Overview
On April 9, NSFOCUS CERT detected that Microsoft released a security update patch for April, fixing 126 security problems in widely used products such as Windows, Microsoft Office, Azure, Microsoft Edge for iOS, Microsoft Visual Studio, etc. This includes high-risk vulnerabilities such as privilege escalation and remote code execution.
Among the vulnerabilities fixed in Microsoft’s update this month, 11 are critical in severity, 112 are important in severity, 1 vulnerability has been detected for exploitation in the field:
Windows Common Log File System Driver Privilege Escalation Vulnerability (CVE-2025-29824)
Please update patches for protection as soon as possible. For a complete list of vulnerabilities, check the appendix.
Reference link: https://msrc.microsoft.com/update-guide/en-us/releaseNote/2025-Apr
Key Vulnerabilities
Windows Common Log File System Driver Privilege Escalation Vulnerability (CVE-2025-29824):
A privilege escalation vulnerability exists in the Windows Common Log File System driver. Due to a use-after-free error in the Windows Common Log File System driver, an authenticated local attacker can gain SYSTEM privileges through this vulnerability. The vulnerability has been exploited, with a CVSS score of 7.8.
Official Announcement Link: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29824
Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2025-29794):
Microsoft SharePoint has a remote code execution vulnerability. Due to improper authorization in Microsoft Office SharePoint, an authenticated remote attacker can execute arbitrary code through this vulnerability. The CVSS score is 8.8.
Official Announcement Link: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29794
Windows Remote Desktop Service Remote Code Execution Vulnerability (CVE-2025-27480, CVE-2025-27482):
The Windows Remote Desktop Service has a remote code execution vulnerability. Due to improper memory locking and a use-after-free error in the Remote Desktop Gateway Service, an unauthenticated attacker can exploit this flaw by connecting to a system with the Remote Desktop Gateway role, triggering a race condition to create a use-after-free scenario, and then executing arbitrary code on the system. The CVSS score is 8.1.
Official Announcement Link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27480
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27482
Windows Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability (CVE-2025-26670, CVE-2025-26663):
The Windows Lightweight Directory Access Protocol (LDAP) client has a remote code execution vulnerability. Due to a use-after-free error in the LDAP client, an unauthenticated attacker can send specially crafted requests to the vulnerable LDAP server in sequence to achieve remote code execution. The CVSS score is 8.1.
Official Announcement Link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26663
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26670
Microsoft Excel Remote Code Execution Vulnerability (CVE-2025-27752):
Microsoft Excel has a remote code execution vulnerability. Due to a heap-based buffer overflow in Microsoft Office Excel, an unauthenticated remote attacker can execute code locally. The CVSS score is 7.8.
Official Announcement Link: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27752
Windows Kerberos Privilege Escalation Vulnerability (CVE-2025-26647):
Windows Kerberos has a privilege escalation vulnerability. Due to improper input validation in Windows Kerberos, an unauthenticated attacker can compromise a trusted Certificate Authority (CA) and issue certificates with specific Subject Key Identifier (SKI) values to impersonate other accounts, thereby achieving privilege escalation. CVSS score 8.1.
Official Announcement Link: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26647
Windows Routing and Remote Access Services (RRAS) Information Disclosure Vulnerability (CVE-2025-26669):
Windows Routing and Remote Access Services (RRAS) has an information disclosure vulnerability. Due to out-of-bounds reads in the Windows Routing and Remote Access Service (RRAS), an unauthenticated attacker can exploit this vulnerability by tricking users into sending requests to a malicious server, thereby executing arbitrary code on the target system. The CVSS score is 8.8.
Official Announcement Link: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26669
Scope of Impact
The following are the affected product versions that focus on key vulnerabilities. For the scope of other products affected by vulnerabilities, please refer to the official announcement link.
| Vulnerability Number | Affected product versions |
| CVE-2025-26663 CVE-2025-26670 CVE-2025-29824 CVE-2025-26669 | Windows Server 2025 (Server Core installation) Windows Server 2025 Windows Server 2022, 23H2 Edition (Server Core installation) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows 11 Version 24H2 for x64-based Systems p Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems |
| CVE-2025-27752 | Microsoft Office LTSC for Mac 2024 Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2024 for 64-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for 32-bit editions Microsoft Office 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft 365 Apps for Enterprise for 32-bit Systems |
| CVE-2025-27480 | Windows Server 2025 (Server Core installation) Windows Server 2025 Windows Server 2022, 23H2 Edition (Server Core installation) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 |
| CVE-2025-27482 | Windows Server 2025 (Server Core installation) Windows Server 2025 Windows Server 2022, 23H2 Edition (Server Core installation) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 |
| CVE-2025-29794 | Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 |
| CVE-2025-26647 | Windows Server 2025 (Server Core installation) Windows Server 2025 Windows Server 2022, 23H2 Edition (Server Core installation) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 |
Mitigation
Patch update
Microsoft has released security patches to address the aforementioned vulnerabilities for supported product versions. We strongly recommend that affected users install these patches as soon as possible to protect their systems. The official download link is:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Apr
Note: Due to network issues, computer environment problems, or other reasons, patch updates via Windows Update may fail. After installing the patches, users should promptly check whether the updates have been successfully applied.
