Microsoft on Tuesday launched 159 patches touching 13 product households. 9 of the addressed points are thought-about by Microsoft to be of Crucial severity, and 43 have a CVSS base rating of 8.0 or larger. Three are below lively exploit within the wild. One can greatest be mitigated by “configur[ing] Microsoft Outlook to learn all commonplace mail in plain textual content.”
The unprecedented patch haul falls primarily to Home windows, with 132 patches relevant to the working system. (132 patches would itself high quality because the third-largest launch since 2020.) Inside that group, a lot of themes emerge – 28 remote-code-execution patches affecting Home windows Telephony Providers, as an illustration, or the 17 elevation-of-privilege points addressed in Home windows Digital Media. Eight of the Home windows patches are critical-severity, together with the OLE-involved Outlook bug famous above. (We’ll look extra carefully at that scenario in a minute.)
At patch time, three important-severity EoP points, all titled “Home windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability,” are identified to be below exploit within the wild, with 17 further CVEs extra prone to be exploited within the subsequent 30 days by the corporate’s estimation. Two of this month’s points are amenable to detection by Sophos protections, and we embody data on these in a desk under.
Along with these patches, the discharge contains advisory data on Servicing Stack Updates, in addition to data on the month’s single Edge patch (there’s additionally an Web Explorer patch, as we’ll focus on under) and two points lined within the launch however already mitigated by Microsoft. We’re as at all times together with on the finish of this submit further appendices itemizing all Microsoft’s patches, sorted by severity, by predicted exploitability, and by product household; an appendix overlaying the advisory-style updates; and a breakout of the 130 patches affecting the assorted Home windows Server platforms nonetheless in help.
- Whole CVEs: 159
- Publicly disclosed: 3
- Exploit detected: 3
- Severity
- Crucial: 9
- Vital: 150
- Influence
- Distant Code Execution: 58
- Elevation of Privilege: 40
- Info Disclosure: 22
- Denial of Service: 20
- Safety Function Bypass: 14
- Spoofing: 5
- CVSS base rating 9.0 or higher: 3
- CVSS base rating 8.0 or higher: 40
Determine 1: Although RCE continues to rule the roost, a wide range of impacts are represented within the first patch haul of the 12 months
Merchandise
- Home windows: 132
- 365: 13
- Workplace: 13
- Visible Studio: 7
- .NET: 4
- Entry: 3
- SharePoint: 3
- Workplace for Mac: 2
- AutoUpdate for Mac: 1
- Excel: 1
- Outlook: 1
- On-Premises Knowledge Gateway: 1
- Energy Automate: 1
As is our customized for this checklist, CVEs that apply to multiple product household are counted as soon as for every household they have an effect on.
Determine 2: All however two of January’s Home windows patches apply to the server-side OS. As for the remainder, Workplace for Mac will get a single patch all to iteself and shares one with different variations of Workplace
Notable January updates
Along with the problems mentioned above, a lot of particular objects advantage consideration.
CVE-2025-21298 — Home windows OLE Distant Code Execution Vulnerability
With a CVSS base rating of 9.8, this critical-severity difficulty is already attention-getting, nevertheless it’s much more thrilling than that. That is an RTF (Wealthy Textual content Format) difficulty, so although it should be corrected in Home windows it applies to varied merchandise, specifically e mail. Because the flaw may be triggered in Preview Pane, an attacker deploying this vulnerability must do nothing greater than ship a malicious e mail to the goal; even when the consumer doesn’t click on on something, merely viewing it’s adequate to set off RCE. Thankfully it’s not but believed to be below lively exploit within the wild – the finders labored with The Zero-Day Initiative to carry it to Microsoft’s consideration – nevertheless it’s affordable to imagine the clock is ticking. As famous above, the corporate does certainly suggest that customers follow studying their e mail in plaintext, and offers the directions for configuring particular person machines to take action in Outlook. Customers of different e mail applications will want to take be aware and act accordingly.
CVE-2025-21311 — Home windows NTLM V1 Elevation of Privilege Vulnerability
One other 9.8 on CVSS’s scale, this one applies to Microsoft’s most up-to-date choices (Home windows 11 24H2, Server 2022 23H2, Server 2025) and is comparatively straightforward to mitigate by setting LmCompatibilityLevel to its most worth of 5, thus disallowing utilization of the MTLMv1 protocol. That’s good, as a result of the vulnerability is remotely exploitable, requires no explicit data of the goal system, and has a excessive success fee.
CVE-2025-21366, CVE-2025-21395, CVE-2025-21186 – all Microsoft Entry Distant Code Execution Vulnerability
Persevering with this month’s theme of “adjustments to e mail performance that’ll make finish customers cranky,” the patches for these CVEs all block seven probably malicious extensions (.accda, .accdb, .accde, .accdr, accdt, .accdu, .accdw) from being despatched by way of e mail. Microsoft states that the recipient will get a notification that there was an attachment however that it can’t be accessed. All three points are RCE geared toward RDP, and all three are already publicly identified.
CVE-2025-21280, CVE-2025-21284, CVE-2025-21299, CVE-2025-21321, CVE-2025-21331, CVE-2025-21336, CVE-2025-21340, CVE-2025-21370 – numerous titles
Eight of this month’s patches contain Digital Safe Mode parts, which implies that directors must comply with Microsoft’s steering for updating virtualization-based safety (VBS) points.
CVE-2025-21343 — Home windows Internet Risk Protection Person Service Info Disclosure Vulnerability
An Vital-severity information-disclosure difficulty, this oddity can, if exploited, permit the attacker to seize screenshots of one other consumer’s session. It’s likewise quite particular in scope, affecting solely Home windows 11 22H2, 23H2, and 24H2. It was submitted to Microsoft by an unusual finder, the Australian Alerts Directorate.
CVE-2025-21326 — Web Explorer Distant Code Execution Vulnerability
Looks as if outdated occasions with a reputation like that, however this important-severity RCE impacts not the browser of yore however Home windows Server 2022 23H2 and Home windows Server 2025.
Determine 3: This spike on the proper edge? There we’re
Sophos protections
| CVE | Sophos Intercept X/Endpoint IPS | Sophos XGS Firewall |
| CVE-2025-21299 | Exp/2521299-A | Exp/2521299-A |
| CVE-2025-21362 | sid:2310479 | sid:2310479 |
As you possibly can each month, if you happen to don’t wish to wait to your system to drag down Microsoft’s updates itself, you possibly can obtain them manually from the Home windows Replace Catalog web site. Run the winver.exe device to find out which construct of Home windows 10 or 11 you’re operating, then obtain the Cumulative Replace bundle to your particular system’s structure and construct quantity.
Appendix A: Vulnerability Influence and Severity
This can be a checklist of January patches sorted by impression, then sub-sorted by severity. Every checklist is additional organized by CVE.
Distant Code Execution (58 CVEs)
| Crucial severity | |
| CVE-2025-21178 | Visible Studio Distant Code Execution Vulnerability |
| CVE-2025-21294 | Microsoft Digest Authentication Distant Code Execution Vulnerability |
| CVE-2025-21295 | SPNEGO Prolonged Negotiation (NEGOEX) Safety Mechanism Distant Code Execution Vulnerability |
| CVE-2025-21296 | BranchCache Distant Code Execution Vulnerability |
| CVE-2025-21297 | Home windows Distant Desktop Providers Distant Code Execution Vulnerability |
| CVE-2025-21298 | Home windows OLE Distant Code Execution Vulnerability |
| CVE-2025-21307 | Home windows Dependable Multicast Transport Driver (RMCAST) Distant Code Execution Vulnerability |
| CVE-2025-21309 | Home windows Distant Desktop Providers Distant Code Execution Vulnerability |
| Vital severity | |
| CVE-2025-21171 | .NET Distant Code Execution Vulnerability |
| CVE-2025-21172 | .NET and Visible Studio Distant Code Execution Vulnerability |
| CVE-2025-21176 | .NET, .NET Framework, and Visible Studio Distant Code Execution Vulnerability |
| CVE-2025-21186 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21187 | Microsoft Energy Automate Distant Code Execution Vulnerability |
| CVE-2025-21223 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21224 | Home windows Line Printer Daemon (LPD) Service Distant Code Execution Vulnerability |
| CVE-2025-21233 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21236 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21237 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21238 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21239 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21240 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21241 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21243 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21244 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21245 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21246 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21248 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21250 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21252 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21266 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21273 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21282 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21286 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21291 | Home windows Direct Present Distant Code Execution Vulnerability |
