CVEs have been published or revised in the Security Update Guide

November 6, 2025

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2025-12725

• Title: Chromium: CVE-2025-12725 Out of bounds write in WebGPU
• Version: 1.0
• Reason for revision: Information published.
• Originally released: November 6, 2025
• Last updated: November 6, 2025
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2025-12726

• Title: Chromium: CVE-2025-12726 Inappropriate implementation in Views.
• Version: 1.0
• Reason for revision: Information published.
• Originally released: November 6, 2025
• Last updated: November 6, 2025
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2025-12727

• Title: Chromium: CVE-2025-12727 Inappropriate implementation in V8
• Version: 1.0
• Reason for revision: Information published.
• Originally released: November 6, 2025
• Last updated: November 6, 2025
• Aggregate CVE severity rating:

Customer action required: Yes

CVEs have been published or revised in the Security Update Guide

November 10, 2025

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2025-12725

• Title: Chromium: CVE-2025-12725 Out of bounds write in WebGPU
• Version: 2.0
• Reason for revision: Affected software updated with new package information.
• Originally released: November 6, 2025
• Last updated: November 10, 2025
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2025-12725

• Title: Chromium: CVE-2025-12725 Out of bounds write in WebGPU
• Version: 2.1
• Reason for revision: Added FAQ information. This is an informational change only.
• Originally released: November 6, 2025
• Last updated: November 10, 2025
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2025-12727

• Title: Chromium: CVE-2025-12727 Inappropriate implementation in V8
• Version: 2.0
• Reason for revision: Affected software updated with new package information.
• Originally released: November 6, 2025
• Last updated: November 10, 2025
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2025-12727

• Title: Chromium: CVE-2025-12727 Inappropriate implementation in V8
• Version: 2.1
• Reason for revision: Added FAQ information. This is an informational change only.
• Originally released: November 6, 2025
• Last updated: November 10, 2025
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2025-12728

• Title: Chromium: CVE-2025-12728 Inappropriate implementation in Omnibox
• Version: 1.0
• Reason for revision: Information published.
• Originally released: November 10, 2025
• Last updated: November 10, 2025
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2025-12729

• Title: Chromium: CVE-2025-12729 Inappropriate implementation in Omnibox
• Version: 1.0
• Reason for revision: Information published.
• Originally released: November 10, 2025
• Last updated: November 10, 2025
• Aggregate CVE severity rating:

Customer action required: Yes

November 2025 Security Updates

This release consists of the following 63 Microsoft CVEs:
Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?

Nuance PowerScribe CVE-2025-30398
Microsoft Configuration Manager CVE-2025-47179
Microsoft Office Excel CVE-2025-59240
SQL Server CVE-2025-59499
Azure Monitor Agent CVE-2025-59504
Windows Smart Card CVE-2025-59505
Windows DirectX CVE-2025-59506
Windows Speech CVE-2025-59507
Windows Speech CVE-2025-59508
Windows Speech CVE-2025-59509
Windows Routing and Remote Access Service (RRAS) CVE-2025-59510
Windows WLAN Service CVE-2025-59511
Customer Experience Improvement Program (CEIP) CVE-2025-59512
Windows Bluetooth RFCOM Protocol Driver CVE-2025-59513
Microsoft Streaming Service CVE-2025-59514
Windows Broadcast DVR User Service CVE-2025-59515
Windows Remote Desktop CVE-2025-60703
Windows Kerberos CVE-2025-60704
Windows Client-Side Caching (CSC) Service CVE-2025-60705
Role: Windows Hyper-V CVE-2025-60706
Multimedia Class Scheduler Service (MMCSS) CVE-2025-60707
Storvsp.sys Driver CVE-2025-60708
Windows Common Log File System Driver CVE-2025-60709
Host Process for Windows Tasks CVE-2025-60710
Windows Routing and Remote Access Service (RRAS) CVE-2025-60713
Windows OLE CVE-2025-60714
Windows Routing and Remote Access Service (RRAS) CVE-2025-60715
Windows DirectX CVE-2025-60716
Windows Broadcast DVR User Service CVE-2025-60717
Windows Administrator Protection CVE-2025-60718
Windows Ancillary Function Driver for WinSock CVE-2025-60719
Windows TDX.sys CVE-2025-60720
Windows Administrator Protection CVE-2025-60721
OneDrive for Android CVE-2025-60722
Windows DirectX CVE-2025-60723
Microsoft Graphics Component CVE-2025-60724
Microsoft Office Excel CVE-2025-60726
Microsoft Office Excel CVE-2025-60727
Microsoft Office Excel CVE-2025-60728
Microsoft Office CVE-2025-62199
Microsoft Office Excel CVE-2025-62200
Microsoft Office Excel CVE-2025-62201
Microsoft Office Excel CVE-2025-62202
Microsoft Office Excel CVE-2025-62203
Microsoft Office SharePoint CVE-2025-62204
Microsoft Office Word CVE-2025-62205
Microsoft Dynamics 365 (on-premises) CVE-2025-62206
Windows License Manager CVE-2025-62208
Windows License Manager CVE-2025-62209
Dynamics 365 Field Service (online) CVE-2025-62210
Dynamics 365 Field Service (online) CVE-2025-62211
Windows Ancillary Function Driver for WinSock CVE-2025-62213
Visual Studio CVE-2025-62214
Windows Kernel CVE-2025-62215
Microsoft Office CVE-2025-62216
Windows Ancillary Function Driver for WinSock CVE-2025-62217
Microsoft Wireless Provisioning System CVE-2025-62218
Microsoft Wireless Provisioning System CVE-2025-62219
Windows Subsystem for Linux GUI CVE-2025-62220
Visual Studio Code CoPilot Chat Extension CVE-2025-62222
Visual Studio Code CoPilot Chat Extension CVE-2025-62449
Windows Routing and Remote Access Service (RRAS) CVE-2025-62452
GitHub Copilot and Visual Studio Code CVE-2025-62453

