My next class:

Microsoft Patch Tuesday for November 2025

Published: 2025-11-11. Last Updated: 2025-11-11 19:24:30 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

Today's Microsoft Patch Tuesday offers fixes for 80 different vulnerabilities. One of the vulnerabilities is already being exploited, and five are rated as critical.

Notable Vulnerabilities:

CVE-2025-62215: This vulnerability is already being exploited. It is a privilege escalation vulnerability in the Windows Kernel. These types of vulnerabilities are often exploited as part of a more complex attack chain; however, exploiting this specific vulnerability is likely to be relatively straightforward, given the existence of prior similar vulnerabilities.

CVE-2025-60274: A critical GDI+ remote execution vulnerability. GDI+ parses various graphics files. The attack surface is likely huge, as anything in Windows (Browsers, email, and Office Documents) will use this library at some point to display images. We also have a critical vulnerability in Direct-X CVE-2025-60716. Microsoft classifies this as a privilege escalation issue, yet still rates it as critical.

CVE-2025-62199: A code execution vulnerability in Microsoft Office. Another component with a huge attack surface that is often exploited.

Given the number and type of vulnerabilities, I would consider this patch Tuesday "lighter than normal". There are no "Patch Now" vulnerabilities, and I suggest applying these vulnerabilities in accordance with your vulnerability management program.

 

