62218"
    }
  ]
}

FKIE_CVE-2025-60710

Vulnerability from fkie_nvd - Published: 2025-11-11 18:15 - Updated: 2025-12-16 18:16

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

References

URL	Tags
secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.vicarius.io/vsociety/posts/cve-2025-60710-detection-script-eop-vulnerability-in-host-process-for-windows-tasks
af854a3a-2127-422b-91ae-364da2661108	https://www.vicarius.io/vsociety/posts/cve-2025-60710-mitigation-script-eop-vulnerability-in-host-process-for-windows-tasks

Impacted products

	Vendor	Product	Version
	microsoft	windows_11_25h2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A547AA3-FC6B-46D9-8D22-995C3CA33140",
              "versionEndExcluding": "10.0.26200.7092",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper link resolution before file access (\u0027link following\u0027) in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally."
    }
  ],
  "id": "CVE-2025-60710",
  "lastModified": "2025-12-16T18:16:13.323",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-11-11T18:15:39.073",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.vicarius.io/vsociety/posts/cve-2025-60710-detection-script-eop-vulnerability-in-host-process-for-windows-tasks"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.vicarius.io/vsociety/posts/cve-2025-60710-mitigation-script-eop-vulnerability-in-host-process-for-windows-tasks"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    }
  ]
}

GHSA-WMGF-G9PC-MVH3

Vulnerability from github – Published: 2025-11-11 18:30 – Updated: 2025-12-16 18:31

Details

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-60710"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-11T18:15:39Z",
    "severity": "HIGH"
  },
  "details": "Improper link resolution before file access (\u0027link following\u0027) in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-wmgf-g9pc-mvh3",
  "modified": "2025-12-16T18:31:31Z",
  "published": "2025-11-11T18:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60710"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/cve-2025-60710-detection-script-eop-vulnerability-in-host-process-for-windows-tasks"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/cve-2025-60710-mitigation-script-eop-vulnerability-in-host-process-for-windows-tasks"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

NCSC-2025-0358

Vulnerability from csaf_ncscnl - Published: 2025-11-11 18:29 - Updated: 2025-11-11 18:29

Summary

Kwetsbaartheden verholpen in Microsoft Windows

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Microsoft heeft kwetsbaarheden verholpen in Windows.

Interpretaties

Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: - Denial-of-Service - Uitvoeren van willekeurige code (root/adminrechten) - Toegang tot gevoelige gegevens - Verkrijgen van verhoogde rechten De ernstigste kwetsbaarheid heeft kenmerk CVE-2025-60724 toegewezen gekregen en bevindt zich in de GDI+ Graphics Component. Deze kwetsbaarheid stelt een kwaadwillende in staat om willekeurige code uit te voeren op het kwetsbare systeem. Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide bestand te downloaden en te openen. In beperkte omstandigheden is het voor een kwaadwillende ook mogelijk om de kwetsbaarheid te misbruiken op bijvoorbeeld een publiek toegankelijke webservice, door het uploaden van een malfide bestand. Hiervoor is verder geen gebruikerinteractie benodigd. ``` Windows DirectX: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-59506 | 7.00 | Verkrijgen van verhoogde rechten | | CVE-2025-60716 | 7.00 | Verkrijgen van verhoogde rechten | | CVE-2025-60723 | 6.30 | Denial-of-Service | |----------------|------|-------------------------------------| Windows Administrator Protection: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-60718 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2025-60721 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Customer Experience Improvement Program (CEIP): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-59512 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Bluetooth RFCOM Protocol Driver: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-59513 | 5.50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Windows License Manager: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-62208 | 5.50 | Toegang tot gevoelige gegevens | | CVE-2025-62209 | 5.50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Windows Remote Desktop: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-60703 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Routing and Remote Access Service (RRAS): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-59510 | 5.50 | Denial-of-Service | | CVE-2025-62452 | 8.00 | Uitvoeren van willekeurige code | | CVE-2025-60713 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2025-60715 | 8.00 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Role: Windows Hyper-V: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-60706 | 5.50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Windows Speech: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-59507 | 7.00 | Verkrijgen van verhoogde rechten | | CVE-2025-59508 | 7.00 | Verkrijgen van verhoogde rechten | | CVE-2025-59509 | 5.50 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Multimedia Class Scheduler Service (MMCSS): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-60707 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Smart Card: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-59505 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows TDX.sys: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-60720 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows OLE: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-60714 | 7.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Windows Kernel: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-62215 | 7.00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows WLAN Service: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-59511 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Microsoft Streaming Service: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-59514 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Host Process for Windows Tasks: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-60710 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Client-Side Caching (CSC) Service: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-60705 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Broadcast DVR User Service: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-59515 | 7.00 | Verkrijgen van verhoogde rechten | | CVE-2025-60717 | 7.00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Ancillary Function Driver for WinSock: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-60719 | 7.00 | Verkrijgen van verhoogde rechten | | CVE-2025-62217 | 7.00 | Verkrijgen van verhoogde rechten | | CVE-2025-62213 | 7.00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Common Log File System Driver: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-60709 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Microsoft Wireless Provisioning System: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-62218 | 7.00 | Verkrijgen van verhoogde rechten | | CVE-2025-62219 | 7.00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Microsoft Graphics Component: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-60724 | 9.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Windows Kerberos: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-60704 | 7.50 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Storvsp.sys Driver: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-60708 | 6.50 | Denial-of-Service | |----------------|------|-------------------------------------| ```