We are republishing 5 non-Microsoft CVEs:
CNA Tag CVE FAQs? Workarounds? Mitigations?
Chrome Microsoft Edge (Chromium-based) CVE-2025-12725
Chrome Microsoft Edge (Chromium-based) CVE-2025-12726
Chrome Microsoft Edge (Chromium-based) CVE-2025-12727
Chrome Microsoft Edge (Chromium-based) CVE-2025-12728
Chrome Microsoft Edge (Chromium-based) CVE-2025-12729

Security Update Guide Blog Posts
Date Blog Post
October 31, 2025 You asked, we delivered: Introducing new features for an improved security experience
October 28, 2025 Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know
October 22, 2025 Toward greater transparency: Introducing machine-readable Vulnerability Exploitability Xchange (VEX) for Azure Linux and beyond
November 12, 2024 Toward greater transparency: Publishing machine-readable CSAF files
June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs
April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs
January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Resources

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
• Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

Known Issues
KB Article Product
5068779 Windows Server 2022, 23H2 Edition (Server Core installation)
5068787 Windows Server 2022
5068840 Windows Server 2022 Hotpatch
5068906 Windows Server 2008 (Monthly Rollup)
5068966 Windows Server 2025 Hotpatch
5071726 Windows Server 2025
5002800 SharePoint Server Subscription Edition
5002803 SharePoint Server 2019
5002805 SharePoint Server 2016

Released: Nov 11, 2025

November 2025 Security Updates - Release Notes - Security Update Guide - Microsoft

Microsoft security update summary for November 2025

November 11, 2025

Here’s a summary of Microsoft security updates released on this date.

Critical security updates

• Microsoft 365 Apps for Enterprise for 32-bit Systems
• Microsoft 365 Apps for Enterprise for 64-bit Systems
• Microsoft Office 2016 (32-bit edition)
• Microsoft Office 2016 (64-bit edition)
• Microsoft Office for Android
• Microsoft Office LTSC 2021 for 32-bit editions
• Microsoft Office LTSC 2021 for 64-bit editions
• Microsoft Office LTSC 2024 for 32-bit editions
• Microsoft Office LTSC 2024 for 64-bit editions
• Microsoft Office LTSC for Mac 2021
• Microsoft Office LTSC for Mac 2024
• Microsoft Visual Studio 2022 version 17.14
• Nuance PowerScribe 360 version 4.0.1
• Nuance PowerScribe 360 version 4.0.2
• Nuance PowerScribe 360 version 4.0.3
• Nuance PowerScribe 360 version 4.0.4
• Nuance PowerScribe 360 version 4.0.5
• Nuance PowerScribe 360 version 4.0.6
• Nuance PowerScribe 360 version 4.0.7
• Nuance PowerScribe 360 version 4.0.8
• Nuance PowerScribe 360 version 4.0.9
• Nuance PowerScribe One version 2019.1
• Nuance PowerScribe One version 2019.10
• Nuance PowerScribe One version 2019.2
• Nuance PowerScribe One version 2019.3
• Nuance PowerScribe One version 2019.4
• Nuance PowerScribe One version 2019.5
• Nuance PowerScribe One version 2019.6
• Nuance PowerScribe One version 2019.7
• Nuance PowerScribe One version 2019.8
• Nuance PowerScribe One version 2019.9
• PowerScribe One version 2023.1 SP2 Patch 7
• Windows 10 for 32-bit Systems
• Windows 10 for x64-based Systems
• Windows 10 Version 1607 for 32-bit Systems
• Windows 10 Version 1607 for x64-based Systems
• Windows 10 Version 1809 for 32-bit Systems
• Windows 10 Version 1809 for x64-based Systems
• Windows 10 Version 21H2 for 32-bit Systems
• Windows 10 Version 21H2 for ARM64-based Systems
• Windows 10 Version 21H2 for x64-based Systems
• Windows 10 Version 22H2 for 32-bit Systems
• Windows 10 Version 22H2 for ARM64-based Systems
• Windows 10 Version 22H2 for x64-based Systems
• Windows 11 Version 23H2 for ARM64-based Systems
• Windows 11 Version 23H2 for x64-based Systems
• Windows 11 Version 24H2 for ARM64-based Systems
• Windows 11 Version 24H2 for x64-based Systems
• Windows 11 Version 25H2 for ARM64-based Systems
• Windows 11 Version 25H2 for x64-based Systems
• Windows Server 2008 for 32-bit Systems Service Pack 2
• Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
• Windows Server 2008 for x64-based Systems Service Pack 2
• Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
• Windows Server 2008 R2 for x64-based Systems Service Pack 1
• Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
• Windows Server 2012
• Windows Server 2012 (Server Core installation)
• Windows Server 2012 R2
• Windows Server 2012 R2 (Server Core installation)
• Windows Server 2016
• Windows Server 2016 (Server Core installation)
• Windows Server 2019
• Windows Server 2019 (Server Core installation)
• Windows Server 2022
• Windows Server 2022 (Server Core installation)
• Windows Server 2022, 23H2 Edition (Server Core installation)
• Windows Server 2025
• Windows Server 2025 (Server Core installation)

