Security Vulnerabilities - CVEs Published In July 2025
Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
CVSS Score
8.1
EPSS Score
0.01
Published
2025-07-08
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.
CVSS Score
7.0
EPSS Score
0.002
Published
2025-07-08
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.01
Published
2025-07-08
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
8.8
EPSS Score
0.008
Published
2025-07-08
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVSS Score
8.8
EPSS Score
0.006
Published
2025-07-08
Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.026
Published
2025-07-08
Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.
CVSS Score
3.1
EPSS Score
0.002
Published
2025-07-08
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.006
Published
2025-07-08
Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally.
CVSS Score
8.8
EPSS Score
0.004
Published
2025-07-08
Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.
CVSS Score
8.8
EPSS Score
0.019
Published
2025-07-08