Microsoft on Tuesday launched 159 patches touching 13 product households. 9 of the addressed points are thought of by Microsoft to be of Crucial severity, and 43 have a CVSS base rating of 8.0 or increased. Three are underneath energetic exploit within the wild. One can finest be mitigated by “configur[ing] Microsoft Outlook to learn all normal mail in plain textual content.”
The unprecedented patch haul falls primarily to Home windows, with 132 patches relevant to the working system. (132 patches would itself high quality because the third-largest launch since 2020.) Inside that group, a lot of themes emerge – 28 remote-code-execution patches affecting Home windows Telephony Providers, for example, or the 17 elevation-of-privilege points addressed in Home windows Digital Media. Eight of the Home windows patches are critical-severity, together with the OLE-involved Outlook bug famous above. (We’ll look extra intently at that scenario in a minute.)
At patch time, three important-severity EoP points, all titled “Home windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability,” are identified to be underneath exploit within the wild, with 17 further CVEs extra more likely to be exploited within the subsequent 30 days by the corporate’s estimation. Two of this month’s points are amenable to detection by Sophos protections, and we embody info on these in a desk beneath.
Along with these patches, the discharge contains advisory info on Servicing Stack Updates, in addition to info on the month’s single Edge patch (there’s additionally an Web Explorer patch, as we’ll talk about beneath) and two points coated within the launch however already mitigated by Microsoft. We’re as at all times together with on the finish of this put up further appendices itemizing all Microsoft’s patches, sorted by severity, by predicted exploitability, and by product household; an appendix overlaying the advisory-style updates; and a breakout of the 130 patches affecting the varied Home windows Server platforms nonetheless in assist.
- Complete CVEs: 159
- Publicly disclosed: 3
- Exploit detected: 3
- Severity
- Crucial: 9
- Necessary: 150
- Influence
- Distant Code Execution: 58
- Elevation of Privilege: 40
- Data Disclosure: 22
- Denial of Service: 20
- Safety Function Bypass: 14
- Spoofing: 5
- CVSS base rating 9.0 or higher: 3
- CVSS base rating 8.0 or higher: 40
Determine 1: Although RCE continues to rule the roost, quite a lot of impacts are represented within the first patch haul of the yr
Merchandise
- Home windows: 132
- 365: 13
- Workplace: 13
- Visible Studio: 7
- .NET: 4
- Entry: 3
- SharePoint: 3
- Workplace for Mac: 2
- AutoUpdate for Mac: 1
- Excel: 1
- Outlook: 1
- On-Premises Knowledge Gateway: 1
- Energy Automate: 1
As is our customized for this checklist, CVEs that apply to multiple product household are counted as soon as for every household they have an effect on.
Determine 2: All however two of January’s Home windows patches apply to the server-side OS. As for the remaining, Workplace for Mac will get a single patch all to iteself and shares one with different variations of Workplace
Notable January updates
Along with the problems mentioned above, a lot of particular gadgets benefit consideration.
CVE-2025-21298 — Home windows OLE Distant Code Execution Vulnerability
With a CVSS base rating of 9.8, this critical-severity situation is already attention-getting, but it surely’s much more thrilling than that. That is an RTF (Wealthy Textual content Format) situation, so although it have to be corrected in Home windows it applies to numerous merchandise, specifically e-mail. For the reason that flaw might be triggered in Preview Pane, an attacker deploying this vulnerability must do nothing greater than ship a malicious e-mail to the goal; even when the consumer doesn’t click on on something, merely viewing it’s adequate to set off RCE. Thankfully it’s not but believed to be underneath energetic exploit within the wild – the finders labored with The Zero-Day Initiative to convey it to Microsoft’s consideration – but it surely’s cheap to imagine the clock is ticking. As famous above, the corporate does certainly advocate that customers keep on with studying their e-mail in plaintext, and offers the directions for configuring particular person machines to take action in Outlook. Customers of different e-mail packages will want to take word and act accordingly.
CVE-2025-21311 — Home windows NTLM V1 Elevation of Privilege Vulnerability
One other 9.8 on CVSS’s scale, this one applies to Microsoft’s most up-to-date choices (Home windows 11 24H2, Server 2022 23H2, Server 2025) and is comparatively straightforward to mitigate by setting LmCompatibilityLevel to its most worth of 5, thus disallowing utilization of the MTLMv1 protocol. That’s good, as a result of the vulnerability is remotely exploitable, requires no explicit data of the goal system, and has a excessive success charge.
