- 162/2025
- Critical
Microsoft has released a security update to fix several vulnerabilities across multiple Microsoft products.
The addressed vulnerabilities could allow the attacker to gain elevated privileges, perform spoofing over a network, execute arbitrary code and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Azure Machine Learning Elevation of Privilege (CVE-2025-49747):
- CVSS: 9.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privilege
2. Microsoft SharePoint Server Remote Code Execution (CVE-2025-53770):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
The Affected Products:
- Microsoft SharePoint Server Subscription Edition.
- Microsoft SharePoint Server 2019.
- Microsoft SharePoint Enterprise Server 2016.
- Microsoft Purview.
- Azure DevOps and Azure Machine Learning.
It should be highlighted that Microsoft is aware that the two zero-daymvulnerabilities “CVE-2025-53770” and “CVE-2025-53771” are being exploited in the wild.
Vulnerabilities
- CVE-2025-49746
- CVE-2025-49747
- CVE-2025-47995
- CVE-2025-47158
- CVE-2025-53762
- CVE-2025-53770
- CVE-2025-53771
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.