| CVE-2025-21302 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21303 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21305 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21306 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21326 | Web Explorer Distant Code Execution Vulnerability |
| CVE-2025-21338 | GDI+ Distant Code Execution Vulnerability |
| CVE-2025-21339 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21344 | Microsoft SharePoint Server Distant Code Execution Vulnerability |
| CVE-2025-21345 | Microsoft Workplace Visio Distant Code Execution Vulnerability |
| CVE-2025-21348 | Microsoft SharePoint Server Distant Code Execution Vulnerability |
| CVE-2025-21354 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21356 | Microsoft Workplace Visio Distant Code Execution Vulnerability |
| CVE-2025-21357 | Microsoft Outlook Distant Code Execution Vulnerability |
| CVE-2025-21361 | Microsoft Outlook Distant Code Execution Vulnerability |
| CVE-2025-21362 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21363 | Microsoft Phrase Distant Code Execution Vulnerability |
| CVE-2025-21365 | Microsoft Workplace Distant Code Execution Vulnerability |
| CVE-2025-21366 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21395 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21402 | Microsoft Workplace OneNote Distant Code Execution Vulnerability |
| CVE-2025-21409 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21411 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21413 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21417 | Home windows Telephony Service Distant Code Execution Vulnerability |
Elevation of Privilege (40 CVEs)
| Crucial severity | |
| CVE-2025-21311 | Home windows NTLM V1 Elevation of Privilege Vulnerability |
| Vital severity | |
| CVE-2025-21173 | .NET Elevation of Privilege Vulnerability |
| CVE-2025-21202 | Home windows Restoration Atmosphere Agent Elevation of Privilege Vulnerability |
| CVE-2025-21226 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21227 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21228 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21229 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21232 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21234 | Home windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-21235 | Home windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-21249 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21255 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21256 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21258 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21260 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21261 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21263 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21265 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21271 | Home windows Cloud Information Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2025-21275 | Home windows App Package deal Installer Elevation of Privilege Vulnerability |
| CVE-2025-21281 | Microsoft COM for Home windows Elevation of Privilege Vulnerability |
| CVE-2025-21287 | Home windows Installer Elevation of Privilege Vulnerability |
| CVE-2025-21292 | Home windows Search Service Elevation of Privilege Vulnerability |
| CVE-2025-21293 | Lively Listing Area Providers Elevation of Privilege Vulnerability |
| CVE-2025-21304 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2025-21310 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21315 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-21324 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21327 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21331 | Home windows Installer Elevation of Privilege Vulnerability |
| CVE-2025-21333 | Home windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| CVE-2025-21334 | Home windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| CVE-2025-21335 | Home windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| CVE-2025-21341 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21360 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
| CVE-2025-21370 | Home windows Virtualization-Based mostly Safety (VBS) Enclave Elevation of Privilege Vulnerability |
| CVE-2025-21372 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-21378 | Home windows CSC Service Elevation of Privilege Vulnerability |
| CVE-2025-21382 | Home windows Graphics Part Elevation of Privilege Vulnerability |
| CVE-2025-21405 | Visible Studio Elevation of Privilege Vulnerability |
Info Disclosure (22 CVEs)
| Vital severity | |
| CVE-2024-50338 | GitHub: CVE-2024-50338 Malformed URL permits data disclosure by way of git-credential-manager |
| CVE-2025-21210 | Home windows BitLocker Info Disclosure Vulnerability |