To do this, right-click the Windows icon, select “Settings (N),” then choose “Update & Security” – “Windows Update.” Check the prompts on this page or click “View update history” to review the update status.
For updates that failed to install, click on the update name to be redirected to the official Microsoft download page. We suggest users click the link on that page to go to the “Microsoft Update Catalog” website to download the standalone package and install it manually.
Appendix: Vulnerability List
| Affected products | CVE No. | Vulnerability | Severity |
| Windows | CVE-2025-26663 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2025-26686 | Windows TCP/IP Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-27745 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-27748 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-27749 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-27752 | Microsoft Excel Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-29791 | Microsoft Excel Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2025-26670 | Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2025-27480 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2025-27482 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2025-27491 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2025-26664 | Windows Routing and Remote Access Service (RRAS) Disclosure Vulnerability | Important |
| Windows | CVE-2025-26665 | Windows upnphost.dll Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-26666 | Windows Media remote Code Execution Vulnerability | Important |
| Windows | CVE-2025-26669 | Windows Routing and Remote Access Service (RRAS) Disclosure Vulnerability | Important |
| Windows | CVE-2025-26667 | Windows Routing and Remote Access Service (RRAS) Disclosure Vulnerability | Important |
| Windows | CVE-2025-26668 | Windows Routing and Remote Access Service (RRAS) Vulnerability | Important |
| Windows | CVE-2025-26681 | Win32k privilege escalation vulnerability | Important |
| Windows | CVE-2025-26680 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important |
| Microsoft Office,Windows | CVE-2025-26687 | Win32k Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-26688 | Microsoft Virtual Hard Disk Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-27471 | Microsoft Streaming Service Denial of Service Vulnerability | Important |
| Windows | CVE-2025-27470 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important |
| Windows | CVE-2025-27473 | HTTP.sys Denial of Service Vulnerability | Important |
| Windows | CVE-2025-27472 | Windows Mark of the Web Security Features Bypass Vulnerability | Important |
| Windows | CVE-2025-27474 | Windows Routing and Remote Access Service (RRAS) Disclosure Vulnerability | Important |
| Windows | CVE-2025-27476 | Windows Digital Media Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-27475 | Windows Update Stack Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-27477 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows | CVE-2025-27478 | Windows Local Security Authority (LSA) Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-27479 | Kerberos Key Distribution Proxy Service Denial of Service Vulnerability | Important |
| Windows | CVE-2025-27740 | Active Directory Certificate Services Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-27741 | NTFS Privilege Escalation Vulnerability | Important |
| Microsoft Office | CVE-2025-27744 | Microsoft Office Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-27742 | NTFS Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2025-27746 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-27747 | Microsoft Word Remote Code Execution Vulnerability | Important |
| System Center | CVE-2025-27743 | Microsoft System Center Privilege Escalation Vulnerability | Important |
| Microsoft Office | CVE-2025-27751 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-27750 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-29793 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-29792 | Microsoft Office Privilege Escalation Vulnerability | Important |
| Microsoft Office | CVE-2025-29794 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
| Microsoft Dynamics | CVE-2025-29821 | Microsoft Dynamics Business Central Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2025-29820 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-29822 | Microsoft OneNote Security Features Bypass Vulnerability | Important |
| Microsoft Office | CVE-2025-29823 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Windows | CVE-2025-29824 | Windows Common Log File System Driver Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-24074 | Microsoft DWM Core Library Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-24073 | Microsoft DWM Core Library Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-21174 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important |
| Windows | CVE-2025-21197 | Windows NTFS Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-21191 | Windows Local Security Authority (LSA) Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-21205 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows | CVE-2025-21203 | Windows Routing and Remote Access Service (RRAS) Disclosure Vulnerability | Important |
| Windows | CVE-2025-21204 | Windows Process Activation Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-21221 | Windows Telephony Service remote code execution vulnerability | Important |
| Windows | CVE-2025-21222 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows | CVE-2025-24058 | Windows DWM Core Library Privilege Escalation Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2025-25000 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Azure | CVE-2025-25002 | Azure Local Cluster Information Disclosure Vulnerability | Important |
| Azure | CVE-2025-26628 | Azure Local Cluster Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-26639 | Windows USB Print Driver Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-26635 | Windows Hello Security Features Bypass Vulnerability | Important |
| Windows | CVE-2025-26637 | BitLocker Security Features Bypass vulnerability | Important |
| Microsoft Office | CVE-2025-26642 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Windows | CVE-2025-26640 | Windows Digital Media Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-26641 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Important |
| Windows | CVE-2025-26644 | Windows Hello Spoofing Vulnerability | Important |