Oplossingen

Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op: https://portal.msrc.microsoft.com/en-us/security-guidance

Kans

medium

Schade

high

CWE-59

Improper Link Resolution Before File Access ('Link Following')

CWE-73

External Control of File Name or Path

CWE-122

Heap-based Buffer Overflow

CWE-125

Out-of-bounds Read

CWE-126

Buffer Over-read

CWE-201

Insertion of Sensitive Information Into Sent Data

CWE-269

Improper Privilege Management

CWE-270

Privilege Context Switching Error

CWE-284

Improper Access Control

CWE-325

Missing Cryptographic Step

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-415

Double Free

CWE-416

Use After Free

CWE-426

Untrusted Search Path

CWE-532

Insertion of Sensitive Information into Log File

CWE-822

Untrusted Pointer Dereference

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Microsoft heeft kwetsbaarheden verholpen in Windows.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service\n- Uitvoeren van willekeurige code (root/adminrechten)\n- Toegang tot gevoelige gegevens\n- Verkrijgen van verhoogde rechten\n\nDe ernstigste kwetsbaarheid heeft kenmerk CVE-2025-60724 toegewezen gekregen en bevindt zich in de GDI+ Graphics Component. Deze kwetsbaarheid stelt een kwaadwillende in staat om willekeurige code uit te voeren op het kwetsbare systeem. Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide bestand te downloaden en te openen.\nIn beperkte omstandigheden is het voor een kwaadwillende ook mogelijk om de kwetsbaarheid te misbruiken op bijvoorbeeld een publiek toegankelijke webservice, door het uploaden van een malfide bestand. Hiervoor is verder geen gebruikerinteractie benodigd.\n\n```\nWindows DirectX: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-59506 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2025-60716 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2025-60723 | 6.30 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows Administrator Protection: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-60718 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2025-60721 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nCustomer Experience Improvement Program (CEIP): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-59512 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Bluetooth RFCOM Protocol Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-59513 | 5.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows License Manager: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-62208 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2025-62209 | 5.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Remote Desktop: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-60703 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Routing and Remote Access Service (RRAS): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-59510 | 5.50 | Denial-of-Service                   | \n| CVE-2025-62452 | 8.00 | Uitvoeren van willekeurige code     | \n| CVE-2025-60713 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2025-60715 | 8.00 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nRole: Windows Hyper-V: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-60706 | 5.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Speech: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-59507 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2025-59508 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2025-59509 | 5.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nMultimedia Class Scheduler Service (MMCSS): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-60707 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Smart Card: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-59505 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows TDX.sys: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-60720 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows OLE: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-60714 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-62215 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows WLAN Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-59511 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nMicrosoft Streaming Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-59514 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nHost Process for Windows Tasks: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-60710 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Client-Side Caching (CSC) Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-60705 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Broadcast DVR User Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-59515 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2025-60717 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Ancillary Function Driver for WinSock: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-60719 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2025-62217 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2025-62213 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Common Log File System Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-60709 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nMicrosoft Wireless Provisioning System: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-62218 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2025-62219 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nMicrosoft Graphics Component: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-60724 | 9.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Kerberos: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-60704 | 7.50 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nStorvsp.sys Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-60708 | 6.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n```\n",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
        "title": "CWE-59"
      },
      {
        "category": "general",
        "text": "External Control of File Name or Path",
        "title": "CWE-73"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Buffer Over-read",
        "title": "CWE-126"
      },
      {
        "category": "general",
        "text": "Insertion of Sensitive Information Into Sent Data",
        "title": "CWE-201"
      },
      {
        "category": "general",
        "text": "Improper Privilege Management",
        "title": "CWE-269"
      },
      {
        "category": "general",
        "text": "Privilege Context Switching Error",
        "title": "CWE-270"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Missing Cryptographic Step",
        "title": "CWE-325"
      },
      {
        "category": "general",
        "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
        "title": "CWE-362"
      },
      {
        "category": "general",
        "text": "Double Free",
        "title": "CWE-415"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Untrusted Search Path",
        "title": "CWE-426"
      },
      {
        "category": "general",
        "text": "Insertion of Sensitive Information into Log File",
        "title": "CWE-532"
      },
      {
        "category": "general",
        "text": "Untrusted Pointer Dereference",
        "title": "CWE-822"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "title": "Kwetsbaartheden verholpen in Microsoft Windows",
    "tracking": {
      "current_release_date": "2025-11-11T18:29:38.918562Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2025-0358",
      "initial_release_date": "2025-11-11T18:29:38.918562Z",
      "revision_history": [
        {
          "date": "2025-11-11T18:29:38.918562Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 1607 for 32-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 1607 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 1809 for 32-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 1809 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 21H2 for 32-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 21H2 for ARM64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 21H2 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 22H2 for 32-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 22H2 for ARM64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-10"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 22H2 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-11"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 for 32-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-12"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-13"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 22H2 for ARM64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-14"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 22H2 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-15"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 23H2 for ARM64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-16"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 23H2 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-17"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 24H2 for ARM64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-18"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 24H2 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-19"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 25H2 for ARM64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-20"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 25H2 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-21"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-22"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-23"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2008 for 32-bit Systems Service Pack 2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-24"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-25"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2008 for x64-based Systems Service Pack 2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-26"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-27"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2012"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-28"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2012 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-29"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2012 R2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-30"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2012 R2 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-31"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2016"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-32"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2016 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-33"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2019"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-34"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2019 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-35"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2022"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-36"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2022 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-37"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2022, 23H2 Edition (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-38"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2025"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-39"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2025 (Server Core installation)"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-59505",
      "cwe": {
        "id": "CWE-415",
        "name": "Double Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Double Free",
          "title": "CWE-415"
        },
        {
          "category": "description",
          "text": "A vulnerability in Windows Smart Card allows an authorized attacker to locally elevate privileges via a double free error.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59505 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59505.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-59505"
    },
    {
      "cve": "CVE-2025-59506",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "A race condition in Windows DirectX due to improper synchronization enables an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59506 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59506.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-59506"
    },
    {
      "cve": "CVE-2025-59507",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "A race condition in Windows Speech allows an authorized attacker to locally elevate privileges through improper synchronization when executing concurrently with shared resources.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59507 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59507.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-59507"
    },
    {
      "cve": "CVE-2025-59508",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "A race condition in Windows Speech allows an authorized attacker to locally elevate privileges through improper synchronization when executing concurrently with shared resources.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59508 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59508.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-59508"
    },
    {
      "cve": "CVE-2025-59509",
      "cwe": {
        "id": "CWE-201",
        "name": "Insertion of Sensitive Information Into Sent Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insertion of Sensitive Information Into Sent Data",
          "title": "CWE-201"
        },
        {
          "category": "description",
          "text": "An authorized attacker can exploit Windows Speech to insert sensitive information into sent data, resulting in local information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59509 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59509.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-59509"
    },
    {
      "cve": "CVE-2025-59510",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
          "title": "CWE-59"
        },
        {
          "category": "description",
          "text": "A vulnerability in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to locally deny service through improper link resolution.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59510 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59510.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-59510"
    },
    {
      "cve": "CVE-2025-59511",
      "cwe": {
        "id": "CWE-73",
        "name": "External Control of File Name or Path"
      },
      "notes": [
        {
          "category": "other",
          "text": "External Control of File Name or Path",
          "title": "CWE-73"
        },
        {
          "category": "description",
          "text": "An external control vulnerability in the Windows WLAN Service allows an authorized attacker to locally elevate their privileges through manipulation of file names or paths.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59511 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59511.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-59511"
    },
    {
