Autor: Peter Leibling

CVE-2025-60719 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2025-60714 Windows OLE Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally.

CVE-2025-59507 Windows Speech Runtime Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows Speech allows an authorized attacker to elevate privileges locally.

CVE-2025-59508 Windows Speech Recognition Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows Speech allows an authorized attacker to elevate privileges locally.

CVE-2025-59510 Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability

Improper link resolution before file access (‚link following‘) in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.

CVE-2025-59509 Windows Speech Recognition Information Disclosure Vulnerability

Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.

CVE-2025-62199 Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-62206 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.

CVE-2025-59512 Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability

Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.

CVE-2025-30398 Nuance PowerScribe 360 Information Disclosure Vulnerability

Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network.