.Microsoft on Tuesday announced 81 patches affecting 15 product families. Nine of the addressed issues are considered by Microsoft to be of Critical severity, and nine have a CVSS base score of 8.0 or higher — though, to be clear, they’re not the same nine issues. None are known to be under active exploit in the wild, though one Windows issue (CVE-2025-55234, affecting SMB) has been publicly disclosed.

At patch time, eight CVEs are judged more likely to be exploited in the next 30 days by the company’s estimation. Various of this month’s issues are amenable to direct detection by Sophos protections, and we include information on those in a table below. In addition, several CVEs not included in this month’s count, all but one affecting Edge, are already patched. We have included titles and CVEs for all of these in Appendix D, along with information on two patches this month for Adobe Reader, one Critical in severity.

We are as always including at the end of this post additional appendices listing all Microsoft’s patches sorted by severity, by predicted exploitability timeline and CVSS Base score, and by product family. Another appendix covers advisory-style updates and the list of issues discussed in this month’s release materials but mitigated prior to the release, and another provides breakout of the patches affecting the various Windows Server platforms still in support.

By the numbers

Total CVEs: 81

Publicly disclosed: 1

Exploit detected: 0

Severity Critical: 9 Important: 72

Impact Elevation of Privilege: 38 Remote Code Execution: 22 Information Disclosure: 15 Denial of Service: 3 Security Feature Bypass: 2 Spoofing: 1

CVSS base score 9.0 or greater: 1

CVSS base score 8.0 or greater: 9

Figure 1: Elevation of Privilege vulnerabilities outpace Remote Code Execution flaws for the third month in a row, but RCE issues once again account for more Critical-severity patches

Products

Windows: 58

365: 13

Office: 13

Excel: 8

SharePoint: 3

Azure: 2

SQL: 2

Microsoft AutoUpdate (MAU) for Macintosh: 1

Microsoft High Performance Compute Pack: 1

Nuance PowerScribe: 1

Office for Android: 1

OfficePLUS: 1

PowerPoint: 1

Word: 1

Xbox Gaming System: 1

As is our custom for this list, CVEs that apply to more than one product family are counted once for each family they affect. We note, by the way, that CVE names don’t always reflect affected product families closely. In particular, some CVEs names in the Office family may mention products that don’t appear in the list of products affected by the CVE, and vice versa. (CVE-2025-54907, “Microsoft Office Visio Remote Code Execution Vulnerability,” is an excellent example of this for September; Visio does not appear in the list of products affected by this issue.)

OfficePLUS is an add-on to the usual Office suite. As such, Microsoft identifies it as being in its own product family. We’ve also chosen to list the sole Office for Android patch as existing in its own family as well; see below for discussion of this CVE.



Figure 2: Windows accounts for nearly three-quarters of the September patch set, which is perhaps less surprising than the appearance of Xbox in this roundup

Notable September updates

In addition to the issues discussed above, a variety of specific items merit attention.

CVE-2025-55234 — Windows SMB Elevation of Privilege Vulnerability

This authentication Elevation of Privilege issue in Windows’ Server Message Block protocol is the only vulnerability this month already known to be public, and Microsoft expects it to be more likely than most to be exploited within the next 30 days. That said, the SMB Server has multiple mechanisms for hardening against relay attacks such as this might allow, and the company directs concerned administrators’ attention to more information on those methods.

CVE-2025-55232 — Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability

This issue, which Microsoft assigns an Important severity but a CVSS Base score of 9.8, could potentially allow an attacker to accomplish remote code execution without user interaction. The problem involves port 5999, and the company recommends that users run their HPC Pack clusters in a trusted network secured by firewall rules especially for that TCP port, which is commonly enabled for remote management.

CVE-2025-53799 — Windows Imaging Component Information Disclosure Vulnerability

This Critical-severity Information Disclosure issue is, unusually, shared between Windows and Office for Android (but no other version of Office). The attacker would have to convince the target to open a maliciously constructed file, and would in return be able to read small portions of heap memory, making this likely to serve as a small part of a greater attack chain.

CVE-2025-54897 — Microsoft SharePoint Remote Code Execution Vulnerability

It’s kitten on the keys time again with the return to the MAPP finder roll of zcgonvh’s cat Vanilla, that fearsome hunter of SharePoint bugs. This month’s catch is an Important-severity RCE weighing in at a sturdy 8.8 CVSS Base score. Good kitty.