CVE-2025-21366, CVE-2025-21395, CVE-2025-21186 – all Microsoft Entry Distant Code Execution Vulnerability
Persevering with this month’s theme of “adjustments to e-mail performance that’ll make finish customers cranky,” the patches for these CVEs all block seven probably malicious extensions (.accda, .accdb, .accde, .accdr, accdt, .accdu, .accdw) from being despatched by way of e-mail. Microsoft states that the recipient will get a notification that there was an attachment however that it can’t be accessed. All three points are RCE geared toward RDP, and all three are already publicly identified.
CVE-2025-21280, CVE-2025-21284, CVE-2025-21299, CVE-2025-21321, CVE-2025-21331, CVE-2025-21336, CVE-2025-21340, CVE-2025-21370 – numerous titles
Eight of this month’s patches contain Digital Safe Mode parts, which implies that directors must comply with Microsoft’s steering for updating virtualization-based safety (VBS) points.
CVE-2025-21343 — Home windows Net Risk Protection Person Service Data Disclosure Vulnerability
An Necessary-severity information-disclosure situation, this oddity can, if exploited, enable the attacker to seize screenshots of one other consumer’s session. It’s likewise fairly particular in scope, affecting solely Home windows 11 22H2, 23H2, and 24H2. It was submitted to Microsoft by an unusual finder, the Australian Alerts Directorate.
CVE-2025-21326 — Web Explorer Distant Code Execution Vulnerability
Looks as if previous instances with a reputation like that, however this important-severity RCE impacts not the browser of yore however Home windows Server 2022 23H2 and Home windows Server 2025.
Determine 3: This spike on the proper edge? There we’re
Sophos protections
| CVE | Sophos Intercept X/Endpoint IPS | Sophos XGS Firewall |
| CVE-2025-21299 | Exp/2521299-A | Exp/2521299-A |
| CVE-2025-21362 | sid:2310479 | sid:2310479 |
As you’ll be able to each month, should you don’t wish to wait on your system to tug down Microsoft’s updates itself, you’ll be able to obtain them manually from the Home windows Replace Catalog web site. Run the winver.exe device to find out which construct of Home windows 10 or 11 you’re operating, then obtain the Cumulative Replace package deal on your particular system’s structure and construct quantity.
Appendix A: Vulnerability Influence and Severity
This can be a checklist of January patches sorted by affect, then sub-sorted by severity. Every checklist is additional organized by CVE.
Distant Code Execution (58 CVEs)
| Crucial severity | |
| CVE-2025-21178 | Visible Studio Distant Code Execution Vulnerability |
| CVE-2025-21294 | Microsoft Digest Authentication Distant Code Execution Vulnerability |
| CVE-2025-21295 | SPNEGO Prolonged Negotiation (NEGOEX) Safety Mechanism Distant Code Execution Vulnerability |
| CVE-2025-21296 | BranchCache Distant Code Execution Vulnerability |
| CVE-2025-21297 | Home windows Distant Desktop Providers Distant Code Execution Vulnerability |
| CVE-2025-21298 | Home windows OLE Distant Code Execution Vulnerability |
| CVE-2025-21307 | Home windows Dependable Multicast Transport Driver (RMCAST) Distant Code Execution Vulnerability |
| CVE-2025-21309 | Home windows Distant Desktop Providers Distant Code Execution Vulnerability |
| Necessary severity | |
| CVE-2025-21171 | .NET Distant Code Execution Vulnerability |
| CVE-2025-21172 | .NET and Visible Studio Distant Code Execution Vulnerability |
| CVE-2025-21176 | .NET, .NET Framework, and Visible Studio Distant Code Execution Vulnerability |
| CVE-2025-21186 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21187 | Microsoft Energy Automate Distant Code Execution Vulnerability |
| CVE-2025-21223 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21224 | Home windows Line Printer Daemon (LPD) Service Distant Code Execution Vulnerability |
| CVE-2025-21233 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21236 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21237 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21238 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21239 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21240 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21241 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21243 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21244 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21245 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21246 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21248 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21250 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21252 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21266 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21273 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21282 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21286 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21291 | Home windows Direct Present Distant Code Execution Vulnerability |