| CVE-2025-21214 | Home windows BitLocker Info Disclosure Vulnerability |
| CVE-2025-21215 | Safe Boot Safety Function Bypass Vulnerability |
| CVE-2025-21220 | Microsoft Message Queuing Info Disclosure Vulnerability |
| CVE-2025-21242 | Home windows Kerberos Info Disclosure Vulnerability |
| CVE-2025-21257 | Home windows WLAN AutoConfig Service Info Disclosure Vulnerability |
| CVE-2025-21272 | Home windows COM Server Info Disclosure Vulnerability |
| CVE-2025-21288 | Home windows COM Server Info Disclosure Vulnerability |
| CVE-2025-21301 | Home windows Geolocation Service Info Disclosure Vulnerability |
| CVE-2025-21312 | Home windows Sensible Card Reader Info Disclosure Vulnerability |
| CVE-2025-21316 | Home windows Kernel Reminiscence Info Disclosure Vulnerability |
| CVE-2025-21317 | Home windows Kernel Reminiscence Info Disclosure Vulnerability |
| CVE-2025-21318 | Home windows Kernel Reminiscence Info Disclosure Vulnerability |
| CVE-2025-21319 | Home windows Kernel Reminiscence Info Disclosure Vulnerability |
| CVE-2025-21320 | Home windows Kernel Reminiscence Info Disclosure Vulnerability |
| CVE-2025-21321 | Home windows Kernel Reminiscence Info Disclosure Vulnerability |
| CVE-2025-21323 | Home windows Kernel Reminiscence Info Disclosure Vulnerability |
| CVE-2025-21336 | Home windows Cryptographic Info Disclosure Vulnerability |
| CVE-2025-21343 | Home windows Internet Risk Protection Person Service Info Disclosure Vulnerability |
| CVE-2025-21374 | Home windows CSC Service Info Disclosure Vulnerability |
| CVE-2025-21403 | On-Premises Knowledge Gateway Info Disclosure Vulnerability |
Denial of Service (20 CVEs)
| Vital severity | |
| CVE-2025-21207 | Home windows Related Units Platform Service (Cdpsvc) Denial of Service Vulnerability |
| CVE-2025-21218 | Home windows Kerberos Denial of Service Vulnerability |
| CVE-2025-21225 | Home windows Distant Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| CVE-2025-21230 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21231 | IP Helper Denial of Service Vulnerability |
| CVE-2025-21251 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21270 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21274 | Home windows Occasion Tracing Denial of Service Vulnerability |
| CVE-2025-21276 | Home windows MapUrlToZone Denial of Service Vulnerability |
| CVE-2025-21277 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21278 | Home windows Distant Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| CVE-2025-21280 | Home windows Digital Trusted Platform Module Denial of Service Vulnerability |
| CVE-2025-21284 | Home windows Digital Trusted Platform Module Denial of Service Vulnerability |
| CVE-2025-21285 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21289 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21290 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21300 | Home windows upnphost.dll Denial of Service Vulnerability |
| CVE-2025-21313 | Home windows Safety Account Supervisor (SAM) Denial of Service Vulnerability |
| CVE-2025-21330 | Home windows Distant Desktop Providers Denial of Service Vulnerability |
| CVE-2025-21389 | Home windows upnphost.dll Denial of Service Vulnerability |
Safety Function Bypass (14 CVEs)
| Vital severity | |
| CVE-2024-7344 | Cert CC: CVE-2024-7344 Howyar Taiwan Safe Boot Bypass |
| CVE-2025-21189 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21211 | Safe Boot Safety Function Bypass Vulnerability |
| CVE-2025-21213 | Safe Boot Safety Function Bypass Vulnerability |
| CVE-2025-21219 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21268 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21269 | Home windows HTML Platforms Safety Function Bypass Vulnerability |
| CVE-2025-21299 | Home windows Kerberos Safety Function Bypass Vulnerability |
| CVE-2025-21328 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21329 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21332 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21340 | Home windows Virtualization-Based mostly Safety (VBS) Safety Function Bypass Vulnerability |
| CVE-2025-21346 | Microsoft Workplace Safety Function Bypass Vulnerability |
| CVE-2025-21364 | Microsoft Excel Safety Function Bypass Vulnerability |
Spoofing (5 CVEs)
| Vital severity | |
| CVE-2025-21193 | Lively Listing Federation Server Spoofing Vulnerability |
| CVE-2025-21217 | Home windows Mark of the Internet Spoofing Vulnerability |
| CVE-2025-21308 | Home windows Themes Spoofing Vulnerability |
| CVE-2025-21314 | Home windows SmartScreen Spoofing Vulnerability |
| CVE-2025-21393 | Microsoft SharePoint Server Spoofing Vulnerability |
Appendix B: Exploitability
This can be a checklist of the January CVEs judged by Microsoft to be both below exploitation within the wild or extra prone to be exploited within the wild throughout the first 30 days post-release. The checklist is organized by CVE.
