Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. October 2025 Monthly Patch
Alerts

October 2025 Monthly Patch

15 October 2025

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

The vulnerabilities that have been classified as Critical in severity are listed in the table below.

For the full list of security patches released by Microsoft, please refer to https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2025-Oct

CRITICAL VULNERABILITIES

Table caption

CVE Number

CVE Name

Base Score

Reference

CVE-2025-49844

Redis Lua Use-After-Free may lead to remote code execution

9.9

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-49844

CVE-2025-49708

Microsoft Graphics Component Elevation of Privilege Vulnerability

9.9

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-49708

CVE-2025-39907

mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer

9.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-39907

CVE-2025-39910

mm/vmalloc, mm/kasan: respect gfp mask in kasan_populate_vmalloc()

9.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-39910

CVE-2025-39943

ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer

9.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-39943

CVE-2025-39898

e1000e: fix heap overflow in e1000_set_eeprom

9.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-39898

CVE-2025-39925

can: j1939: implement NETDEV_UNREGISTER notification handler

9.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-39925

CVE-2025-59287

Windows Server Update Service (WSUS) Remote Code Execution Vulnerability

9.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-59287

CVE-2025-59246

Azure Entra ID Elevation of Privilege Vulnerability

9.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-59246

CVE-2025-59218

Azure Entra ID Elevation of Privilege Vulnerability

9.6

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-59218

CVE-2025-59247

Azure PlayFab Elevation of Privilege Vulnerability

8.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-59247

CVE-2025-59271

Redis Enterprise Elevation of Privilege Vulnerability

8.7

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-59271

CVE-2025-55321

Azure Monitor Log Analytics Spoofing Vulnerability

8.7

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-55321

CVE-2025-59236

Microsoft Excel Remote Code Execution Vulnerability

8.4

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-59236

CVE-2025-59291

Confidential Azure Container Instances Elevation of Privilege Vulnerability

8.2

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-59291

CVE-2025-59292

Azure Compute Gallery Elevation of Privilege Vulnerability

8.2

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-59292

CVE-2025-0033

AMD CVE-2025-0033: RMP Corruption During SNP Initialization

8.2

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-0033

CVE-2025-59234

Microsoft Office Remote Code Execution Vulnerability

7.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-59234

CVE-2025-59227

Microsoft Office Remote Code Execution Vulnerability

7.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-59227

CVE-2025-59252

M365 Copilot Spoofing Vulnerability

6.5

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-59252

CVE-2025-59286

Copilot Spoofing Vulnerability

6.5

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-59286

CVE-2025-59272

Copilot Spoofing Vulnerability

6.5

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-59272

CVE-2016-9535

MITRE CVE-2016-9535: LibTIFF Heap Buffer Overflow Vulnerability

4.0

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-9535

Back to top