| CVE-2025-21302 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21303 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21305 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21306 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21326 | Web Explorer Distant Code Execution Vulnerability |
| CVE-2025-21338 | GDI+ Distant Code Execution Vulnerability |
| CVE-2025-21339 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21344 | Microsoft SharePoint Server Distant Code Execution Vulnerability |
| CVE-2025-21345 | Microsoft Workplace Visio Distant Code Execution Vulnerability |
| CVE-2025-21348 | Microsoft SharePoint Server Distant Code Execution Vulnerability |
| CVE-2025-21354 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21356 | Microsoft Workplace Visio Distant Code Execution Vulnerability |
| CVE-2025-21357 | Microsoft Outlook Distant Code Execution Vulnerability |
| CVE-2025-21361 | Microsoft Outlook Distant Code Execution Vulnerability |
| CVE-2025-21362 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21363 | Microsoft Phrase Distant Code Execution Vulnerability |
| CVE-2025-21365 | Microsoft Workplace Distant Code Execution Vulnerability |
| CVE-2025-21366 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21395 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21402 | Microsoft Workplace OneNote Distant Code Execution Vulnerability |
| CVE-2025-21409 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21411 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21413 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21417 | Home windows Telephony Service Distant Code Execution Vulnerability |
Elevation of Privilege (40 CVEs)
| Crucial severity | |
| CVE-2025-21311 | Home windows NTLM V1 Elevation of Privilege Vulnerability |
| Necessary severity | |
| CVE-2025-21173 | .NET Elevation of Privilege Vulnerability |
| CVE-2025-21202 | Home windows Restoration Setting Agent Elevation of Privilege Vulnerability |
| CVE-2025-21226 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21227 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21228 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21229 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21232 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21234 | Home windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-21235 | Home windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-21249 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21255 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21256 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21258 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21260 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21261 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21263 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21265 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21271 | Home windows Cloud Information Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2025-21275 | Home windows App Bundle Installer Elevation of Privilege Vulnerability |
| CVE-2025-21281 | Microsoft COM for Home windows Elevation of Privilege Vulnerability |
| CVE-2025-21287 | Home windows Installer Elevation of Privilege Vulnerability |
| CVE-2025-21292 | Home windows Search Service Elevation of Privilege Vulnerability |
| CVE-2025-21293 | Energetic Listing Area Providers Elevation of Privilege Vulnerability |
| CVE-2025-21304 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2025-21310 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21315 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-21324 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21327 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21331 | Home windows Installer Elevation of Privilege Vulnerability |
| CVE-2025-21333 | Home windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| CVE-2025-21334 | Home windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| CVE-2025-21335 | Home windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| CVE-2025-21341 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21360 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
| CVE-2025-21370 | Home windows Virtualization-Based mostly Safety (VBS) Enclave Elevation of Privilege Vulnerability |
| CVE-2025-21372 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-21378 | Home windows CSC Service Elevation of Privilege Vulnerability |
| CVE-2025-21382 | Home windows Graphics Part Elevation of Privilege Vulnerability |
| CVE-2025-21405 | Visible Studio Elevation of Privilege Vulnerability |
Data Disclosure (22 CVEs)
| Necessary severity | |
| CVE-2024-50338 | GitHub: CVE-2024-50338 Malformed URL permits info disclosure by means of git-credential-manager |
| CVE-2025-21210 | Home windows BitLocker Data Disclosure Vulnerability |