| Exploitation detected | |
| CVE-2025-21333 | Home windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| CVE-2025-21334 | Home windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| CVE-2025-21335 | Home windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| Exploitation extra possible throughout the subsequent 30 days | |
| CVE-2025-21189 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21210 | Home windows BitLocker Info Disclosure Vulnerability |
| CVE-2025-21219 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21268 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21269 | Home windows HTML Platforms Safety Function Bypass Vulnerability |
| CVE-2025-21292 | Home windows Search Service Elevation of Privilege Vulnerability |
| CVE-2025-21298 | Home windows OLE Distant Code Execution Vulnerability |
| CVE-2025-21299 | Home windows Kerberos Safety Function Bypass Vulnerability |
| CVE-2025-21309 | Home windows Distant Desktop Providers Distant Code Execution Vulnerability |
| CVE-2025-21314 | Home windows SmartScreen Spoofing Vulnerability |
| CVE-2025-21315 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-21328 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21329 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21354 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21362 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21364 | Microsoft Excel Safety Function Bypass Vulnerability |
| CVE-2025-21365 | Microsoft Workplace Distant Code Execution Vulnerability |
Appendix C: Merchandise Affected
This can be a checklist of January’s patches sorted by product household, then sub-sorted by severity. Every checklist is additional organized by CVE. Patches which can be shared amongst a number of product households are listed a number of occasions, as soon as for every product household. Points affecting Home windows Server are additional sorted in Appendix E. Please be aware that Workplace for Mac has a standalone entry for CVE-2025-21361, which impacts solely that platform.
Home windows (132 CVEs)
| Crucial severity | |
| CVE-2025-21294 | Microsoft Digest Authentication Distant Code Execution Vulnerability |
| CVE-2025-21295 | SPNEGO Prolonged Negotiation (NEGOEX) Safety Mechanism Distant Code Execution Vulnerability |
| CVE-2025-21296 | BranchCache Distant Code Execution Vulnerability |
| CVE-2025-21297 | Home windows Distant Desktop Providers Distant Code Execution Vulnerability |
| CVE-2025-21298 | Home windows OLE Distant Code Execution Vulnerability |
| CVE-2025-21307 | Home windows Dependable Multicast Transport Driver (RMCAST) Distant Code Execution Vulnerability |
| CVE-2025-21309 | Home windows Distant Desktop Providers Distant Code Execution Vulnerability |
| CVE-2025-21311 | Home windows NTLM V1 Elevation of Privilege Vulnerability |
| Vital severity | |
| CVE-2024-7344 | Cert CC: CVE-2024-7344 Howyar Taiwan Safe Boot Bypass |
| CVE-2025-21189 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21193 | Lively Listing Federation Server Spoofing Vulnerability |
| CVE-2025-21202 | Home windows Restoration Atmosphere Agent Elevation of Privilege Vulnerability |
| CVE-2025-21207 | Home windows Related Units Platform Service (Cdpsvc) Denial of Service Vulnerability |
| CVE-2025-21210 | Home windows BitLocker Info Disclosure Vulnerability |
| CVE-2025-21211 | Safe Boot Safety Function Bypass Vulnerability |
| CVE-2025-21213 | Safe Boot Safety Function Bypass Vulnerability |
| CVE-2025-21214 | Home windows BitLocker Info Disclosure Vulnerability |
| CVE-2025-21215 | Safe Boot Safety Function Bypass Vulnerability |
| CVE-2025-21217 | Home windows Mark of the Internet Spoofing Vulnerability |
| CVE-2025-21218 | Home windows Kerberos Denial of Service Vulnerability |
| CVE-2025-21219 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21220 | Microsoft Message Queuing Info Disclosure Vulnerability |
| CVE-2025-21223 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21224 | Home windows Line Printer Daemon (LPD) Service Distant Code Execution Vulnerability |
| CVE-2025-21225 | Home windows Distant Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| CVE-2025-21226 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21227 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21228 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21229 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21230 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21231 | IP Helper Denial of Service Vulnerability |
| CVE-2025-21232 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21233 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21234 | Home windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-21235 | Home windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-21236 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21237 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21238 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21239 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21240 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21241 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21242 | Home windows Kerberos Info Disclosure Vulnerability |
