Palo Alto Networks Security Advisories /CVE-2025-4235CVE-2025-4235 User-ID Credential Agent: Cleartext Exposure of Service Account passwordUrgencyMODERATE047910Severity4.2 ·MEDIUMExploit MaturityUNREPORTEDResponse EffortMODERATERecoveryUSERValue DensityDIFFUSEAttack VectorLOCALAttack...
Palo Alto Networks Security Advisories /CVE-2025-4234CVE-2025-4234 Cortex XDR Microsoft 365 Defender Pack: Cleartext Exposure of CredentialsUrgencyMODERATE047910Severity0.5 ·LOWExploit MaturityUNREPORTEDResponse EffortMODERATERecoveryUSERValue DensityDIFFUSEAttack...
CVE-2025-54110 HIGHNo exploitation known Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally. CVSS...
CVE-2025-54106 HIGHNo exploitation known Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker...
CVE-2025-54111 HIGHNo exploitation known Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges...
CVE-2025-54108 HIGHNo exploitation known Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc)...
CVE-2025-54112 HIGHNo exploitation known Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally....
CVE-2025-54105 HIGHNo exploitation known Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows...
CVE-2025-54103 HIGHNo exploitation known Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally. CVSS...
CVE-2025-54102 HIGHNo exploitation known Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges...
CVE-2025-54091 HIGHNo exploitation known Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally. CVSS...
CVE-2025-54092 HIGHNo exploitation known Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized...
CVE-2025-54098 HIGHNo exploitation known Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally. CVSS v3.1...
CVE-2025-54093 HIGHNo exploitation known Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally....
CVE-2025-54099 HIGHNo exploitation known Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate...
CVE-2025-53807 HIGHNo exploitation known Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an...
CVE-2025-53805 HIGHNo exploitation known Out-of-bounds read in Windows Internet Information Services allows an unauthorized attacker to deny service over a...
CVE-2025-49734 HIGHNo exploitation known Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to...
CVE-2025-53800 HIGHNo exploitation known No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges...
CVE-2025-49692 HIGHNo exploitation known Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges...
CVE-2025-53802 HIGHNo exploitation known Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. CVSS...
CVE-2025-53801 HIGHNo exploitation known Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally. CVSS v3.1...
CVE-2025-41701 HIGHNo exploitation known An unauthenticated attacker can trick a local user into executing arbitrary commands by opening a deliberately...
CVE-2025-40798 HIGHNo exploitation known A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0...