| CVE-2025-21214 | Home windows BitLocker Data Disclosure Vulnerability |
| CVE-2025-21215 | Safe Boot Safety Function Bypass Vulnerability |
| CVE-2025-21220 | Microsoft Message Queuing Data Disclosure Vulnerability |
| CVE-2025-21242 | Home windows Kerberos Data Disclosure Vulnerability |
| CVE-2025-21257 | Home windows WLAN AutoConfig Service Data Disclosure Vulnerability |
| CVE-2025-21272 | Home windows COM Server Data Disclosure Vulnerability |
| CVE-2025-21288 | Home windows COM Server Data Disclosure Vulnerability |
| CVE-2025-21301 | Home windows Geolocation Service Data Disclosure Vulnerability |
| CVE-2025-21312 | Home windows Good Card Reader Data Disclosure Vulnerability |
| CVE-2025-21316 | Home windows Kernel Reminiscence Data Disclosure Vulnerability |
| CVE-2025-21317 | Home windows Kernel Reminiscence Data Disclosure Vulnerability |
| CVE-2025-21318 | Home windows Kernel Reminiscence Data Disclosure Vulnerability |
| CVE-2025-21319 | Home windows Kernel Reminiscence Data Disclosure Vulnerability |
| CVE-2025-21320 | Home windows Kernel Reminiscence Data Disclosure Vulnerability |
| CVE-2025-21321 | Home windows Kernel Reminiscence Data Disclosure Vulnerability |
| CVE-2025-21323 | Home windows Kernel Reminiscence Data Disclosure Vulnerability |
| CVE-2025-21336 | Home windows Cryptographic Data Disclosure Vulnerability |
| CVE-2025-21343 | Home windows Net Risk Protection Person Service Data Disclosure Vulnerability |
| CVE-2025-21374 | Home windows CSC Service Data Disclosure Vulnerability |
| CVE-2025-21403 | On-Premises Knowledge Gateway Data Disclosure Vulnerability |
Denial of Service (20 CVEs)
| Necessary severity | |
| CVE-2025-21207 | Home windows Linked Gadgets Platform Service (Cdpsvc) Denial of Service Vulnerability |
| CVE-2025-21218 | Home windows Kerberos Denial of Service Vulnerability |
| CVE-2025-21225 | Home windows Distant Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| CVE-2025-21230 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21231 | IP Helper Denial of Service Vulnerability |
| CVE-2025-21251 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21270 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21274 | Home windows Occasion Tracing Denial of Service Vulnerability |
| CVE-2025-21276 | Home windows MapUrlToZone Denial of Service Vulnerability |
| CVE-2025-21277 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21278 | Home windows Distant Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| CVE-2025-21280 | Home windows Digital Trusted Platform Module Denial of Service Vulnerability |
| CVE-2025-21284 | Home windows Digital Trusted Platform Module Denial of Service Vulnerability |
| CVE-2025-21285 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21289 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21290 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21300 | Home windows upnphost.dll Denial of Service Vulnerability |
| CVE-2025-21313 | Home windows Safety Account Supervisor (SAM) Denial of Service Vulnerability |
| CVE-2025-21330 | Home windows Distant Desktop Providers Denial of Service Vulnerability |
| CVE-2025-21389 | Home windows upnphost.dll Denial of Service Vulnerability |
Safety Function Bypass (14 CVEs)
| Necessary severity | |
| CVE-2024-7344 | Cert CC: CVE-2024-7344 Howyar Taiwan Safe Boot Bypass |
| CVE-2025-21189 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21211 | Safe Boot Safety Function Bypass Vulnerability |
| CVE-2025-21213 | Safe Boot Safety Function Bypass Vulnerability |
| CVE-2025-21219 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21268 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21269 | Home windows HTML Platforms Safety Function Bypass Vulnerability |
| CVE-2025-21299 | Home windows Kerberos Safety Function Bypass Vulnerability |
| CVE-2025-21328 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21329 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21332 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21340 | Home windows Virtualization-Based mostly Safety (VBS) Safety Function Bypass Vulnerability |
| CVE-2025-21346 | Microsoft Workplace Safety Function Bypass Vulnerability |
| CVE-2025-21364 | Microsoft Excel Safety Function Bypass Vulnerability |
Spoofing (5 CVEs)
| Necessary severity | |
| CVE-2025-21193 | Energetic Listing Federation Server Spoofing Vulnerability |
| CVE-2025-21217 | Home windows Mark of the Net Spoofing Vulnerability |
| CVE-2025-21308 | Home windows Themes Spoofing Vulnerability |
| CVE-2025-21314 | Home windows SmartScreen Spoofing Vulnerability |
| CVE-2025-21393 | Microsoft SharePoint Server Spoofing Vulnerability |
Appendix B: Exploitability
This can be a checklist of the January CVEs judged by Microsoft to be both underneath exploitation within the wild or extra more likely to be exploited within the wild throughout the first 30 days post-release. The checklist is organized by CVE.