Important security updates

• Azure Monitor
• Dynamics 365 Field Service (online)
• Microsoft Configuration Manager 2403
• Microsoft Configuration Manager 2409
• Microsoft Configuration Manager 2503
• Microsoft Dynamics 365 (on-premises) version 9.1
• Microsoft Excel 2016 (32-bit edition)
• Microsoft Excel 2016 (64-bit edition)
• Microsoft Office 2019 for 32-bit editions
• Microsoft Office 2019 for 64-bit editions
• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Server 2019
• Microsoft SharePoint Server Subscription Edition
• Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
• Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack
• Microsoft SQL Server 2017 for x64-based Systems (CU 31)
• Microsoft SQL Server 2017 for x64-based Systems (GDR)
• Microsoft SQL Server 2019 for x64-based Systems (CU 32)
• Microsoft SQL Server 2019 for x64-based Systems (GDR)
• Microsoft SQL Server 2022 for x64-based Systems (CU 21)
• Microsoft SQL Server 2022 for x64-based Systems (GDR)
• Microsoft Visual Studio Code CoPilot Chat Extension
• Office Online Server
• OneDrive for Android
• Visual Studio Code
• Windows 11 Version 22H2 for ARM64-based Systems
• Windows 11 Version 22H2 for x64-based Systems
• Windows Subsystem for Linux GUI

No action required security updates

CVEs have been published or revised in the Security Update Guide

November 13, 2025

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2025-13042

• Title: Chromium: CVE-2025-13042 Inappropriate implementation in V8
• Version: 1.0
• Reason for revision: Information published.
• Originally released: November 13, 2025
• Last updated: November 13, 2025
• Aggregate CVE severity rating:

Customer action required: Yes

CVEs have been published or revised in the Security Update Guide

November 18, 2025

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2025-13223

• Title: Chromium: CVE-2025-13223 Type Confusion in V8
• Version: 1.0
• Reason for revision: Information published.
• Originally released: November 18, 2025
• Last updated: November 18, 2025
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2025-13224

• Title: Chromium: CVE-2025-13224 Type Confusion in V8
• Version: 1.0
• Reason for revision: Information published.
• Originally released: November 18, 2025
• Last updated: November 18, 2025
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2025-62220

• Title: Windows Subsystem for Linux GUI Remote Code Execution Vulnerability
• Version: 1.1
• Reason for revision: Corrected one or more links in the FAQ. This is an informational change only.
• Originally released: November 11, 2025
• Last updated: November 13, 2025
• Aggregate CVE severity rating: Important

Customer action required: Yes

CVEs have been published or revised in the Security Update Guide

November 25, 2025

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2025-64660

• Title: GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
• Version: 1.0
• Reason for revision: Information published.
• Originally released: November 20, 2025
• Last updated: November 20, 2025
• Aggregate CVE severity rating: Important
• Customer action required: Yes

CVE-2025-64660

• Title: GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
• Version: 1.1
• Reason for revision: The following revisions have been made: 1) In the Security Updates table, corrected the impact entries to Remote Code Execution. 2) The CVSS scores have been updated. These are informational changes only. Customers who have successfully installed the update do not need to take any further action.
• Originally released: November 20, 2025
• Last updated: November 25, 2025
• Aggregate CVE severity rating: Important

Customer action required: Yes