
CVE-2025-32716 – Windows Media Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-32716
10 Jun 2025 — Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32716 • CWE-125: Out-of-bounds Read •

CVE-2025-32715 – Remote Desktop Protocol Client Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-32715
10 Jun 2025 — Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32715 • CWE-125: Out-of-bounds Read •

CVE-2025-32713 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-32713
10 Jun 2025 — Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32713 • CWE-122: Heap-based Buffer Overflow •

CVE-2025-32712 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-32712
10 Jun 2025 — Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32712 • CWE-416: Use After Free •

CVE-2025-32710 – Windows Remote Desktop Services Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-32710
10 Jun 2025 — Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32710 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVE-2025-32714 – Windows Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-32714
10 Jun 2025 — Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Installer service. The service uses a resource from an unsecured location. An attacker can leverage this vulnerabil... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32714 • CWE-284: Improper Access Control •

CVE-2025-33075 – Windows Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-33075
10 Jun 2025 — Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Installer service. By creating a symbolic link, an attacker can abuse the se... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33075 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVE-2025-24063 – Kernel Streaming Service Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24063
13 May 2025 — Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24063 • CWE-122: Heap-based Buffer Overflow •

CVE-2025-32707 – NTFS Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-32707
13 May 2025 — Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32707 • CWE-125: Out-of-bounds Read •

CVE-2025-30397 – Microsoft Windows Scripting Engine Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-30397
13 May 2025 — Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL. • https://packetstorm.news/files/id/200680 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •