From f41a8ca9df545faff21a48373e38b7fe36e78f73 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 11 Mar 2025 17:01:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/24xxx/CVE-2025-24993.json | 365 ++++++++++++++++++++++++++++++++- 2025/24xxx/CVE-2025-24994.json | 101 ++++++++- 2025/24xxx/CVE-2025-24995.json | 257 ++++++++++++++++++++++- 2025/24xxx/CVE-2025-24996.json | 329 ++++++++++++++++++++++++++++- 2025/24xxx/CVE-2025-24997.json | 173 +++++++++++++++- 2025/24xxx/CVE-2025-24998.json | 125 ++++++++++- 2025/25xxx/CVE-2025-25003.json | 113 +++++++++- 2025/25xxx/CVE-2025-25008.json | 149 +++++++++++++- 2025/26xxx/CVE-2025-26627.json | 65 +++++- 9 files changed, 1641 insertions(+), 36 deletions(-) diff --git a/2025/24xxx/CVE-2025-24993.json b/2025/24xxx/CVE-2025-24993.json index d1209e77eca..6db64cbf6b4 100644 --- a/2025/24xxx/CVE-2025-24993.json +++ b/2025/24xxx/CVE-2025-24993.json @@ -1,17 +1,374 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24993", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7009" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7009" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7009" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3328" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5608" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5039" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5608" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3476" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5039" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5039" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1486" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3476" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3476" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.10240.0", + "version_value": "10.0.10240.20947" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7876" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7876" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7876" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23168" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23168" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23168" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27618" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27618" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25368" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25368" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22470" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22470" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24993", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24993" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C" } ] } diff --git a/2025/24xxx/CVE-2025-24994.json b/2025/24xxx/CVE-2025-24994.json index bcbd13281d0..2af4e03045f 100644 --- a/2025/24xxx/CVE-2025-24994.json +++ b/2025/24xxx/CVE-2025-24994.json @@ -1,17 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24994", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5039" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5039" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5039" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3476" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24994", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24994" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/24xxx/CVE-2025-24995.json b/2025/24xxx/CVE-2025-24995.json index 384813eee5e..0f51090de85 100644 --- a/2025/24xxx/CVE-2025-24995.json +++ b/2025/24xxx/CVE-2025-24995.json @@ -1,17 +1,266 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24995", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7009" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7009" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7009" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3328" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5608" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5039" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5608" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3476" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5039" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5039" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1486" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3476" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3476" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.10240.0", + "version_value": "10.0.10240.20947" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7876" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7876" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7876" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24995", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24995" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/24xxx/CVE-2025-24996.json b/2025/24xxx/CVE-2025-24996.json index 6be714164b2..6f340a4c54c 100644 --- a/2025/24xxx/CVE-2025-24996.json +++ b/2025/24xxx/CVE-2025-24996.json @@ -1,17 +1,338 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24996", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-73: External Control of File Name or Path", + "cweId": "CWE-73" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7009" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7009" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7009" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3328" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5608" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5039" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5608" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3476" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5039" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5039" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1486" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3476" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3476" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.10240.0", + "version_value": "10.0.10240.20947" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7876" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7876" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7876" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27618" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27618" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25368" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25368" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22470" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22470" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24996", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24996" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2025/24xxx/CVE-2025-24997.json b/2025/24xxx/CVE-2025-24997.json index 7e8565c6c32..6ea33954264 100644 --- a/2025/24xxx/CVE-2025-24997.json +++ b/2025/24xxx/CVE-2025-24997.json @@ -1,17 +1,182 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24997", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3328" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5608" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5039" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5608" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3476" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5039" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5039" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1486" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3476" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3476" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24997", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24997" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 4.4, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/24xxx/CVE-2025-24998.json b/2025/24xxx/CVE-2025-24998.json index b83431b5b9a..364cdc46d05 100644 --- a/2025/24xxx/CVE-2025-24998.json +++ b/2025/24xxx/CVE-2025-24998.json @@ -1,17 +1,134 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24998", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-427: Uncontrolled Search Path Element", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2022 version 17.13", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.10", + "version_value": "17.13.3" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.0", + "version_value": "17.12.6" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.9.0", + "version_value": "15.9.71" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.11.0", + "version_value": "16.11.45" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.8", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.8.0", + "version_value": "17.8.19" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.10", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.10", + "version_value": "17.10.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24998", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24998" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/25xxx/CVE-2025-25003.json b/2025/25xxx/CVE-2025-25003.json index 29b8e831492..12c7676cf49 100644 --- a/2025/25xxx/CVE-2025-25003.json +++ b/2025/25xxx/CVE-2025-25003.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-25003", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-427: Uncontrolled Search Path Element", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.11.0", + "version_value": "16.11.45" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.8", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.8.0", + "version_value": "17.8.19" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.10", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.10", + "version_value": "17.10.12" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.0", + "version_value": "17.12.6" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.13", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.10", + "version_value": "17.13.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25003", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25003" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/25xxx/CVE-2025-25008.json b/2025/25xxx/CVE-2025-25008.json index e02f0fbf85f..2fd9e46a096 100644 --- a/2025/25xxx/CVE-2025-25008.json +++ b/2025/25xxx/CVE-2025-25008.json @@ -1,17 +1,158 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-25008", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')", + "cweId": "CWE-59" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7009" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3328" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3476" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7876" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7876" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7009" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1486" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3476" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25008", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25008" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26627.json b/2025/26xxx/CVE-2025-26627.json index a2b4a1cbaa2..d6bf942b5f5 100644 --- a/2025/26xxx/CVE-2025-26627.json +++ b/2025/26xxx/CVE-2025-26627.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26627", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Azure ARC", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "1.0.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26627", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26627" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7, + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] }