| CVE-2025-21243 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21244 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21245 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21246 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21248 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21249 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21250 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21251 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21252 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21255 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21256 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21257 | Home windows WLAN AutoConfig Service Info Disclosure Vulnerability |
| CVE-2025-21258 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21260 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21261 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21263 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21265 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21266 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21268 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21269 | Home windows HTML Platforms Safety Function Bypass Vulnerability |
| CVE-2025-21270 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21271 | Home windows Cloud Information Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2025-21272 | Home windows COM Server Info Disclosure Vulnerability |
| CVE-2025-21273 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21274 | Home windows Occasion Tracing Denial of Service Vulnerability |
| CVE-2025-21275 | Home windows App Package deal Installer Elevation of Privilege Vulnerability |
| CVE-2025-21276 | Home windows MapUrlToZone Denial of Service Vulnerability |
| CVE-2025-21277 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21278 | Home windows Distant Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| CVE-2025-21280 | Home windows Digital Trusted Platform Module Denial of Service Vulnerability |
| CVE-2025-21281 | Microsoft COM for Home windows Elevation of Privilege Vulnerability |
| CVE-2025-21282 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21284 | Home windows Digital Trusted Platform Module Denial of Service Vulnerability |
| CVE-2025-21285 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21286 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21287 | Home windows Installer Elevation of Privilege Vulnerability |
| CVE-2025-21288 | Home windows COM Server Info Disclosure Vulnerability |
| CVE-2025-21289 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21290 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21291 | Home windows Direct Present Distant Code Execution Vulnerability |
| CVE-2025-21292 | Home windows Search Service Elevation of Privilege Vulnerability |
| CVE-2025-21293 | Lively Listing Area Providers Elevation of Privilege Vulnerability |
| CVE-2025-21299 | Home windows Kerberos Safety Function Bypass Vulnerability |
| CVE-2025-21300 | Home windows upnphost.dll Denial of Service Vulnerability |
| CVE-2025-21301 | Home windows Geolocation Service Info Disclosure Vulnerability |
| CVE-2025-21302 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21303 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21304 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2025-21305 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21306 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21308 | Home windows Themes Spoofing Vulnerability |
| CVE-2025-21310 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21312 | Home windows Sensible Card Reader Info Disclosure Vulnerability |
| CVE-2025-21313 | Home windows Safety Account Supervisor (SAM) Denial of Service Vulnerability |
| CVE-2025-21314 | Home windows SmartScreen Spoofing Vulnerability |
| CVE-2025-21315 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-21316 | Home windows Kernel Reminiscence Info Disclosure Vulnerability |
| CVE-2025-21317 | Home windows Kernel Reminiscence Info Disclosure Vulnerability |
| CVE-2025-21318 | Home windows Kernel Reminiscence Info Disclosure Vulnerability |
| CVE-2025-21319 | Home windows Kernel Reminiscence Info Disclosure Vulnerability |
| CVE-2025-21320 | Home windows Kernel Reminiscence Info Disclosure Vulnerability |
| CVE-2025-21321 | Home windows Kernel Reminiscence Info Disclosure Vulnerability |
| CVE-2025-21323 | Home windows Kernel Reminiscence Info Disclosure Vulnerability |
| CVE-2025-21324 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21326 | Web Explorer Distant Code Execution Vulnerability |
| CVE-2025-21327 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21328 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21329 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21330 | Home windows Distant Desktop Providers Denial of Service Vulnerability |
| CVE-2025-21331 | Home windows Installer Elevation of Privilege Vulnerability |
| CVE-2025-21332 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21333 | Home windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| CVE-2025-21334 | Home windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| CVE-2025-21335 | Home windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| CVE-2025-21336 | Home windows Cryptographic Info Disclosure Vulnerability |
| CVE-2025-21338 | GDI+ Distant Code Execution Vulnerability |
| CVE-2025-21339 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21340 | Home windows Virtualization-Based mostly Safety (VBS) Safety Function Bypass Vulnerability |