| Exploitation detected | |
| CVE-2025-21333 | Home windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| CVE-2025-21334 | Home windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| CVE-2025-21335 | Home windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| Exploitation extra doubtless throughout the subsequent 30 days | |
| CVE-2025-21189 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21210 | Home windows BitLocker Data Disclosure Vulnerability |
| CVE-2025-21219 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21268 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21269 | Home windows HTML Platforms Safety Function Bypass Vulnerability |
| CVE-2025-21292 | Home windows Search Service Elevation of Privilege Vulnerability |
| CVE-2025-21298 | Home windows OLE Distant Code Execution Vulnerability |
| CVE-2025-21299 | Home windows Kerberos Safety Function Bypass Vulnerability |
| CVE-2025-21309 | Home windows Distant Desktop Providers Distant Code Execution Vulnerability |
| CVE-2025-21314 | Home windows SmartScreen Spoofing Vulnerability |
| CVE-2025-21315 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-21328 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21329 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21354 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21362 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21364 | Microsoft Excel Safety Function Bypass Vulnerability |
| CVE-2025-21365 | Microsoft Workplace Distant Code Execution Vulnerability |
Appendix C: Merchandise Affected
This can be a checklist of January’s patches sorted by product household, then sub-sorted by severity. Every checklist is additional organized by CVE. Patches which might be shared amongst a number of product households are listed a number of instances, as soon as for every product household. Points affecting Home windows Server are additional sorted in Appendix E. Please word that Workplace for Mac has a standalone entry for CVE-2025-21361, which impacts solely that platform.
Home windows (132 CVEs)
| Crucial severity | |
| CVE-2025-21294 | Microsoft Digest Authentication Distant Code Execution Vulnerability |
| CVE-2025-21295 | SPNEGO Prolonged Negotiation (NEGOEX) Safety Mechanism Distant Code Execution Vulnerability |
| CVE-2025-21296 | BranchCache Distant Code Execution Vulnerability |
| CVE-2025-21297 | Home windows Distant Desktop Providers Distant Code Execution Vulnerability |
| CVE-2025-21298 | Home windows OLE Distant Code Execution Vulnerability |
| CVE-2025-21307 | Home windows Dependable Multicast Transport Driver (RMCAST) Distant Code Execution Vulnerability |
| CVE-2025-21309 | Home windows Distant Desktop Providers Distant Code Execution Vulnerability |
| CVE-2025-21311 | Home windows NTLM V1 Elevation of Privilege Vulnerability |
| Necessary severity | |
| CVE-2024-7344 | Cert CC: CVE-2024-7344 Howyar Taiwan Safe Boot Bypass |
| CVE-2025-21189 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21193 | Energetic Listing Federation Server Spoofing Vulnerability |
| CVE-2025-21202 | Home windows Restoration Setting Agent Elevation of Privilege Vulnerability |
| CVE-2025-21207 | Home windows Linked Gadgets Platform Service (Cdpsvc) Denial of Service Vulnerability |
| CVE-2025-21210 | Home windows BitLocker Data Disclosure Vulnerability |
| CVE-2025-21211 | Safe Boot Safety Function Bypass Vulnerability |
| CVE-2025-21213 | Safe Boot Safety Function Bypass Vulnerability |
| CVE-2025-21214 | Home windows BitLocker Data Disclosure Vulnerability |
| CVE-2025-21215 | Safe Boot Safety Function Bypass Vulnerability |
| CVE-2025-21217 | Home windows Mark of the Net Spoofing Vulnerability |
| CVE-2025-21218 | Home windows Kerberos Denial of Service Vulnerability |
| CVE-2025-21219 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21220 | Microsoft Message Queuing Data Disclosure Vulnerability |
| CVE-2025-21223 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21224 | Home windows Line Printer Daemon (LPD) Service Distant Code Execution Vulnerability |
| CVE-2025-21225 | Home windows Distant Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| CVE-2025-21226 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21227 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21228 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21229 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21230 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21231 | IP Helper Denial of Service Vulnerability |
| CVE-2025-21232 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21233 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21234 | Home windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-21235 | Home windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-21236 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21237 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21238 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21239 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21240 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21241 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21242 | Home windows Kerberos Data Disclosure Vulnerability |
| CVE-2025-21243 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21244 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21245 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21246 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21248 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21249 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21250 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21251 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21252 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21255 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21256 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21257 | Home windows WLAN AutoConfig Service Data Disclosure Vulnerability |
| CVE-2025-21258 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21260 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21261 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21263 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21265 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21266 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21268 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21269 | Home windows HTML Platforms Safety Function Bypass Vulnerability |
| CVE-2025-21270 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21271 | Home windows Cloud Information Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2025-21272 | Home windows COM Server Data Disclosure Vulnerability |
| CVE-2025-21273 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21274 | Home windows Occasion Tracing Denial of Service Vulnerability |
| CVE-2025-21275 | Home windows App Bundle Installer Elevation of Privilege Vulnerability |
| CVE-2025-21276 | Home windows MapUrlToZone Denial of Service Vulnerability |
| CVE-2025-21277 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21278 | Home windows Distant Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| CVE-2025-21280 | Home windows Digital Trusted Platform Module Denial of Service Vulnerability |
| CVE-2025-21281 | Microsoft COM for Home windows Elevation of Privilege Vulnerability |
| CVE-2025-21282 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21284 | Home windows Digital Trusted Platform Module Denial of Service Vulnerability |
| CVE-2025-21285 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21286 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21287 | Home windows Installer Elevation of Privilege Vulnerability |
| CVE-2025-21288 | Home windows COM Server Data Disclosure Vulnerability |
| CVE-2025-21289 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21290 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-21291 | Home windows Direct Present Distant Code Execution Vulnerability |
| CVE-2025-21292 | Home windows Search Service Elevation of Privilege Vulnerability |
| CVE-2025-21293 | Energetic Listing Area Providers Elevation of Privilege Vulnerability |
| CVE-2025-21299 | Home windows Kerberos Safety Function Bypass Vulnerability |
| CVE-2025-21300 | Home windows upnphost.dll Denial of Service Vulnerability |
| CVE-2025-21301 | Home windows Geolocation Service Data Disclosure Vulnerability |
| CVE-2025-21302 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21303 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21304 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2025-21305 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21306 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21308 | Home windows Themes Spoofing Vulnerability |
| CVE-2025-21310 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21312 | Home windows Good Card Reader Data Disclosure Vulnerability |
| CVE-2025-21313 | Home windows Safety Account Supervisor (SAM) Denial of Service Vulnerability |
| CVE-2025-21314 | Home windows SmartScreen Spoofing Vulnerability |
| CVE-2025-21315 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-21316 | Home windows Kernel Reminiscence Data Disclosure Vulnerability |
| CVE-2025-21317 | Home windows Kernel Reminiscence Data Disclosure Vulnerability |
| CVE-2025-21318 | Home windows Kernel Reminiscence Data Disclosure Vulnerability |
| CVE-2025-21319 | Home windows Kernel Reminiscence Data Disclosure Vulnerability |
| CVE-2025-21320 | Home windows Kernel Reminiscence Data Disclosure Vulnerability |
| CVE-2025-21321 | Home windows Kernel Reminiscence Data Disclosure Vulnerability |
| CVE-2025-21323 | Home windows Kernel Reminiscence Data Disclosure Vulnerability |
| CVE-2025-21324 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21326 | Web Explorer Distant Code Execution Vulnerability |
| CVE-2025-21327 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21328 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21329 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21330 | Home windows Distant Desktop Providers Denial of Service Vulnerability |
| CVE-2025-21331 | Home windows Installer Elevation of Privilege Vulnerability |
| CVE-2025-21332 | MapUrlToZone Safety Function Bypass Vulnerability |
| CVE-2025-21333 | Home windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| CVE-2025-21334 | Home windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| CVE-2025-21335 | Home windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| CVE-2025-21336 | Home windows Cryptographic Data Disclosure Vulnerability |
| CVE-2025-21338 | GDI+ Distant Code Execution Vulnerability |
| CVE-2025-21339 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21340 | Home windows Virtualization-Based mostly Safety (VBS) Safety Function Bypass Vulnerability |