      "cve": "CVE-2025-59512",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "The document identifies a vulnerability in the Customer Experience Improvement Program (CEIP) that allows an authorized attacker to exploit improper access control for elevated privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59512 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59512.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-59512"
    },
    {
      "cve": "CVE-2025-59513",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "A vulnerability in the Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to locally disclose sensitive information through an out-of-bounds read.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59513 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59513.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-59513"
    },
    {
      "cve": "CVE-2025-60703",
      "cwe": {
        "id": "CWE-822",
        "name": "Untrusted Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Untrusted Pointer Dereference",
          "title": "CWE-822"
        },
        {
          "category": "description",
          "text": "A vulnerability in Windows Remote Desktop allows an authorized attacker to exploit an untrusted pointer dereference, enabling local privilege escalation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-60703 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60703.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-60703"
    },
    {
      "cve": "CVE-2025-60704",
      "cwe": {
        "id": "CWE-325",
        "name": "Missing Cryptographic Step"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Cryptographic Step",
          "title": "CWE-325"
        },
        {
          "category": "description",
          "text": "A vulnerability in Windows Kerberos allows unauthorized attackers to gain elevated privileges over a network due to a missing cryptographic step.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-60704 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60704.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-60704"
    },
    {
      "cve": "CVE-2025-60705",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "The document highlights a vulnerability in the Windows Client-Side Caching (CSC) Service that allows an authorized attacker to achieve elevated local privileges due to improper access control.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-60705 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60705.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-60705"
    },
    {
      "cve": "CVE-2025-60707",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A vulnerability in the Multimedia Class Scheduler Service (MMCSS) enables an authorized attacker to locally elevate privileges via a use-after-free exploit.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-60707 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60707.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-60707"
    },
    {
      "cve": "CVE-2025-60709",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "A vulnerability in the Windows Common Log File System Driver allows an authorized attacker to locally elevate their privileges through an out-of-bounds read.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-60709 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60709.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-60709"
    },
    {
      "cve": "CVE-2025-60719",
      "cwe": {
        "id": "CWE-822",
        "name": "Untrusted Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Untrusted Pointer Dereference",
          "title": "CWE-822"
        },
        {
          "category": "description",
          "text": "A vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized attacker to locally elevate their privileges through an untrusted pointer dereference.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-60719 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60719.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-60719"
    },
    {
      "cve": "CVE-2025-62217",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "A race condition in the Windows Ancillary Function Driver for WinSock allows an authorized attacker to locally elevate privileges due to improper synchronization during concurrent execution with a shared resource.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-62217 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-62217.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-62217"
    },
    {
      "cve": "CVE-2025-62218",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "A race condition in Microsoft Wireless Provisioning System allows an authorized attacker to locally elevate privileges due to improper synchronization in concurrent execution using shared resources.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-62218 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-62218.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-62218"
    },
    {
      "cve": "CVE-2025-62219",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "other",
          "text": "Double Free",
          "title": "CWE-415"
        },
        {
          "category": "description",
          "text": "A vulnerability in the Microsoft Wireless Provisioning System allows an authorized attacker to locally elevate privileges via a double free error.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-62219 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-62219.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-62219"
    },
    {
      "cve": "CVE-2025-59514",
      "cwe": {
        "id": "CWE-269",
        "name": "Improper Privilege Management"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Privilege Management",
          "title": "CWE-269"
        },
        {
          "category": "description",
          "text": "Improper privilege management in Microsoft Streaming Service allows an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59514 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59514.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-59514"
    },
    {
      "cve": "CVE-2025-59515",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A vulnerability in the Windows Broadcast DVR User Service enables an authorized attacker to locally elevate privileges via a use-after-free exploit.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59515 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59515.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-59515"
    },
    {
      "cve": "CVE-2025-60713",
      "cwe": {
        "id": "CWE-822",
        "name": "Untrusted Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Untrusted Pointer Dereference",
          "title": "CWE-822"
        },
        {
          "category": "description",
          "text": "A vulnerability in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to locally elevate their privileges through untrusted pointer dereference.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-60713 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60713.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-60713"
    },
    {
      "cve": "CVE-2025-60714",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "A heap-based buffer overflow vulnerability in Windows OLE allows unauthorized attackers to execute code locally, posing significant security risks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-60714 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60714.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-60714"
    },
    {
      "cve": "CVE-2025-60715",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code remotely, posing significant security risks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-60715 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60715.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-60715"