CVE-2025-54107, CVE-2025-54917 — MapUrlToZone Security Feature Bypass Vulnerability (two CVEs)

As Windows 10 enters its last month of mainstream support, these two identically named CVEs – brought to you by the letters I and E – remind us that the past is never dead; it’s not even past, at least if your operating system’s DNA includes bits from that long-retired browser. Both are Security Feature Bypass issues of Important severity. Forty-four of this month’s patches apply to Windows 10, including these two.

Figure 3: After three straight months of outpacing Remote Code Execution in the monthly tallies, Elevation of Privilege this month rises to the top of the 2025 bug count

Sophos protections

CVE Sophos Intercept X/Endpoint IPS Sophos XGS Firewall CVE-2025-54093 Exp/2554093-A Exp/2554093-A CVE-2025-54098 Exp/2554098-A Exp/2554098-A CVE-2025-54110 Exp/2554110-A Exp/2554110-A CVE-2025-54918 SID:2311578 SID:2311578

As you can every month, if you don’t want to wait for your system to pull down Microsoft’s updates itself, you can download them manually from the Windows Update Catalog website. Run the winver.exe tool to determine which build of Windows 10 or 11 you’re running, then download the Cumulative Update package for your specific system’s architecture and build number.

Appendix A: Vulnerability Impact and Severity

This is a list of September patches sorted by impact, then sub-sorted by severity. Each list is further arranged by CVE.

Elevation of Privilege (38 CVEs)

Critical severity CVE-2025-53800 Windows Graphics Component Elevation of Privilege Vulnerability CVE-2025-54918 Windows NTLM Elevation of Privilege Vulnerability Important severity CVE-2025-49692 Azure Connected Machine Agent Elevation of Privilege Vulnerability CVE-2025-49734 PowerShell Direct Elevation of Privilege Vulnerability CVE-2025-53801 Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2025-53802 Windows Bluetooth Service Elevation of Privilege Vulnerability CVE-2025-53807 Windows Graphics Component Elevation of Privilege Vulnerability CVE-2025-53808 Windows Defender Firewall Service Elevation of Privilege Vulnerability CVE-2025-53810 Windows Defender Firewall Service Elevation of Privilege Vulnerability CVE-2025-54091 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-54092 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-54093 Windows TCP/IP Driver Elevation of Privilege Vulnerability CVE-2025-54094 Windows Defender Firewall Service Elevation of Privilege Vulnerability CVE-2025-54098 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-54099 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-54102 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability CVE-2025-54103 Windows Management Service Elevation of Privilege Vulnerability CVE-2025-54104 Windows Defender Firewall Service Elevation of Privilege Vulnerability CVE-2025-54105 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2025-54108 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability CVE-2025-54109 Windows Defender Firewall Service Elevation of Privilege Vulnerability CVE-2025-54110 Windows Kernel Elevation of Privilege Vulnerability CVE-2025-54111 Windows UI XAML Phone DatePickerFlyout Elevation of Privilege Vulnerability CVE-2025-54112 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability CVE-2025-54115 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-54116 Windows MultiPoint Services Elevation of Privilege Vulnerability CVE-2025-54894 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability CVE-2025-54895 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege Vulnerability CVE-2025-54911 Windows BitLocker Elevation of Privilege Vulnerability CVE-2025-54912 Windows BitLocker Elevation of Privilege Vulnerability CVE-2025-54913 Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability CVE-2025-54915 Windows Defender Firewall Service Elevation of Privilege Vulnerability CVE-2025-55223 DirectX Graphics Kernel Elevation of Privilege Vulnerability CVE-2025-55227 Microsoft SQL Server Elevation of Privilege Vulnerability CVE-2025-55234 Windows SMB Elevation of Privilege Vulnerability CVE-2025-55245 Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability CVE-2025-55316 Azure Arc Elevation of Privilege Vulnerability CVE-2025-55317 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Remote Code Execution (22 CVEs)