| CVE-2025-21341 | Home windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-21343 | Home windows Net Risk Protection Person Service Data Disclosure Vulnerability |
| CVE-2025-21370 | Home windows Virtualization-Based mostly Safety (VBS) Enclave Elevation of Privilege Vulnerability |
| CVE-2025-21372 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-21374 | Home windows CSC Service Data Disclosure Vulnerability |
| CVE-2025-21378 | Home windows CSC Service Elevation of Privilege Vulnerability |
| CVE-2025-21382 | Home windows Graphics Part Elevation of Privilege Vulnerability |
| CVE-2025-21389 | Home windows upnphost.dll Denial of Service Vulnerability |
| CVE-2025-21409 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21411 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21413 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-21417 | Home windows Telephony Service Distant Code Execution Vulnerability |
365 (13 CVEs)
| Necessary severity | |
| CVE-2025-21186 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21345 | Microsoft Workplace Visio Distant Code Execution Vulnerability |
| CVE-2025-21346 | Microsoft Workplace Safety Function Bypass Vulnerability |
| CVE-2025-21354 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21356 | Microsoft Workplace Visio Distant Code Execution Vulnerability |
| CVE-2025-21357 | Microsoft Outlook Distant Code Execution Vulnerability |
| CVE-2025-21362 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21363 | Microsoft Phrase Distant Code Execution Vulnerability |
| CVE-2025-21364 | Microsoft Excel Safety Function Bypass Vulnerability |
| CVE-2025-21365 | Microsoft Workplace Distant Code Execution Vulnerability |
| CVE-2025-21366 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21395 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21402 | Microsoft Workplace OneNote Distant Code Execution Vulnerability |
Workplace (13 CVEs)
| Necessary severity | |
| CVE-2025-21186 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21338 | GDI+ Distant Code Execution Vulnerability |
| CVE-2025-21366 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21395 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21362 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21345 | Microsoft Workplace Visio Distant Code Execution Vulnerability |
| CVE-2025-21346 | Microsoft Workplace Safety Function Bypass Vulnerability |
| CVE-2025-21354 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-21356 | Microsoft Workplace Visio Distant Code Execution Vulnerability |
| CVE-2025-21363 | Microsoft Phrase Distant Code Execution Vulnerability |
| CVE-2025-21364 | Microsoft Excel Safety Function Bypass Vulnerability |
| CVE-2025-21365 | Microsoft Workplace Distant Code Execution Vulnerability |
| CVE-2025-21357 | Microsoft Outlook Distant Code Execution Vulnerability |
Visible Studio (7 CVEs)
| Crucial severity | |
| CVE-2025-21178 | Visible Studio Distant Code Execution Vulnerability |
| Necessary severity | |
| CVE-2024-50338 | GitHub: CVE-2024-50338 Malformed URL permits info disclosure by means of git-credential-manager |
| CVE-2025-21171 | .NET Distant Code Execution Vulnerability |
| CVE-2025-21172 | .NET and Visible Studio Distant Code Execution Vulnerability |
| CVE-2025-21173 | .NET Elevation of Privilege Vulnerability |
| CVE-2025-21176 | .NET, .NET Framework, and Visible Studio Distant Code Execution Vulnerability |
| CVE-2025-21405 | Visible Studio Elevation of Privilege Vulnerability |
.NET (4 CVEs)
| Necessary severity | |
| CVE-2025-21171 | .NET Distant Code Execution Vulnerability |
| CVE-2025-21172 | .NET and Visible Studio Distant Code Execution Vulnerability |
| CVE-2025-21173 | .NET Elevation of Privilege Vulnerability |
| CVE-2025-21176 | .NET, .NET Framework, and Visible Studio Distant Code Execution Vulnerability |
Entry (3 CVEs)
| Necessary severity | |
| CVE-2025-21186 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21366 | Microsoft Entry Distant Code Execution Vulnerability |
| CVE-2025-21395 | Microsoft Entry Distant Code Execution Vulnerability |
SharePoint (3 CVEs)
| Necessary severity | |
| CVE-2025-21344 | Microsoft SharePoint Server Distant Code Execution Vulnerability |
| CVE-2025-21348 | Microsoft SharePoint Server Distant Code Execution Vulnerability |
| CVE-2025-21393 | Microsoft SharePoint Server Spoofing Vulnerability |
Workplace for Mac (2 CVEs)
| Necessary severity | |
| CVE-2025-21338 | Microsoft Outlook Distant Code Execution Vulnerability |
| CVE-2025-21361 | GDI+ Distant Code Execution Vulnerability |
AutoUpdate for Mac (1 CVE)
| Necessary severity | |
| CVE-2025-21360 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
Excel (1 CVE)
| Necessary severity | |
| CVE-2025-21362 | Microsoft Excel Distant Code Execution Vulnerability |
Outlook (1 CVE)
| Necessary severity | |
| CVE-2025-21357 | Microsoft Outlook Distant Code Execution Vulnerability |
On-Premises Knowledge Gateway (1 CVE)
| Necessary severity | |
| CVE-2025-21403 | On-Premises Knowledge Gateway Data Disclosure Vulnerability |
Energy Automate (1 CVE)
| Necessary severity | |
| CVE-2025-21187 | Microsoft Energy Automate Distant Code Execution Vulnerability |
Appendix D: Advisories and Different Merchandise
This can be a checklist of advisories and knowledge on different related CVEs within the January launch. The problems addressed within the three CVEs have already been mitigated by Microsoft, however had been listed within the launch within the pursuits of transparency.