| Windows | CVE-2025-26648 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-26649 | Windows Secure Channel Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-26647 | Windows Kerberos Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-26651 | Windows Local Session Manager (LSM) Denial of Service | Important |
| Windows | CVE-2025-26652 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important |
| Windows | CVE-2025-26671 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Important |
| Windows | CVE-2025-26674 | Windows Media Remote Code Execution Vulnerability | Important |
| Windows | CVE-2025-26672 | Windows Routing and Remote Access Service (RRAS) Disclosure Vulnerability | Important |
| Windows | CVE-2025-26673 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service | Important |
| Windows | CVE-2025-26675 | Windows Subsystem for Linux Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-26676 | Windows Routing and Remote Access Service (RRAS) Disclosure Vulnerability | Important |
| Windows | CVE-2025-26678 | Windows Defender Application Control Security Features Bypass vulnerability | Important |
| Windows | CVE-2025-26679 | RPC Endpoint Mapper Service Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-27467 | Windows Digital Media Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-27469 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service | Important |
| Windows | CVE-2025-27485 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important |
| Windows | CVE-2025-27484 | Windows Universal Plug and Play (UPnP) Device Host Escalation Vulnerability | Important |
| Windows | CVE-2025-27481 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows | CVE-2025-27483 | NTFS Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-27487 | Remote Desktop Client Remote Code Execution Vulnerability | Important |
| Azure | CVE-2025-27489 | Azure Local Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-27486 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important |
| Windows | CVE-2025-27492 | Windows Secure Channel Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-27490 | Windows Bluetooth Service Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-27727 | Windows Installer Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-27729 | Windows Shell Remote Code Execution Vulnerability | Important |
| Windows | CVE-2025-27728 | Windows Kernel-Mode Driver Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-27731 | Microsoft OpenSSH for Windows Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-27730 | Windows Digital Media Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-27732 | Windows Graphics Component Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-27733 | NTFS Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-27735 | Windows Virtualization-Based Security (VBS) Security Features Bypass vulnerability | Important |
| Windows | CVE-2025-27736 | Windows Power Dependency Coordinator Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-27737 | Windows Security Zone Mapping Security Features Bypass vulnerability | Important |
| Windows | CVE-2025-27738 | Windows Resilient File System (ReFS) Disclosure Vulnerability | Important |
| Windows | CVE-2025-27739 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Visual Studio Tools for Applications (VSTA),SQL Server Management Studio,VSTA | CVE-2025-29803 | Visual Studio Tools for Applications and SQL Server Management Studio Privilege Escalation Vulnerability | Important |
| Microsoft Office | CVE-2025-29800 | Microsoft AutoUpdate (MAU) Privilege Escalation Vulnerability | Important |
| Microsoft Visual Studio | CVE-2025-29802 | Visual Studio Privilege Escalation Vulnerability | Important |
| Microsoft Office | CVE-2025-29801 | Microsoft AutoUpdate (MAU) Privilege Escalation Vulnerability | Important |
| Microsoft Visual Studio | CVE-2025-29804 | Visual Studio Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-29809 | Windows Kerberos Security Features Bypass vulnerability | Important |
| Windows | CVE-2025-29808 | Windows Cryptographic Services Information Disclosure Vulnerability | Important |
| Apps | CVE-2025-29805 | Outlook for Android Disclosure Vulnerability | Important |
| Windows | CVE-2025-29810 | Active Directory Domain Services Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-29812 | DirectX Graphics Kernel Privilege Escalation Vulnerability | Important |
| Microsoft Office | CVE-2025-29816 | Microsoft Word Security Features Bypass Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2025-29815 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Important |
| Azure, Windows | CVE-2025-29819 | Information disclosure vulnerability of Windows Admin Center in Azure Portal | Important |
| Windows | CVE-2025-29811 | Windows Mobile Broadband Driver Privilege Escalation Vulnerability | Important |
| Visual Studio Code | CVE-2025-20570 | Visual Studio Code Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-24060 | Microsoft DWM Core Library Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-24062 | Microsoft DWM Core Library Privilege Escalation Vulnerability | Important |
| ASP.NET Core,Microsoft Visual Studio | CVE-2025-26682 | ASP.NET Core and Visual Studio Denial of Service Vulnerability | Important |
| Microsoft Edge for iOS | CVE-2025-29796 | Microsoft Edge for iOS Spoofing Vulnerability | Low |
| Microsoft Edge for iOS | CVE-2025-25001 | Microsoft Edge for iOS Spoofing Vulnerability | Low |
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
About NSFOCUS
NSFOCUS, a pioneering leader in cybersecurity, is dedicated to safeguarding telecommunications, Internet service providers, hosting providers, and enterprises from sophisticated cyberattacks.
Founded in 2000, NSFOCUS operates globally with over 4000 employees at two headquarters in Beijing, China, and Santa Clara, CA, USA, and over 50 offices worldwide. It has a proven track record of protecting over 25% of the Fortune Global 500 companies, including four of the five largest banks and six of the world’s top ten telecommunications companies.
Leveraging technical prowess and innovation, NSFOCUS delivers a comprehensive suite of security solutions, including the Intelligent Security Operations Platform (ISOP) for modern SOC, DDoS Protection, Continuous Threat Exposure Management (CTEM) Service and Web Application and API Protection (WAAP). All the solutions and services are augmented by the Security Large Language Model (SecLLM), ML, patented algorithms and other cutting-edge research achievements developed by NSFOCUS.