Critical severity CVE-2025-54910 Microsoft Office Remote Code Execution Vulnerability CVE-2025-55224 Windows Hyper-V Remote Code Execution Vulnerability CVE-2025-55226 Graphics Kernel Remote Code Execution Vulnerability CVE-2025-55228 Windows Graphics Component Remote Code Execution Vulnerability CVE-2025-55236 Graphics Kernel Remote Code Execution Vulnerability Important severity CVE-2025-54101 SMB Client and Server Remote Code Execution Vulnerability CVE-2025-54106 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2025-54113 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2025-54896 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54897 Microsoft SharePoint Remote Code Execution Vulnerability CVE-2025-54898 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54899 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54900 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54902 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54903 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54904 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54906 Microsoft Office Remote Code Execution Vulnerability CVE-2025-54907 Microsoft Office Visio Remote Code Execution Vulnerability CVE-2025-54908 Microsoft PowerPoint Remote Code Execution Vulnerability CVE-2025-54916 Windows NTFS Remote Code Execution Vulnerability CVE-2025-54919 Windows Graphics Component Remote Code Execution Vulnerability CVE-2025-55232 Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability

Information Disclosure (15 CVEs)

Critical severity CVE-2025-30398 Nuance PowerScribe 360 Information Disclosure Vulnerability CVE-2025-53799 Windows Imaging Component Information Disclosure Vulnerability Important severity CVE-2025-47997 Microsoft SQL Server Information Disclosure Vulnerability CVE-2025-53796 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-53797 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-53798 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-53803 Windows Kernel Memory Information Disclosure Vulnerability CVE-2025-53804 Windows Kernel-Mode Driver Information Disclosure Vulnerability CVE-2025-53806 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-54095 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-54096 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-54097 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-54901 Microsoft Excel Information Disclosure Vulnerability CVE-2025-54905 Microsoft Word Information Disclosure Vulnerability CVE-2025-55225 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

Denial of Service (3 CVEs)

Important severity CVE-2025-53805 HTTP.sys Denial of Service Vulnerability CVE-2025-53809 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability CVE-2025-54114 Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability

Security Feature Bypass (2 CVEs)

Important severity CVE-2025-54107 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-54917 MapUrlToZone Security Feature Bypass Vulnerability

Spoofing (1 CVE)

Important severity CVE-2025-55243 Microsoft OfficePlus Spoofing Vulnerability

Appendix B: Exploitability and CVSS

This is a list of the September CVEs judged by Microsoft to be more likely to be exploited in the wild within the first 30 days post-release. Since none of the September issues are known to be already exploited in the wild, that list does not appear this month. The list is arranged by CVE.

Exploitation more likely within the next 30 days CVE-2025-53803 Windows Kernel Memory Information Disclosure Vulnerability CVE-2025-53804 Windows Kernel-Mode Driver Information Disclosure Vulnerability CVE-2025-54093 Windows TCP/IP Driver Elevation of Privilege Vulnerability CVE-2025-54098 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-54110 Windows Kernel Elevation of Privilege Vulnerability CVE-2025-54916 Windows NTFS Remote Code Execution Vulnerability CVE-2025-54918 Windows NTLM Elevation of Privilege Vulnerability CVE-2025-55234 Windows SMB Elevation of Privilege Vulnerability

This is a list of September CVEs with a Microsoft-assessed CVSS Base score of 8.0 or higher. They are arranged by score and further sorted by CVE. For more information on how CVSS works, please see our series on patch prioritization schema.

CVSS Base CVSS Temporal CVE Title 9.8 8.5 CVE-2025-55232 Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-54106 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-54110 Windows Kernel Elevation of Privilege Vulnerability 8.8 7.7 CVE-2025-54897 Microsoft SharePoint Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-54918 Windows NTLM Elevation of Privilege Vulnerability 8.8 7.7 CVE-2025-55227 Microsoft SQL Server Elevation of Privilege Vulnerability 8.8 7.7 CVE-2025-55234 Windows SMB Elevation of Privilege Vulnerability 8.4 7.3 CVE-2025-54910 Microsoft Office Remote Code Execution Vulnerability 8.1 7.1 CVE-2025-30398 Nuance PowerScribe 360 Information Disclosure Vulnerability

Appendix C: Products Affected

This is a list of September’s patches sorted by product family, then sub-sorted by severity. Each list is further arranged by CVE. Patches that are shared among multiple product families are listed multiple times, once for each product family. Certain issues for which advisories have been issued are covered in Appendix D, and issues affecting Windows Server are further sorted in Appendix E. All CVE titles are accurate as made available by Microsoft; for further information on why certain products may appear in titles and not product families (or vice versa), please consult Microsoft.