Microsoft info:
| CVE / identifier | Product | Title | ||
| ADV990001 | Newest Servicing Stack Updates | |||
| CVE-2025-21185 | Edge | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Elevation of Privilege | N/A |
| CVE-2025-21380 | Market SaaS | Azure Market SaaS Sources Data Disclosure Vulnerability | Data Disclosure | Crucial |
| CVE-2025-21385 | Purview | Microsoft Purview Data Disclosure Vulnerability | Data Disclosure | Crucial |
There aren’t any Adobe advisories on this month’s launch.
Appendix E: Affected Home windows Server variations
This can be a desk of CVEs within the January launch affecting 9 Home windows Server variations, 2008 by means of 2025. The desk differentiates amongst main variations of the platform however doesn’t go into deeper element (eg., Server Core). Crucial-severity points are marked in crimson; an “x” signifies that the CVE doesn’t apply to that model. Directors are inspired to make use of this appendix as a place to begin to determine their particular publicity, as every reader’s scenario, particularly because it considerations merchandise out of mainstream assist, will range. For particular Data Base numbers, please seek the advice of Microsoft.
| 2008 | 2008-R2 | 2012 | 2012-R2 | 2016 | 2019 | 2022 | 2022 23H2 | 2025 | |
| CVE-2024-7344 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21189 | × | × | × | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21193 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21202 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21207 | × | × | × | × | × | ■ | ■ | ■ | ■ |
| CVE-2025-21210 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21211 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21213 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21214 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21215 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21217 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21218 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21219 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21220 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21223 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21224 | × | × | × | × | × | × | ■ | ■ | ■ |
| CVE-2025-21225 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21226 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21227 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21228 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21229 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21230 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21231 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21232 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21233 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21234 | × | × | × | × | × | × | ■ | ■ | ■ |
| CVE-2025-21235 | × | × | × | × | × | × | ■ | ■ | ■ |
| CVE-2025-21236 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21237 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21238 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21239 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21240 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21241 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21242 | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21243 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21244 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21245 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21246 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21248 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21249 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21250 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21251 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21252 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21255 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21256 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21257 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21258 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21260 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21261 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21263 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21265 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21266 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21268 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21269 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21270 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21271 | × | × | × | × | × | ■ | ■ | × | × |
| CVE-2025-21272 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21273 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21274 | × | × | × | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21275 | × | × | × | × | × | × | ■ | ■ | ■ |
| CVE-2025-21276 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21277 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21278 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21280 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21281 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21282 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21284 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21285 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21286 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21287 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21288 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21289 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21290 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21291 | × | × | × | × | × | ■ | ■ | ■ | × |
| CVE-2025-21292 | × | × | × | × | × | ■ | ■ | ■ | ■ |
| CVE-2025-21293 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21294 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21295 | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21296 | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21297 | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21298 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21299 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21300 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21301 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21302 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21303 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21304 | × | × | × | × | ■ | ■ | × | × | × |
| CVE-2025-21305 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21306 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21307 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21308 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21309 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21310 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21311 | × | × | × | × | × | × | × | ■ | ■ |
| CVE-2025-21312 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | × |
| CVE-2025-21313 | × | × | × | × | × | × | × | ■ | ■ |
| CVE-2025-21314 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21315 | × | × | × | × | × | × | × | ■ | ■ |
| CVE-2025-21316 | × | × | × | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21317 | × | × | × | × | × | × | ■ | ■ | ■ |
| CVE-2025-21318 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21319 | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21320 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21321 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21323 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21324 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21326 | × | × | × | × | × | × | × | ■ | ■ |
| CVE-2025-21327 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21328 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21329 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21330 | × | × | × | × | × | ■ | ■ | ■ | ■ |
| CVE-2025-21331 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | × |
| CVE-2025-21332 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21333 | × | × | × | × | × | × | × | ■ | ■ |
| CVE-2025-21334 | × | × | × | × | × | × | × | ■ | ■ |
| CVE-2025-21335 | × | × | × | × | × | × | × | ■ | ■ |
| CVE-2025-21336 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21338 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21339 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21340 | × | × | × | × | × | ■ | ■ | ■ | ■ |
| CVE-2025-21341 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21343 | × | × | × | × | × | × | × | × | × |
| CVE-2025-21370 | × | × | × | × | × | × | × | × | × |
| CVE-2025-21372 | × | × | × | × | × | × | × | ■ | ■ |
| CVE-2025-21374 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21378 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21382 | × | × | × | × | × | ■ | ■ | ■ | ■ |
| CVE-2025-21389 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21409 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21411 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21413 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21417 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
