Security Vulnerabilities - CVEs Published In July 2025
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVSS Score
6.8
EPSS Score
0.009
Published
2025-07-08
Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network.
CVSS Score
5.7
EPSS Score
0.007
Published
2025-07-08
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVSS Score
6.8
EPSS Score
0.012
Published
2025-07-08
Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.031
Published
2025-07-08
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVSS Score
6.8
EPSS Score
0.012
Published
2025-07-08
Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.014
Published
2025-07-08
Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.009
Published
2025-07-08
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVSS Score
8.8
EPSS Score
0.007
Published
2025-07-08
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
CVSS Score
6.8
EPSS Score
0.008
Published
2025-07-08
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.005
Published
2025-07-08