Windows (58 CVEs)

Critical severity CVE-2025-53799 Windows Imaging Component Information Disclosure Vulnerability CVE-2025-53800 Windows Graphics Component Elevation of Privilege Vulnerability CVE-2025-54918 Windows NTLM Elevation of Privilege Vulnerability CVE-2025-55224 Windows Hyper-V Remote Code Execution Vulnerability CVE-2025-55226 Graphics Kernel Remote Code Execution Vulnerability CVE-2025-55228 Windows Graphics Component Remote Code Execution Vulnerability CVE-2025-55236 Graphics Kernel Remote Code Execution Vulnerability Important severity CVE-2025-49734 PowerShell Direct Elevation of Privilege Vulnerability CVE-2025-53796 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-53797 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-53798 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-53801 Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2025-53802 Windows Bluetooth Service Elevation of Privilege Vulnerability CVE-2025-53803 Windows Kernel Memory Information Disclosure Vulnerability CVE-2025-53804 Windows Kernel-Mode Driver Information Disclosure Vulnerability CVE-2025-53805 HTTP.sys Denial of Service Vulnerability CVE-2025-53806 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-53807 Windows Graphics Component Elevation of Privilege Vulnerability CVE-2025-53808 Windows Defender Firewall Service Elevation of Privilege Vulnerability CVE-2025-53809 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability CVE-2025-53810 Windows Defender Firewall Service Elevation of Privilege Vulnerability CVE-2025-54091 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-54092 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-54093 Windows TCP/IP Driver Elevation of Privilege Vulnerability CVE-2025-54094 Windows Defender Firewall Service Elevation of Privilege Vulnerability CVE-2025-54095 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-54096 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-54097 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-54098 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-54099 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-54101 SMB Client and Server Remote Code Execution Vulnerability CVE-2025-54102 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability CVE-2025-54103 Windows Management Service Elevation of Privilege Vulnerability CVE-2025-54104 Windows Defender Firewall Service Elevation of Privilege Vulnerability CVE-2025-54105 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2025-54106 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2025-54107 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-54108 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability CVE-2025-54109 Windows Defender Firewall Service Elevation of Privilege Vulnerability CVE-2025-54110 Windows Kernel Elevation of Privilege Vulnerability CVE-2025-54111 Windows UI XAML Phone DatePickerFlyout Elevation of Privilege Vulnerability CVE-2025-54112 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability CVE-2025-54113 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2025-54114 Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability CVE-2025-54115 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-54116 Windows MultiPoint Services Elevation of Privilege Vulnerability CVE-2025-54894 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability CVE-2025-54895 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege Vulnerability CVE-2025-54911 Windows BitLocker Elevation of Privilege Vulnerability CVE-2025-54912 Windows BitLocker Elevation of Privilege Vulnerability CVE-2025-54913 Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability CVE-2025-54915 Windows Defender Firewall Service Elevation of Privilege Vulnerability CVE-2025-54916 Windows NTFS Remote Code Execution Vulnerability CVE-2025-54917 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-54919 Windows Graphics Component Remote Code Execution Vulnerability CVE-2025-55223 DirectX Graphics Kernel Elevation of Privilege Vulnerability CVE-2025-55225 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-55234 Windows SMB Elevation of Privilege Vulnerability

365 (13 CVEs)

Critical severity CVE-2025-54910 Microsoft Office Remote Code Execution Vulnerability Important severity CVE-2025-54896 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54898 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54899 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54900 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54901 Microsoft Excel Information Disclosure Vulnerability CVE-2025-54902 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54903 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54904 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54905 Microsoft Word Information Disclosure Vulnerability CVE-2025-54906 Microsoft Office Remote Code Execution Vulnerability CVE-2025-54907 Microsoft Office Visio Remote Code Execution Vulnerability CVE-2025-54908 Microsoft PowerPoint Remote Code Execution Vulnerability

Office (13 CVEs)