| CVE-2025-21341 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21343 | Home windows Internet Risk Protection Person Service Info Disclosure Vulnerability |
| CVE-2025-21370 | Home windows Virtualization-Based mostly Safety (VBS) Enclave Elevation of Privilege Vulnerability |
| CVE-2025-21372 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-21374 | Home windows CSC Service Info Disclosure Vulnerability |
| CVE-2025-21378 | Home windows CSC Service Elevation of Privilege Vulnerability |
| CVE-2025-21382 | Home windows Graphics Part Elevation of Privilege Vulnerability |
| CVE-2025-21389 | Home windows upnphost.dll Denial of Service Vulnerability |
| CVE-2025-21409 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21411 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21413 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21417 | Home windows Telephony Service Distant Code Execution Vulnerability |
365 (13 CVEs)
| Vital severity | |
| CVE-2025-21186 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21345 | Microsoft Workplace Visio Distant Code Execution Vulnerability |
| CVE-2025-21346 | Microsoft Workplace Safety Function Bypass Vulnerability |
| CVE-2025-21354 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21356 | Microsoft Workplace Visio Distant Code Execution Vulnerability |
| CVE-2025-21357 | Microsoft Outlook Distant Code Execution Vulnerability |
| CVE-2025-21362 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21363 | Microsoft Phrase Distant Code Execution Vulnerability |
| CVE-2025-21364 | Microsoft Excel Safety Function Bypass Vulnerability |
| CVE-2025-21365 | Microsoft Workplace Distant Code Execution Vulnerability |
| CVE-2025-21366 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21395 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21402 | Microsoft Workplace OneNote Distant Code Execution Vulnerability |
Workplace (13 CVEs)
| Vital severity | |
| CVE-2025-21186 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21338 | GDI+ Distant Code Execution Vulnerability |
| CVE-2025-21366 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21395 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21362 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21345 | Microsoft Workplace Visio Distant Code Execution Vulnerability |
| CVE-2025-21346 | Microsoft Workplace Safety Function Bypass Vulnerability |
| CVE-2025-21354 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21356 | Microsoft Workplace Visio Distant Code Execution Vulnerability |
| CVE-2025-21363 | Microsoft Phrase Distant Code Execution Vulnerability |
| CVE-2025-21364 | Microsoft Excel Safety Function Bypass Vulnerability |
| CVE-2025-21365 | Microsoft Workplace Distant Code Execution Vulnerability |
| CVE-2025-21357 | Microsoft Outlook Distant Code Execution Vulnerability |
Visible Studio (7 CVEs)
| Crucial severity | |
| CVE-2025-21178 | Visible Studio Distant Code Execution Vulnerability |
| Vital severity | |
| CVE-2024-50338 | GitHub: CVE-2024-50338 Malformed URL permits data disclosure by way of git-credential-manager |
| CVE-2025-21171 | .NET Distant Code Execution Vulnerability |
| CVE-2025-21172 | .NET and Visible Studio Distant Code Execution Vulnerability |
| CVE-2025-21173 | .NET Elevation of Privilege Vulnerability |
| CVE-2025-21176 | .NET, .NET Framework, and Visible Studio Distant Code Execution Vulnerability |
| CVE-2025-21405 | Visible Studio Elevation of Privilege Vulnerability |
.NET (4 CVEs)
| Vital severity | |
| CVE-2025-21171 | .NET Distant Code Execution Vulnerability |
| CVE-2025-21172 | .NET and Visible Studio Distant Code Execution Vulnerability |
| CVE-2025-21173 | .NET Elevation of Privilege Vulnerability |
| CVE-2025-21176 | .NET, .NET Framework, and Visible Studio Distant Code Execution Vulnerability |
Entry (3 CVEs)
| Vital severity | |
| CVE-2025-21186 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21366 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21395 | Microsoft Entry Distant Code Execution Vulnerability |
SharePoint (3 CVEs)
| Vital severity | |
| CVE-2025-21344 | Microsoft SharePoint Server Distant Code Execution Vulnerability |
| CVE-2025-21348 | Microsoft SharePoint Server Distant Code Execution Vulnerability |
| CVE-2025-21393 | Microsoft SharePoint Server Spoofing Vulnerability |
Workplace for Mac (2 CVEs)
| Vital severity | |
| CVE-2025-21338 | Microsoft Outlook Distant Code Execution Vulnerability |
| CVE-2025-21361 | GDI+ Distant Code Execution Vulnerability |
AutoUpdate for Mac (1 CVE)
| Vital severity | |
| CVE-2025-21360 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
Excel (1 CVE)
| Vital severity | |
| CVE-2025-21362 | Microsoft Excel Distant Code Execution Vulnerability |
Outlook (1 CVE)
| Vital severity | |
| CVE-2025-21357 | Microsoft Outlook Distant Code Execution Vulnerability |
On-Premises Knowledge Gateway (1 CVE)
| Vital severity | |
| CVE-2025-21403 | On-Premises Knowledge Gateway Info Disclosure Vulnerability |
Energy Automate (1 CVE)
| Vital severity | |
| CVE-2025-21187 | Microsoft Energy Automate Distant Code Execution Vulnerability |
Appendix D: Advisories and Different Merchandise
This can be a checklist of advisories and data on different related CVEs within the January launch. The problems addressed within the three CVEs have already been mitigated by Microsoft, however had been listed within the launch within the pursuits of transparency.