    },
    {
      "cve": "CVE-2025-60716",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A vulnerability in Windows DirectX allows an authorized attacker to locally elevate privileges via a use-after-free exploit.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-60716 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60716.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-60716"
    },
    {
      "cve": "CVE-2025-60717",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A vulnerability in the Windows Broadcast DVR User Service enables an authorized attacker to locally elevate privileges via a use-after-free exploit.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-60717 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60717.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-60717"
    },
    {
      "cve": "CVE-2025-60720",
      "cwe": {
        "id": "CWE-126",
        "name": "Buffer Over-read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Buffer Over-read",
          "title": "CWE-126"
        },
        {
          "category": "description",
          "text": "A buffer over-read vulnerability in Windows TDX.sys allows an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-60720 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60720.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-60720"
    },
    {
      "cve": "CVE-2025-60723",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A race condition in Windows DirectX allows an authorized attacker to exploit concurrent execution with shared resources, potentially resulting in a denial of service over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-60723 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60723.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-60723"
    },
    {
      "cve": "CVE-2025-60724",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "A heap-based buffer overflow vulnerability in Microsoft Graphics Component allows unauthorized attackers to execute code remotely.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-60724 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60724.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-60724"
    },
    {
      "cve": "CVE-2025-62208",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insertion of Sensitive Information into Log File",
          "title": "CWE-532"
        },
        {
          "category": "description",
          "text": "The Windows License Manager\u0027s log file vulnerability allows authorized attackers to locally disclose sensitive information, posing a risk to data integrity.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-62208 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-62208.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-62208"
    },
    {
      "cve": "CVE-2025-62209",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insertion of Sensitive Information into Log File",
          "title": "CWE-532"
        },
        {
          "category": "description",
          "text": "The Windows License Manager\u0027s log file vulnerability allows authorized attackers to locally disclose sensitive information, posing a risk to data integrity.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-62209 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-62209.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-62209"
    },
    {
      "cve": "CVE-2025-62215",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "other",
          "text": "Double Free",
          "title": "CWE-415"
        },
        {
          "category": "description",
          "text": "A race condition in the Windows Kernel allows authorized attackers to locally elevate their privileges due to improper synchronization of shared resources.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-62215 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-62215.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-62215"
    },
    {
      "cve": "CVE-2025-62213",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized attacker to locally elevate their privileges through a use-after-free condition.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-62213 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-62213.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-62213"
    },
    {
      "cve": "CVE-2025-60706",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "An out-of-bounds read vulnerability in Windows Hyper-V allows an authorized attacker to locally disclose sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-60706 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60706.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-60706"
    },
    {
      "cve": "CVE-2025-60708",
      "cwe": {
        "id": "CWE-822",
        "name": "Untrusted Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Untrusted Pointer Dereference",
          "title": "CWE-822"
        },
        {
          "category": "description",
          "text": "An untrusted pointer dereference vulnerability in the Storvsp.sys driver allows an authorized attacker to locally induce a denial of service condition.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-60708 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60708.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-60708"
    },
    {
      "cve": "CVE-2025-62452",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code remotely, posing significant security risks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-62452 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-62452.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-62452"
    },
    {
      "cve": "CVE-2025-60710",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
          "title": "CWE-59"
        },
        {
          "category": "description",
          "text": "A vulnerability in the Host Process for Windows Tasks allows an authorized attacker to locally elevate privileges due to improper link resolution before file access.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-60710 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60710.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-60710"
    },
    {
      "cve": "CVE-2025-60718",
      "cwe": {
        "id": "CWE-426",
        "name": "Untrusted Search Path"
      },
      "notes": [
        {
          "category": "other",
          "text": "Untrusted Search Path",
          "title": "CWE-426"
        },
        {
          "category": "description",
          "text": "The document highlights a vulnerability in Windows Administrator Protection that allows an authorized attacker to locally escalate privileges due to an untrusted search path issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-60718 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60718.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-60718"
    },
    {
      "cve": "CVE-2025-60721",
      "cwe": {
        "id": "CWE-270",
        "name": "Privilege Context Switching Error"
      },
      "notes": [
        {
          "category": "other",
          "text": "Privilege Context Switching Error",
          "title": "CWE-270"
        },
        {
          "category": "description",
          "text": "A privilege context switching error in Windows Administrator Protection allows an authorized attacker to locally elevate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-60721 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60721.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39"
          ]
        }
      ],
      "title": "CVE-2025-60721"
    }
  ]
}

