Microsoft Patch Tuesday September 2025
As part of its September patch Tuesday, Microsoft addressed 177 different vulnerabilities, 86 of which affect Microsoft products. None of the vulnerabilities has been exploited before today. Two of the vulnerabilities were already made public. Microsoft rates 13 of the vulnerabilities are critical.
You will see a number of vulnerabilities without assigned severity. These vulnerabilities affect Linux distributions like Mariner, Microsoft's Linux distribution used in its cloud environments, and Azure Linux.
Vulnerabilities of Interest:
CVE-2025-54107, CVE-2025-54917: Microsoft assigns URLs to different security zones, like "Intranet" and "Internet". URLs may be misclassified. An attacker could use this vulnerability to bypass security features that restrict more risky URLs.
CVE-2025-55226, CVE-2025-55236: The description for these vulnerabilities is a bit odd. Microsoft labels them as "remote code execution" vulnerabilities, but states that they allow an "authorized attacker to execute code locally." I suspect that the remote part refers to a user unknowingly executing the code by viewing an image. The CVSS score is still low for a "critical" vulnerability.
Overall, there is no "patch now" vulnerability included. Apply patches in line with your local vulnerability management policy (hopefully before next month's patch Tuesday).
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) | 
| ACPI: pfr_update: Fix the driver update version check | |||||||
| CVE-2025-39701 | No | No | - | - | - | ||
| ALSA: usb-audio: Validate UAC3 power domain descriptors, too | |||||||
| CVE-2025-38729 | No | No | - | - | - | 7.0 | 7.0 | 
| ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() | |||||||
| CVE-2025-38706 | No | No | - | - | - | 4.7 | 4.7 | 
| Azure Arc Elevation of Privilege Vulnerability | |||||||
| CVE-2025-55316 | No | No | - | - | Important | 7.8 | 6.8 | 
| Azure Bot Service Elevation of Privilege Vulnerability | |||||||
| CVE-2025-55244 | No | No | - | - | Critical | 9.0 | 7.8 | 
| Azure Connected Machine Agent Elevation of Privilege Vulnerability | |||||||
| CVE-2025-49692 | No | No | - | - | Important | 7.8 | 6.8 | 
| Azure Entra Elevation of Privilege Vulnerability | |||||||
| CVE-2025-55241 | No | No | - | - | Critical | 9.0 | 7.8 | 
| Azure Networking Elevation of Privilege Vulnerability | |||||||
| CVE-2025-54914 | No | No | - | - | Critical | 10.0 | 8.7 | 
| Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability | |||||||
| CVE-2025-54108 | No | No | - | - | Important | 7.0 | 6.1 | 
| DirectX Graphics Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2025-55223 | No | No | - | - | Important | 7.0 | 6.1 | 
| Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability | |||||||
| CVE-2025-55238 | No | No | - | - | Critical | 7.5 | 6.5 | 
| Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file() | |||||||
| CVE-2025-7039 | No | No | - | - | - | 3.7 | 3.7 | 
| Graphics Kernel Remote Code Execution Vulnerability | |||||||
| CVE-2025-55226 | No | No | - | - | Critical | 6.7 | 5.8 | 
| CVE-2025-55236 | No | No | - | - | Critical | 7.3 | 6.4 | 
| HTTP.sys Denial of Service Vulnerability | |||||||
| CVE-2025-53805 | No | No | - | - | Important | 7.5 | 6.5 | 
| Libsoup: improper handling of http vary header in libsoup caching | |||||||
| CVE-2025-9901 | No | No | - | - | - | 5.9 | 5.6 | 
| Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | |||||||
| CVE-2025-53809 | No | No | - | - | Important | 6.5 | 5.7 | 
| Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | |||||||
| CVE-2025-54894 | No | No | - | - | Important | 7.8 | 6.8 | 
| LoongArch: BPF: Fix jump offset calculation in tailcall | |||||||
| CVE-2025-38723 | No | No | - | - | - | 5.5 | 5.5 | 
| MIPS: Don't crash in stack_top() for tasks without ABI or vDSO | |||||||
| CVE-2025-38696 | No | No | - | - | - | 5.5 | 5.5 | 
| MapUrlToZone Security Feature Bypass Vulnerability | |||||||
| CVE-2025-54107 | No | No | - | - | Important | 4.3 | 3.8 | 
| CVE-2025-54917 | No | No | - | - | Important | 4.3 | 3.8 | 
| Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | |||||||
| CVE-2025-55317 | No | No | - | - | Important | 7.8 | 6.8 | 
| Microsoft Brokering File System Elevation of Privilege Vulnerability | |||||||
| CVE-2025-54105 | No | No | - | - | Important | 7.0 | 6.1 | 
| Microsoft DWM Core Library Elevation of Privilege Vulnerability | |||||||
| CVE-2025-53801 | No | No | - | - | Important | 7.8 | 6.8 | 
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||||
| CVE-2025-53791 | No | No | - | - | Moderate | 4.7 | 4.1 | 
| Microsoft Excel Information Disclosure Vulnerability | |||||||
| CVE-2025-54901 | No | No | - | - | Important | 5.5 | 4.8 | 
| Microsoft Excel Remote Code Execution Vulnerability | |||||||
| CVE-2025-54896 | No | No | - | - | Important | 7.8 | 6.8 | 
| CVE-2025-54898 | No | No | - | - | Important | 7.8 | 6.8 | 
| CVE-2025-54899 | No | No | - | - | Important | 7.8 | 6.8 | 
| CVE-2025-54902 | No | No | - | - | Important | 7.8 | 6.8 | 
| CVE-2025-54903 | No | No | - | - | Important | 7.8 | 6.8 | 
| CVE-2025-54904 | No | No | - | - | Important | 7.8 | 6.8 | 
| CVE-2025-54900 | No | No | - | - | Important | 7.8 | 6.8 | 
| Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability | |||||||
| CVE-2025-55232 | No | No | - | - | Important | 9.8 | 8.5 | 
| Microsoft Office Remote Code Execution Vulnerability | |||||||
| CVE-2025-54906 | No | No | - | - | Important | 7.8 | 6.8 | 
| CVE-2025-54910 | No | No | - | - | Critical | 8.4 | 7.3 | 
| Microsoft Office Visio Remote Code Execution Vulnerability | |||||||
| CVE-2025-54907 | No | No | - | - | Important | 7.8 | 6.8 | 
| Microsoft OfficePlus Spoofing Vulnerability | |||||||
| CVE-2025-55243 | No | No | - | - | Important | 7.5 | 6.5 | 
| Microsoft PowerPoint Remote Code Execution Vulnerability | |||||||
| CVE-2025-54908 | No | No | - | - | Important | 7.8 | 6.8 | 
| Microsoft SQL Server Elevation of Privilege Vulnerability | |||||||
| CVE-2025-55227 | No | No | - | - | Important | 8.8 | 7.7 | 
| Microsoft SQL Server Information Disclosure Vulnerability | |||||||
| CVE-2025-47997 | No | No | - | - | Important | 6.5 | 5.7 | 
| Microsoft SharePoint Remote Code Execution Vulnerability | |||||||
| CVE-2025-54897 | No | No | - | - | Important | 8.8 | 7.7 | 
| Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | |||||||
| CVE-2025-54112 | No | No | - | - | Important | 7.0 | 6.1 | 
| Microsoft Word Information Disclosure Vulnerability | |||||||
| CVE-2025-54905 | No | No | - | - | Important | 7.1 | 6.2 | 
| NFS: Fix a race when updating an existing write | |||||||
| CVE-2025-39697 | No | No | - | - | - | 5.5 | 5.5 | 
| NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() | |||||||
| CVE-2025-39730 | No | No | - | - | - | 7.5 | 7.5 | 
| Podman: podman kube play command may overwrite host files | |||||||
| CVE-2025-9566 | No | No | - | - | - | 8.1 | 8.1 | 
| PowerShell Direct Elevation of Privilege Vulnerability | |||||||
| CVE-2025-49734 | No | No | - | - | Important | 7.0 | 6.1 | 
| SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege Vulnerability | |||||||
| CVE-2025-54895 | No | No | - | - | Important | 7.8 | 6.8 | 
| VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json | |||||||
| CVE-2024-21907 | Yes | No | - | - | - | ||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||||||
| CVE-2025-54099 | No | No | - | - | Important | 7.0 | 6.1 | 
| Windows BitLocker Elevation of Privilege Vulnerability | |||||||
| CVE-2025-54911 | No | No | - | - | Important | 7.3 | 6.4 | 
| CVE-2025-54912 | No | No | - | - | Important | 7.8 | 6.8 | 
| Windows Bluetooth Service Elevation of Privilege Vulnerability | |||||||
| CVE-2025-53802 | No | No | - | - | Important | 7.0 | 6.1 | 
| Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability | |||||||
| CVE-2025-54114 | No | No | - | - | Important | 7.0 | 6.1 | 
| Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | |||||||
| CVE-2025-54102 | No | No | - | - | Important | 7.8 | 6.8 | 
| Windows Defender Firewall Service Elevation of Privilege Vulnerability | |||||||
| CVE-2025-53808 | No | No | - | - | Important | 6.7 | 5.8 | 
| CVE-2025-53810 | No | No | - | - | Important | 6.7 | 5.8 | 
| CVE-2025-54094 | No | No | - | - | Important | 6.7 | 5.8 | 
| CVE-2025-54104 | No | No | - | - | Important | 6.7 | 5.8 | 
| CVE-2025-54109 | No | No | - | - | Important | 6.7 | 5.8 | 
| CVE-2025-54915 | No | No | - | - | Important | 6.7 | 5.8 | 
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||||
| CVE-2025-53800 | No | No | - | - | Critical | 7.8 | 6.8 | 
| CVE-2025-53807 | No | No | - | - | Important | 7.0 | 6.1 | 
| Windows Graphics Component Remote Code Execution Vulnerability | |||||||
| CVE-2025-54919 | No | No | - | - | Important | 7.5 | 6.5 | 
| CVE-2025-55228 | No | No | - | - | Critical | 7.8 | 6.8 | 
| Windows Hyper-V Elevation of Privilege Vulnerability | |||||||
| CVE-2025-54091 | No | No | - | - | Important | 7.8 | 6.8 | 
| CVE-2025-54092 | No | No | - | - | Important | 7.8 | 6.8 | 
| CVE-2025-54098 | No | No | - | - | Important | 7.8 | 6.8 | 
| CVE-2025-54115 | No | No | - | - | Important | 7.0 | 6.1 | 
| Windows Hyper-V Remote Code Execution Vulnerability | |||||||
| CVE-2025-55224 | No | No | - | - | Critical | 7.8 | 6.8 | 
| Windows Imaging Component Information Disclosure Vulnerability | |||||||
| CVE-2025-53799 | No | No | - | - | Critical | 5.5 | 4.8 | 
| Windows Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2025-54110 | No | No | - | - | Important | 8.8 | 7.7 | 
| Windows Kernel Memory Information Disclosure Vulnerability | |||||||
| CVE-2025-53803 | No | No | - | - | Important | 5.5 | 4.8 | 
| Windows Kernel-Mode Driver Information Disclosure Vulnerability | |||||||
| CVE-2025-53804 | No | No | - | - | Important | 5.5 | 4.8 | 
| Windows Management Service Elevation of Privilege Vulnerability | |||||||
| CVE-2025-54103 | No | No | - | - | Important | 7.4 | 6.4 | 
| Windows MultiPoint Services Elevation of Privilege Vulnerability | |||||||
| CVE-2025-54116 | No | No | - | - | Important | 7.3 | 6.4 | 
| Windows NTFS Remote Code Execution Vulnerability | |||||||
| CVE-2025-54916 | No | No | - | - | Important | 7.8 | 6.8 | 
| Windows NTLM Elevation of Privilege Vulnerability | |||||||
| CVE-2025-54918 | No | No | - | - | Critical | 8.8 | 7.7 | 
| Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | |||||||
| CVE-2025-53797 | No | No | - | - | Important | 6.5 | 5.7 | 
| CVE-2025-53798 | No | No | - | - | Important | 6.5 | 5.7 | 
| CVE-2025-54095 | No | No | - | - | Important | 6.5 | 5.7 | 
| CVE-2025-54096 | No | No | - | - | Important | 6.5 | 5.7 | 
| CVE-2025-54097 | No | No | - | - | Important | 6.5 | 5.7 | 
| CVE-2025-55225 | No | No | - | - | Important | 6.5 | 5.7 | 
| CVE-2025-53796 | No | No | - | - | Important | 6.5 | 5.7 | 
| CVE-2025-53806 | No | No | - | - | Important | 6.5 | 5.7 | 