Microsoft data:
| CVE / identifier | Product | Title | ||
| ADV990001 | Newest Servicing Stack Updates | |||
| CVE-2025-21185 | Edge | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Elevation of Privilege | N/A |
| CVE-2025-21380 | Market SaaS | Azure Market SaaS Assets Info Disclosure Vulnerability | Info Disclosure | Crucial |
| CVE-2025-21385 | Purview | Microsoft Purview Info Disclosure Vulnerability | Info Disclosure | Crucial |
There are not any Adobe advisories on this month’s launch.
Appendix E: Affected Home windows Server variations
This can be a desk of CVEs within the January launch affecting 9 Home windows Server variations, 2008 by way of 2025. The desk differentiates amongst main variations of the platform however doesn’t go into deeper element (eg., Server Core). Crucial-severity points are marked in crimson; an “x” signifies that the CVE doesn’t apply to that model. Directors are inspired to make use of this appendix as a place to begin to establish their particular publicity, as every reader’s scenario, particularly because it considerations merchandise out of mainstream help, will differ. For particular Information Base numbers, please seek the advice of Microsoft.
| 2008 | 2008-R2 | 2012 | 2012-R2 | 2016 | 2019 | 2022 | 2022 23H2 | 2025 | |
| CVE-2024-7344 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21189 | × | × | × | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21193 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21202 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21207 | × | × | × | × | × | ■ | ■ | ■ | ■ |
| CVE-2025-21210 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21211 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21213 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21214 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21215 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21217 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21218 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21219 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21220 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21223 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21224 | × | × | × | × | × | × | ■ | ■ | ■ |
| CVE-2025-21225 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21226 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21227 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21228 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21229 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21230 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21231 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21232 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21233 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21234 | × | × | × | × | × | × | ■ | ■ | ■ |
| CVE-2025-21235 | × | × | × | × | × | × | ■ | ■ | ■ |
| CVE-2025-21236 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21237 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21238 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21239 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21240 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21241 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21242 | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21243 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21244 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21245 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21246 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21248 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21249 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21250 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21251 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21252 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21255 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21256 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21257 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21258 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21260 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21261 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21263 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21265 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21266 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21268 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21269 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21270 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21271 | × | × | × | × | × | ■ | ■ | × | × |
| CVE-2025-21272 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21273 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21274 | × | × | × | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21275 | × | × | × | × | × | × | ■ | ■ | ■ |
| CVE-2025-21276 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21277 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21278 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21280 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21281 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21282 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21284 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21285 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21286 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21287 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21288 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21289 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21290 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21291 | × | × | × | × | × | ■ | ■ | ■ | × |
| CVE-2025-21292 | × | × | × | × | × | ■ | ■ | ■ | ■ |
| CVE-2025-21293 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21294 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21295 | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21296 | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21297 | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21298 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21299 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21300 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21301 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21302 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21303 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21304 | × | × | × | × | ■ | ■ | × | × | × |
| CVE-2025-21305 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21306 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21307 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21308 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21309 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21310 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21311 | × | × | × | × | × | × | × | ■ | ■ |
| CVE-2025-21312 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | × |
| CVE-2025-21313 | × | × | × | × | × | × | × | ■ | ■ |
| CVE-2025-21314 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21315 | × | × | × | × | × | × | × | ■ | ■ |
| CVE-2025-21316 | × | × | × | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21317 | × | × | × | × | × | × | ■ | ■ | ■ |
| CVE-2025-21318 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21319 | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21320 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21321 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21323 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21324 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21326 | × | × | × | × | × | × | × | ■ | ■ |
| CVE-2025-21327 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21328 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21329 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21330 | × | × | × | × | × | ■ | ■ | ■ | ■ |
| CVE-2025-21331 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | × |
| CVE-2025-21332 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21333 | × | × | × | × | × | × | × | ■ | ■ |
| CVE-2025-21334 | × | × | × | × | × | × | × | ■ | ■ |
| CVE-2025-21335 | × | × | × | × | × | × | × | ■ | ■ |
| CVE-2025-21336 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21338 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21339 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21340 | × | × | × | × | × | ■ | ■ | ■ | ■ |
| CVE-2025-21341 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21343 | × | × | × | × | × | × | × | × | × |
| CVE-2025-21370 | × | × | × | × | × | × | × | × | × |
| CVE-2025-21372 | × | × | × | × | × | × | × | ■ | ■ |
| CVE-2025-21374 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21378 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21382 | × | × | × | × | × | ■ | ■ | ■ | ■ |
| CVE-2025-21389 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21409 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21411 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21413 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21417 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |