Security Vulnerabilities - CVEs Published In May 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-05-13
Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.
CVSS Score
5.9
EPSS Score
0.001
Published
2025-05-13
CVE-2025-30397
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
Known exploited
CVSS Score
7.5
EPSS Score
0.213
Published
2025-05-13
CVE-2025-30400
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
Known exploited
CVSS Score
7.8
EPSS Score
0.011
Published
2025-05-13
CVE-2025-32701
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Known exploited
CVSS Score
7.8
EPSS Score
0.015
Published
2025-05-13
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-05-13
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
CVSS Score
7.4
EPSS Score
0.01
Published
2025-05-13
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-05-13
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVSS Score
8.4
EPSS Score
0.001
Published
2025-05-13
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-05-13