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||||
| CVE-2025-54106 | No | No | - | - | Important | 8.8 | 7.7 | 
| CVE-2025-54113 | No | No | - | - | Important | 8.8 | 7.7 | 
| Windows SMB Client Remote Code Execution Vulnerability | |||||||
| CVE-2025-54101 | No | No | - | - | Important | 4.8 | 4.2 | 
| Windows SMB Elevation of Privilege Vulnerability | |||||||
| CVE-2025-55234 | Yes | No | - | - | Important | 8.8 | 7.7 | 
| Windows TCP/IP Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-54093 | No | No | - | - | Important | 7.0 | 6.1 | 
| Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability | |||||||
| CVE-2025-54913 | No | No | - | - | Important | 7.8 | 6.8 | 
| Windows UI XAML Phone DatePickerFlyout Elevation of Privilege Vulnerability | |||||||
| CVE-2025-54111 | No | No | - | - | Important | 7.8 | 6.8 | 
| Xbox Certification Bug Copilot Djando Information Disclosure Vulnerability | |||||||
| CVE-2025-55242 | No | No | - | - | Critical | 6.5 | 5.7 | 
| Xbox Gaming Services Elevation of Privilege Vulnerability | |||||||
| CVE-2025-55245 | No | No | - | - | Important | 7.8 | 6.8 | 
| cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters. | |||||||
| CVE-2025-57052 | No | No | - | - | - | 9.8 | 9.8 | 
| comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() | |||||||
| CVE-2025-39684 | No | No | - | - | - | 5.5 | 5.5 | 
| comedi: Make insn_rw_emulate_bits() do insn->n samples | |||||||
| CVE-2025-39686 | No | No | - | - | - | 5.5 | 5.5 | 
| comedi: fix race between polling and detaching | |||||||
| CVE-2025-38687 | No | No | - | - | - | 5.5 | 5.5 | 
| comedi: pcl726: Prevent invalid irq number | |||||||
| CVE-2025-39685 | No | No | - | - | - | 5.5 | 5.5 | 
| crypto: qat - flush misc workqueue during device shutdown | |||||||
| CVE-2025-39721 | No | No | - | - | - | 7.0 | 7.0 | 
| drbd: add missing kref_get in handle_write_conflicts | |||||||
| CVE-2025-38708 | No | No | - | - | - | 6.3 | 6.3 | 
| drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() | |||||||
| CVE-2025-39675 | No | No | - | - | - | 5.5 | 5.5 | 
| drm/amd/display: Avoid a NULL pointer dereference | |||||||
| CVE-2025-39693 | No | No | - | - | - | 5.5 | 5.5 | 
| drm/amd/display: fix a Null pointer dereference vulnerability | |||||||
| CVE-2025-39705 | No | No | - | - | - | 5.5 | 5.5 | 
| drm/amd/pm: fix null pointer access | |||||||
| CVE-2025-38705 | No | No | - | - | - | 5.5 | 5.5 | 
| drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities | |||||||
| CVE-2025-39707 | No | No | - | - | - | 5.5 | 5.5 | 
| drm/amdkfd: Destroy KFD debugfs after destroy KFD wq | |||||||
| CVE-2025-39706 | No | No | - | - | - | 5.5 | 5.5 | 
| drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). | |||||||
| CVE-2025-39679 | No | No | - | - | - | 5.5 | 5.5 | 
| drm/xe: Make dma-fences compliant with the safe access rules | |||||||
| CVE-2025-38703 | No | No | - | - | - | 7.8 | 7.8 | 
| exfat: add cluster chain loop check for dir | |||||||
| CVE-2025-38692 | No | No | - | - | - | 7.0 | 7.0 | 
| ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr | |||||||
| CVE-2025-38701 | No | No | - | - | - | 7.0 | 6.4 | 
| f2fs: vm_unmap_ram() may be called from an invalid context | |||||||
| CVE-2025-39731 | No | No | - | - | - | 5.5 | 5.5 | 
| fbdev: Fix vmalloc out-of-bounds write in fast_imageblit | |||||||
| CVE-2025-38685 | No | No | - | - | - | 7.8 | 7.8 | 
| fbdev: fix potential buffer overflow in do_register_framebuffer() | |||||||
| CVE-2025-38702 | No | No | - | - | - | 7.8 | 7.1 | 
| fs/buffer: fix use-after-free when call bh_read() helper | |||||||