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
Agentic AI and Visual Studio Code Remote Code Execution Vulnerability
CVE-2025-62222 No No - - Important 8.8 7.7
An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).
CVE-2025-60753 No No - - Moderate 5.5 5.2
Azure Monitor Agent Remote Code Execution Vulnerability
CVE-2025-59504 No No - - Important 7.3 6.4
Configuration Manager Elevation of Privilege Vulnerability
CVE-2025-47179 No No - - Important 6.7 5.8
Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability
CVE-2025-59512 No No - - Important 7.8 6.8
DirectX Graphics Kernel Denial of Service Vulnerability
CVE-2025-60723 No No - - Important 6.3 5.5
DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2025-59506 No No - - Important 7.0 6.1
CVE-2025-60716 No No - - Critical 7.0 6.1
Dynamics 365 Field Service (online) Spoofing Vulnerability
CVE-2025-62210 No No - - Important 8.7 7.6
CVE-2025-62211 No No - - Important 8.7 7.6
GDI+ Remote Code Execution Vulnerability
CVE-2025-60724 No No - - Critical 9.8 8.5
GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
CVE-2025-62453 No No - - Important 5.0 4.4
Host Process for Windows Tasks Elevation of Privilege Vulnerability
CVE-2025-60710 No No - - Important 7.8 6.8
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer
CVE-2025-64432 No No - - Moderate 4.7 4.5
KubeVirt Arbitrary Container File Read
CVE-2025-64433 No No - - Moderate 6.5 6.2
KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes
CVE-2025-64436 No No - - Moderate    
KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing
CVE-2025-64434 No No - - Moderate 4.7 4.5
KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes
CVE-2025-64437 No No - - Moderate 5.0 4.7
KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
CVE-2025-64435 No No - - Moderate 5.3 5.0
Libxml2: namespace use-after-free in xmlsettreedoc() function of libxml2
CVE-2025-12863 No No - - Important 7.5 7.1
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVE-2025-62206 No No - - Important 6.5 5.7
Microsoft Excel Information Disclosure Vulnerability
CVE-2025-60726 No No - - Important 7.1 6.2
CVE-2025-60728 No No - - Important 4.3 3.8
CVE-2025-59240 No No - - Important 5.5 4.8
CVE-2025-62202 No No - - Important 7.1 6.2
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-60727 No No - - Important 7.8 6.8
CVE-2025-62200 No No - - Important 7.8 6.8
CVE-2025-62201 No No - - Important 7.8 6.8
CVE-2025-62203 No No - - Important 7.8 6.8
Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62199 No No - - Critical 7.8 6.8
CVE-2025-62216 No No - - Important 7.8 6.8
CVE-2025-62205 No No - - Important 7.8 6.8
Microsoft OneDrive for Android Elevation of Privilege Vulnerability
CVE-2025-60722 No No - - Important 6.5 5.7
Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2025-59499 No No - - Important 8.8 7.7
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2025-62204 No No - - Important 8.0 7.0
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
CVE-2025-59514 No No - - Important 7.8 6.8
Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability
CVE-2025-62449 No No - - Important 6.8 5.9
Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability
CVE-2025-62218 No No - - Important 7.0 6.1
CVE-2025-62219 No No - - Important 7.0 6.1
Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability
CVE-2025-60707 No No - - Important 7.8 6.8
Nuance PowerScribe 360 Information Disclosure Vulnerability
CVE-2025-30398 No No - - Critical 8.1 7.1
Storvsp.sys Driver Denial of Service Vulnerability
CVE-2025-60708 No No - - Important 6.5 5.7
Visual Studio Remote Code Execution Vulnerability
CVE-2025-62214 No No - - Critical 6.7 5.8
Windows Administrator Protection Elevation of Privilege Vulnerability
CVE-2025-60718 No No - - Important 7.8 6.8
CVE-2025-60721 No No - - Important 7.8 6.9
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-60719 No No - - Important 7.0 6.1
CVE-2025-62217 No No - - Important 7.0 6.1
CVE-2025-62213 No No - - Important 7.0 6.1
Windows Bluetooth RFCOM Protocol Driver Information Disclosure Vulnerability
CVE-2025-59513 No No - - Important 5.5 4.8
Windows Broadcast DVR User Service Elevation of Privilege Vulnerability
CVE-2025-59515 No No - - Important 7.0 6.1
CVE-2025-60717 No No - - Important 7.0 6.1
Windows Client-Side Caching Elevation of Privilege Vulnerability
CVE-2025-60705 No No - - Important 7.8 6.8
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2025-60709 No No - - Important 7.8 6.8
Windows Hyper-V Information Disclosure Vulnerability
CVE-2025-60706 No No - - Important 5.5 4.8
Windows Kerberos Elevation of Privilege Vulnerability
CVE-2025-60704 No No - - Important 7.5 6.5
Windows Kernel Elevation of Privilege Vulnerability
CVE-2025-62215 No Yes - - Important 7.0 6.5
Windows License Manager Information Disclosure Vulnerability
CVE-2025-62208 No No - - Important 5.5 4.8
CVE-2025-62209 No No - - Important 5.5 4.8
Windows OLE Remote Code Execution Vulnerability
CVE-2025-60714 No No - - Important 7.8 6.8
Windows Remote Desktop Services Elevation of Privilege Vulnerability
CVE-2025-60703 No No - - Important 7.8 6.8
Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability
CVE-2025-59510 No No - - Important 5.5 4.8
Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
CVE-2025-60713 No No - - Important 7.8 6.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-62452 No No - - Important 8.0 7.0
CVE-2025-60715 No No - - Important 8.0 7.0
Windows Smart Card Reader Elevation of Privilege Vulnerability
CVE-2025-59505 No No - - Important 7.8 6.8
Windows Speech Recognition Elevation of Privilege Vulnerability
CVE-2025-59508 No No - - Important 7.0 6.1
Windows Speech Recognition Information Disclosure Vulnerability
CVE-2025-59509 No No - - Important 5.5 4.8
Windows Speech Runtime Elevation of Privilege Vulnerability
CVE-2025-59507 No No - - Important 7.0 6.1
Windows Subsystem for Linux GUI Remote Code Execution Vulnerability
CVE-2025-62220 No No - - Important 8.8 7.7
Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability
CVE-2025-60720 No No - - Important 7.8 6.8
Windows WLAN Service Elevation of Privilege Vulnerability
CVE-2025-59511 No No - - Important 7.8 6.8
can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled
CVE-2025-40107 No No - - Moderate 5.5 5.5
container escape due to /dev/console mount and related races
CVE-2025-52565 No No - - Important    
containerd CRI server: Host memory exhaustion through Attach goroutine leak
CVE-2025-64329 No No - - Moderate    
containerd affected by a local privilege escalation via wide permissions on CRI directory
CVE-2024-25621 No No - - Important 7.3 7.3
crypto: rng - Ensure set_ent is always present
CVE-2025-40109 No No - - Moderate 4.2 4.2
missing SFTP host verification with wolfSSH
CVE-2025-10966 No No - - Moderate 6.8 6.8
mruby array.c ary_fill_exec out-of-bounds write
CVE-2025-12875 No No - - Moderate 5.3 4.8
runc container escape via "masked path" abuse due to mount race conditions
CVE-2025-31133 No No - - Important    
runc: LSM labels can be bypassed with malicious config using dummy procfs files
CVE-2025-52881 No No - - Important    

--
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

Keywords: microsoft patch Tuesday
1 comment(s)
My next class:

Comments

Thank you

dumme Dänen

Nov 11th 2025
53 minutes ago

Login here to join the discussion.


Top of page
Diary Archives