Critical severity CVE-2025-54910 Microsoft Office Remote Code Execution Vulnerability Important severity CVE-2025-54896 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54898 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54899 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54900 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54901 Microsoft Excel Information Disclosure Vulnerability CVE-2025-54902 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54903 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54904 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54905 Microsoft Word Information Disclosure Vulnerability CVE-2025-54906 Microsoft Office Remote Code Execution Vulnerability CVE-2025-54907 Microsoft Office Visio Remote Code Execution Vulnerability CVE-2025-54908 Microsoft PowerPoint Remote Code Execution Vulnerability

Excel (8 CVEs)

Important severity CVE-2025-54896 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54898 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54899 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54900 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54901 Microsoft Excel Information Disclosure Vulnerability CVE-2025-54902 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54903 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54904 Microsoft Excel Remote Code Execution Vulnerability

SharePoint (3 CVEs)

Important severity CVE-2025-54897 Microsoft SharePoint Remote Code Execution Vulnerability CVE-2025-54905 Microsoft Word Information Disclosure Vulnerability CVE-2025-54906 Microsoft Office Remote Code Execution Vulnerability

Azure (2 CVEs)

Important severity CVE-2025-49692 Azure Connected Machine Agent Elevation of Privilege Vulnerability CVE-2025-55316 Azure Arc Elevation of Privilege Vulnerability

SQL (2 CVEs)

Important severity CVE-2025-47997 Microsoft SQL Server Information Disclosure Vulnerability CVE-2025-55227 Microsoft SQL Server Elevation of Privilege Vulnerability

Microsoft AutoUpdate (MAU) for Mac (1 CVE)

Important severity CVE-2025-55317 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Microsoft High Performance Compute Pack (1 CVE)

Important severity CVE-2025-55232 Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability

Nuance PowerScribe (1 CVE)

Critical severity CVE-2025-30398 Nuance PowerScribe 360 Information Disclosure Vulnerability

Office for Android (1 CVE)

Critical severity CVE-2025-53799 Windows Imaging Component Information Disclosure Vulnerability

OfficePLUS (1 CVE)

Important severity CVE-2025-55243 Microsoft OfficePlus Spoofing Vulnerability

PowerPoint (1 CVE)

Important severity CVE-2025-54908 Microsoft PowerPoint Remote Code Execution Vulnerability

Word (1 CVE)

Important severity CVE-2025-54905 Microsoft Word Information Disclosure Vulnerability

Xbox (1 CVE)

Important severity CVE-2025-55245 Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability

Appendix D: Advisories and Other Products

There are 5 Edge-related advisories in September’s release, all but one of which originated outside Microsoft.

CVE-2025-9864 Chromium: CVE-2025-9864 Use after free in V8 CVE-2025-9865 Chromium: CVE-2025-9865 Inappropriate implementation in Toolbar CVE-2025-9866 Chromium: CVE-2025-9866 Inappropriate implementation in Extensions CVE-2025-9867 Chromium: CVE-2025-9867 Inappropriate implementation in Downloads CVE-2025-53791 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

This month also includes the periodic Servicing Stack Updates, ADV990001.

Microsoft also included in this month’s release information on CVE-2024-21907 (VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json), which addresses a mishandling of exceptional conditions vulnerability in Newtonsoft.Json before version 13.0.1. The CVE for this flaw was issued by VulnCheck, but the SQL patches from Microsoft this month also touch on this vulnerability, so Microsoft included advisory information on the issue in the release. This CVE does not figure into any of our tallies this month.

There were two Adobe Reader advisories included in the September release, both affecting versions 25.001.20521, 24.001.30235, 20.005.30763 and earlier.

Moderate CVE-2025-54255 Violation of Secure Design Principles (CWE-657) Critical CVE-2025-54257 Use After Free (CWE-416)

Appendix E: Affected Windows Server versions

This is a table of the 58 CVEs in the September release affecting Windows Server versions 2008 through 2025. The table differentiates among major versions of the platform but doesn’t go into deeper detail (eg., Server Core). Critical-severity issues are marked in red; an “x” indicates that the CVE does not apply to that version. Administrators are encouraged to use this appendix as a starting point to ascertain their specific exposure, as each reader’s situation, especially as it concerns products out of mainstream support, will vary. For specific Knowledge Base numbers, please consult Microsoft.