| CVE-2025-39691 | No | No | - | - | - | 7.1 | 7.1 | 
| fs/ntfs3: Add sanity check for file name | |||||||
| CVE-2025-38707 | No | No | - | - | - | 5.5 | 5.5 | 
| ftrace: Also allocate and copy hash for reading of filter files | |||||||
| CVE-2025-39689 | No | No | - | - | - | 7.1 | 6.5 | 
| gfs2: Validate i_depth for exhash directories | |||||||
| CVE-2025-38710 | No | No | - | - | - | 7.0 | 6.4 | 
| gve: prevent ethtool ops after shutdown | |||||||
| CVE-2025-38735 | No | No | - | - | - | 7.0 | 7.0 | 
| habanalabs: fix UAF in export_dmabuf() | |||||||
| CVE-2025-38722 | No | No | - | - | - | 5.5 | 5.5 | 
| hfs: fix general protection fault in hfs_find_init() | |||||||
| CVE-2025-38716 | No | No | - | - | - | 5.5 | 5.5 | 
| hfs: fix slab-out-of-bounds in hfs_bnode_read() | |||||||
| CVE-2025-38715 | No | No | - | - | - | 5.5 | 5.5 | 
| hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() | |||||||
| CVE-2025-38712 | No | No | - | - | - | 5.5 | 5.5 | 
| hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() | |||||||
| CVE-2025-38714 | No | No | - | - | - | 9.0 | 8.2 | 
| hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() | |||||||
| CVE-2025-38713 | No | No | - | - | - | 6.1 | 6.1 | 
| iio: imu: bno055: fix OOB access of hw_xlate array | |||||||
| CVE-2025-39719 | No | No | - | - | - | 5.5 | 5.5 | 
| iio: light: as73211: Ensure buffer holes are zeroed | |||||||
| CVE-2025-39687 | No | No | - | - | - | 5.5 | 5.5 | 
| io_uring/net: commit partial buffers on retry | |||||||
| CVE-2025-38730 | No | No | - | - | - | 5.5 | 5.5 | 
| iommufd: Prevent ALIGN() overflow | |||||||
| CVE-2025-38688 | No | No | - | - | - | 7.1 | 7.1 | 
| ipv6: sr: Fix MAC comparison to be constant-time | |||||||
| CVE-2025-39702 | No | No | - | - | - | 7.1 | 7.1 | 
| jfs: Regular file corruption check | |||||||
| CVE-2025-38698 | No | No | - | - | - | 7.1 | 6.5 | 
| jfs: upper bound check of tree index in dbAllocAG | |||||||
| CVE-2025-38697 | No | No | - | - | - | 7.1 | 7.1 | 
| ksmbd: fix refcount leak causing resource not released | |||||||
| CVE-2025-39720 | No | No | - | - | - | 5.5 | 5.5 | 
| loop: Avoid updating block size under exclusive owner | |||||||
| CVE-2025-38709 | No | No | - | - | - | 7.0 | 6.4 | 
| media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls | |||||||
| CVE-2025-39711 | No | No | - | - | - | 7.0 | 7.0 | 
| media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() | |||||||
| CVE-2025-39713 | No | No | - | - | - | 7.0 | 7.0 | 
| media: usbtv: Lock resolution while streaming | |||||||
| CVE-2025-39714 | No | No | - | - | - | 5.5 | 5.5 | 
| media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() | |||||||
| CVE-2025-38680 | No | No | - | - | - | 3.3 | 3.3 | 
| media: venus: Add a check for packet size after reading from shared memory | |||||||
| CVE-2025-39710 | No | No | - | - | - | ||
| media: venus: Fix OOB read due to missing payload bound check | |||||||
| CVE-2025-38679 | No | No | - | - | - | 5.5 | 5.5 | 
| media: venus: protect against spurious interrupts during probe | |||||||
| CVE-2025-39709 | No | No | - | - | - | 5.5 | 5.5 | 
| mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() | |||||||
| CVE-2025-38681 | No | No | - | - | - | 5.5 | 5.5 | 
| net, hsr: reject HSR frame if skb can't hold tag | |||||||
| CVE-2025-39703 | No | No | - | - | - | 7.0 | 6.4 | 
| net/sched: Fix backlog accounting in qdisc_dequeue_internal | |||||||
| CVE-2025-39677 | No | No | - | - | - | 7.0 | 6.4 | 
| net/sched: ets: use old 'nbands' while purging unused classes | |||||||
| CVE-2025-38684 | No | No | - | - | - | 7.0 | 7.0 | 
| net/smc: fix UAF on smcsk after smc_listen_out() | |||||||