WID-SEC-W-2025-2564

Vulnerability from csaf_certbund - Published: 2025-11-11 23:00 - Updated: 2025-12-22 23:00

Summary

Microsoft Windows und Windows Server: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Windows ist ein Betriebssystem von Microsoft. Windows Server 2016 ist ein Betriebssystem von Microsoft. Windows Server 2019 ist ein Betriebssystem von Microsoft.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server ausnutzen, um beliebigen Programmcode auszuführen, um seine Privilegien zu erhöhen, um Informationen offenzulegen, und um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Windows ist ein Betriebssystem von Microsoft.\r\nWindows Server 2016 ist ein Betriebssystem von Microsoft.\r\nWindows Server 2019 ist ein Betriebssystem von Microsoft.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Microsoft Windows und Microsoft Windows Server ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um seine Privilegien zu erh\u00f6hen, um Informationen offenzulegen, und um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2564 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2564.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2564 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2564"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates",
        "url": "https://msrc.microsoft.com/update-guide/"
      },
      {
        "category": "external",
        "summary": "Hitachi Vulnerability Information HITACHI-SEC-2025-312 vom 2025-12-22",
        "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2025/11.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft Windows und Windows Server: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-12-22T23:00:00.000+00:00",
      "generator": {
        "date": "2025-12-23T08:35:04.282+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-2564",
      "initial_release_date": "2025-11-11T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-11-11T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-11-13T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: ZDI-25-1001, ZDI-CAN-27263"
        },
        {
          "date": "2025-12-22T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von HITACHI aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Hitachi Storage",
            "product": {
              "name": "Hitachi Storage",
              "product_id": "T009295",
              "product_identification_helper": {
                "cpe": "cpe:/h:hitachi:storage:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Hitachi"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Version 1607",
                "product": {
                  "name": "Microsoft Windows 10 Version 1607",
                  "product_id": "T042601",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_10:version_1607"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Version 1809",
                "product": {
                  "name": "Microsoft Windows 10 Version 1809",
                  "product_id": "T042602",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_10:version_1809"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Version 21H2",
                "product": {
                  "name": "Microsoft Windows 10 Version 21H2",
                  "product_id": "T042606",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_10:version_21h2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Version 22H2",
                "product": {
                  "name": "Microsoft Windows 10 Version 22H2",
                  "product_id": "T042608",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_10:version_22h2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Windows 10",
                "product": {
                  "name": "Microsoft Windows 10",
                  "product_id": "T047095",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_10:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Version 25H2",
                "product": {
                  "name": "Microsoft Windows 11 Version 25H2",
                  "product_id": "T025567",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_11:windows_terminal"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Version 22H2",
                "product": {
                  "name": "Microsoft Windows 11 Version 22H2",
                  "product_id": "T042607",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_11:version_22h2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Version 23H2",
                "product": {
                  "name": "Microsoft Windows 11 Version 23H2",
                  "product_id": "T042609",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_11:version_23h2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Version 24H2",
                "product": {
                  "name": "Microsoft Windows 11 Version 24H2",
                  "product_id": "T042611",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_11:version_24h2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2008 SP2",
                "product": {
                  "name": "Microsoft Windows Server 2008 SP2",
                  "product_id": "T042596",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server:2008_sp2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2008 R2 SP1",
                "product": {
                  "name": "Microsoft Windows Server 2008 R2 SP1",
                  "product_id": "T045208",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server:2008_r2_sp1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server"
          },
          {
            "category": "product_name",
            "name": "Microsoft Windows Server 2012",
            "product": {
              "name": "Microsoft Windows Server 2012",
              "product_id": "T043730",
              "product_identification_helper": {
                "cpe": "cpe:/o:microsoft:windows_server_2012:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Windows Server 2012 R2",
            "product": {
              "name": "Microsoft Windows Server 2012 R2",
              "product_id": "T043731",
              "product_identification_helper": {
                "cpe": "cpe:/o:microsoft:windows_server_2012_r2:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Windows Server 2016",
            "product": {
              "name": "Microsoft Windows Server 2016",
              "product_id": "T042600",
              "product_identification_helper": {
                "cpe": "cpe:/o:microsoft:windows_server_2016:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Windows Server 2019",
            "product": {
              "name": "Microsoft Windows Server 2019",
              "product_id": "T042603",
              "product_identification_helper": {
                "cpe": "cpe:/o:microsoft:windows_server_2019:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "23H2 Edition",
                "product": {
                  "name": "Microsoft Windows Server 2022 23H2 Edition",
                  "product_id": "T042610",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server_2022:23h2_edition"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Windows Server 2022",
                "product": {
                  "name": "Microsoft Windows Server 2022",
                  "product_id": "T047093",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server_2022:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2022"
          },
          {
            "category": "product_name",
            "name": "Microsoft Windows Server 2025",
            "product": {
              "name": "Microsoft Windows Server 2025",
              "product_id": "T047092",
              "product_identification_helper": {
                "cpe": "cpe:/o:microsoft:windows_server_2025:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-59505",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-59505"
    },
    {
      "cve": "CVE-2025-59506",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-59506"
    },
    {
      "cve": "CVE-2025-59507",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-59507"
    },
    {
      "cve": "CVE-2025-59508",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-59508"
    },
    {
      "cve": "CVE-2025-59509",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-59509"
    },
    {
      "cve": "CVE-2025-59510",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-59510"
    },
    {
      "cve": "CVE-2025-59511",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-59511"
    },
    {
      "cve": "CVE-2025-59512",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-59512"
    },
    {
      "cve": "CVE-2025-59513",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-59513"
    },
    {
      "cve": "CVE-2025-59514",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-59514"
    },
    {
      "cve": "CVE-2025-59515",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-59515"
    },
    {
      "cve": "CVE-2025-60703",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-60703"
    },
    {
      "cve": "CVE-2025-60704",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-60704"
    },
    {
      "cve": "CVE-2025-60705",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-60705"
    },
    {
      "cve": "CVE-2025-60706",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-60706"
    },
    {
      "cve": "CVE-2025-60707",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-60707"
    },
    {
      "cve": "CVE-2025-60708",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-60708"
    },
    {
      "cve": "CVE-2025-60709",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-60709"
    },
    {
      "cve": "CVE-2025-60710",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-60710"
    },
    {
      "cve": "CVE-2025-60713",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-60713"
    },
    {
      "cve": "CVE-2025-60714",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-60714"
    },
    {
      "cve": "CVE-2025-60715",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-60715"
    },
    {
      "cve": "CVE-2025-60716",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-60716"
    },
    {
      "cve": "CVE-2025-60717",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-60717"
    },
    {
      "cve": "CVE-2025-60718",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-60718"
    },
    {
      "cve": "CVE-2025-60719",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-60719"
    },
    {
      "cve": "CVE-2025-60720",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-60720"
    },
    {
      "cve": "CVE-2025-60721",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-60721"
    },
    {
      "cve": "CVE-2025-60723",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-60723"
    },
    {
      "cve": "CVE-2025-60724",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-60724"
    },
    {
      "cve": "CVE-2025-62208",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-62208"
    },
    {
      "cve": "CVE-2025-62209",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-62209"
    },
    {
      "cve": "CVE-2025-62213",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-62213"
    },
    {
      "cve": "CVE-2025-62215",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-62215"
    },
    {
      "cve": "CVE-2025-62217",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-62217"
    },
    {
      "cve": "CVE-2025-62218",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-62218"
    },
    {
      "cve": "CVE-2025-62219",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-62219"
    },
    {
      "cve": "CVE-2025-62452",
      "product_status": {
        "known_affected": [
          "T047092",
          "T047093",
          "T047095",
          "T042606",
          "T042607",
          "T042608",
          "T042609",
          "T042596",
          "T043730",
          "T043731",
          "T042610",
          "T042600",
          "T042611",
          "T045208",
          "T042601",
          "T042602",
          "T042603",
          "T009295",
          "T025567"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-62452"
    }
  ]
}