| CVE-2025-38734 | No | No | - | - | - | 5.5 | 5.5 | 
| net: kcm: Fix race condition in kcm_unattach() | |||||||
| CVE-2025-38717 | No | No | - | - | - | 5.5 | 5.5 | 
| net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization | |||||||
| CVE-2025-38736 | No | No | - | - | - | 5.5 | 5.5 | 
| net: usb: asix_devices: add phy_mask for ax88772 mdio bus | |||||||
| CVE-2025-38725 | No | No | - | - | - | 5.5 | 5.5 | 
| netfilter: ctnetlink: fix refcount leak on table dump | |||||||
| CVE-2025-38721 | No | No | - | - | - | 5.5 | 5.5 | 
| netfilter: nf_reject: don't leak dst refcount for loopback packets | |||||||
| CVE-2025-38732 | No | No | - | - | - | 7.0 | 7.0 | 
| netfilter: nf_tables: reject duplicate device on updates | |||||||
| CVE-2025-38678 | No | No | - | - | - | 6.0 | 6.0 | 
| nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() | |||||||
| CVE-2025-38724 | No | No | - | - | - | 6.8 | 6.8 | 
| pNFS: Fix uninited ptr deref in block/scsi layout | |||||||
| CVE-2025-38691 | No | No | - | - | - | 5.5 | 5.5 | 
| parisc: Revise __get_user() to probe user read access | |||||||
| CVE-2025-39716 | No | No | - | - | - | 5.5 | 5.5 | 
| parisc: Revise gateway LWS calls to probe user read access | |||||||
| CVE-2025-39715 | No | No | - | - | - | 5.5 | 5.5 | 
| ppp: fix race conditions in ppp_fill_forward_path | |||||||
| CVE-2025-39673 | No | No | - | - | - | 7.0 | 7.0 | 
| rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access | |||||||
| CVE-2025-38704 | No | No | - | - | - | 5.5 | 5.5 | 
| s390/ism: fix concurrency management in ism_cmd() | |||||||
| CVE-2025-39726 | No | No | - | - | - | 5.5 | 5.5 | 
| s390/sclp: Fix SCCB present check | |||||||
| CVE-2025-39694 | No | No | - | - | - | 7.0 | 7.0 | 
| scsi: bfa: Double-free fix | |||||||
| CVE-2025-38699 | No | No | - | - | - | 7.8 | 7.8 | 
| scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated | |||||||
| CVE-2025-38700 | No | No | - | - | - | 4.7 | 4.7 | 
| scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure | |||||||
| CVE-2025-38695 | No | No | - | - | - | 7.0 | 6.4 | 
| scsi: qla4xxx: Prevent a potential error pointer dereference | |||||||
| CVE-2025-39676 | No | No | - | - | - | 5.5 | 5.5 | 
| sctp: linearize cloned gso packets in sctp_rcv | |||||||
| CVE-2025-38718 | No | No | - | - | - | 7.0 | 6.4 | 
| serial: 8250: fix panic due to PSLVERR | |||||||
| CVE-2025-39724 | No | No | - | - | - | 5.5 | 5.5 | 
| smb/server: avoid deadlock when linking with ReplaceIfExists | |||||||
| CVE-2025-38711 | No | No | - | - | - | 5.5 | 5.5 | 
| smb3: fix for slab out of bounds on mount to ksmbd | |||||||
| CVE-2025-38728 | No | No | - | - | - | 5.5 | 5.5 | 
| smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() | |||||||
| CVE-2025-39692 | No | No | - | - | - | 5.5 | 5.5 | 
| tls: fix handling of zero-length records on the rx_list | |||||||
| CVE-2025-39682 | No | No | - | - | - | 6.5 | 6.5 | 
| tracing: Limit access to parser->buffer when trace_get_user failed | |||||||
| CVE-2025-39683 | No | No | - | - | - | 7.1 | 7.1 | 
| vsock/virtio: Validate length in packet header before skb_put() | |||||||
| CVE-2025-39718 | No | No | - | - | - | 5.5 | 5.5 | 
| wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() | |||||||
| CVE-2025-39732 | No | No | - | - | - | 7.0 | 7.0 | 
| x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper | |||||||
| CVE-2025-39681 | No | No | - | - | - | 5.5 | 5.5 | 
--
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
| Application Security: Securing Web Apps, APIs, and Microservices | Dallas | Dec 1st - Dec 6th 2025 | 
 
              
Comments