MSRC_CVE-2025-60710

Vulnerability from csaf_microsoft - Published: 2025-11-11 08:00 - Updated: 2025-12-09 08:00

Summary

Host Process for Windows Tasks Elevation of Privilege Vulnerability

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action

Required. The vulnerability documented by this CVE requires customer action to resolve.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "\u003ca href=\"https://twitter.com/filip_dragovic\"\u003eFilip Dragovi\u0107\u003c/a\u003e"
        ]
      },
      {
        "names": [
          "\u003ca href=\"https://twitter.com/filip_dragovic\"\u003eFilip Dragovi\u0107\u003c/a\u003e"
        ]
      },
      {
        "names": [
          "Joel Land of CISA Vulnerability Response and Coordination"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2025-60710 Host Process for Windows Tasks Elevation of Privilege Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710"
      },
      {
        "category": "self",
        "summary": "CVE-2025-60710 Host Process for Windows Tasks Elevation of Privilege Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-60710.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Host Process for Windows Tasks Elevation of Privilege Vulnerability",
    "tracking": {
      "current_release_date": "2025-12-09T08:00:00.000Z",
      "generator": {
        "date": "2025-12-09T22:38:28.037Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2025-60710",
      "initial_release_date": "2025-11-11T08:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-11-11T08:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2025-12-09T08:00:00.000Z",
          "legacy_version": "2",
          "number": "2",
          "summary": "The following updates have been made: \n\n1. To comprehensively address CVE-2025-60710, Microsoft has released December 2025 security updates for all supported editions of Windows 11 Version 24H2, Windows 11 Version 25H2, and Windows Server 2025. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.\n2. Added a Workaround for customers running Windows Server 2025, in the event they cannot immediately install the update."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.26100.7462",
            "product": {
              "name": "Windows Server 2025 (Server Core installation) \u003c10.0.26100.7462",
              "product_id": "3"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.26100.7462",
            "product": {
              "name": "Windows Server 2025 (Server Core installation) 10.0.26100.7462",
              "product_id": "12437"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows Server 2025 (Server Core installation)"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.26200.7462",
            "product": {
              "name": "Windows 11 Version 25H2 for ARM64-based Systems \u003c10.0.26200.7462",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.26200.7462",
            "product": {
              "name": "Windows 11 Version 25H2 for ARM64-based Systems 10.0.26200.7462",
              "product_id": "20437"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 Version 25H2 for ARM64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.26200.7462",
            "product": {
              "name": "Windows 11 Version 25H2 for x64-based Systems \u003c10.0.26200.7462",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.26200.7462",
            "product": {
              "name": "Windows 11 Version 25H2 for x64-based Systems 10.0.26200.7462",
              "product_id": "20438"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 Version 25H2 for x64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.26100.7462",
            "product": {
              "name": "Windows 11 Version 24H2 for ARM64-based Systems \u003c10.0.26100.7462",
              "product_id": "6"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.26100.7462",
            "product": {
              "name": "Windows 11 Version 24H2 for ARM64-based Systems 10.0.26100.7462",
              "product_id": "12389"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 Version 24H2 for ARM64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.26100.7462",
            "product": {
              "name": "Windows 11 Version 24H2 for x64-based Systems \u003c10.0.26100.7462",
              "product_id": "5"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.26100.7462",
            "product": {
              "name": "Windows 11 Version 24H2 for x64-based Systems 10.0.26100.7462",
              "product_id": "12390"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 Version 24H2 for x64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.26100.7462",
            "product": {
              "name": "Windows Server 2025 \u003c10.0.26100.7462",
              "product_id": "4"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.26100.7462",
            "product": {
              "name": "Windows Server 2025 10.0.26100.7462",
              "product_id": "12436"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows Server 2025"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-60710",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.",
          "title": "What privileges could be gained by an attacker who successfully exploited this vulnerability?"
        }
      ],
      "product_status": {
        "fixed": [
          "12389",
          "12390",
          "12436",
          "12437",
          "20437",
          "20438"
        ],
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-60710 Host Process for Windows Tasks Elevation of Privilege Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710"
        },
        {
          "category": "self",
          "summary": "CVE-2025-60710 Host Process for Windows Tasks Elevation of Privilege Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-60710.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-11-11T08:00:00.000Z",
          "details": "10.0.26100.7462:Security Update:https://support.microsoft.com/help/5072033",
          "product_ids": [
            "3",
            "6",
            "5",
            "4"
          ],
          "url": "https://support.microsoft.com/help/5072033"
        },
        {
          "category": "vendor_fix",
          "date": "2025-11-11T08:00:00.000Z",
          "details": "10.0.26100.7392:Security Hotpatch Update:https://support.microsoft.com/help/5072014",
          "product_ids": [
            "3",
            "6",
            "5",
            "4"
          ],
          "url": "https://support.microsoft.com/help/5072014"
        },
        {
          "category": "vendor_fix",
          "date": "2025-11-11T08:00:00.000Z",
          "details": "10.0.26200.7462:Security Update:https://support.microsoft.com/help/5072033",
          "product_ids": [
            "2",
            "1"
          ],
          "url": "https://support.microsoft.com/help/5072033"
        },
        {
          "category": "vendor_fix",
          "date": "2025-11-11T08:00:00.000Z",
          "details": "10.0.26200.7392:Security Hotpatch Update:https://support.microsoft.com/help/5072014",
          "product_ids": [
            "2",
            "1"
          ],
          "url": "https://support.microsoft.com/help/5072014"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Elevation of Privilege"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
        }
      ],
      "title": "Host Process for Windows Tasks Elevation of Privilege Vulnerability"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-60710 (GCVE-0-2025-60710)

CERTFR-2025-AVI-0996

Solutions

CERTFR-2025-AVI-0996

Solutions

FKIE_CVE-2025-60710

GHSA-WMGF-G9PC-MVH3

NCSC-2025-0358

WID-SEC-W-2025-2564

MSRC_CVE-2025-60710

Tags

Sightings

Nomenclature