Microsoft has released its September 2025 Patch Tuesday security updates, addressing a total of 81 vulnerabilities, including two publicly disclosed zero-day flaws. The updates also include fixes for nine critical vulnerabilities, encompassing remote code execution, information disclosure, and elevation of privilege issues.

The vulnerabilities fixed in this Patch Tuesday are categorized as follows:

  • 41 Elevation of Privilege Vulnerabilities
  • 2 Security Feature Bypass Vulnerabilities
  • 22 Remote Code Execution Vulnerabilities
  • 16 Information Disclosure Vulnerabilities
  • 3 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerability

It’s important to note that the count of 81 vulnerabilities includes only those released on Patch Tuesday. It does not encompass the three Azure, one Dynamics 365 FastTrack Implementation Assets, two Mariner, five Microsoft Edge, and one Xbox vulnerabilities that were addressed earlier in September.

You Might Also Like
Roblox Sentinel AI targets child exploitation
Roblox Sentinel AI targets child exploitation
iOS 18 Beta 5
Everything new in iOS 18 Beta 5: What’s Apple cooking?
Today, we are covering Twitter Bitmoji integration that is in testing that will allow users to display their Bitmoji character as their Twitter profile image.
Twitter is testing out Bitmoji integration

This month’s Patch Tuesday addresses two publicly disclosed zero-day vulnerabilities:

  • CVE-2025-55234 – Windows SMB Elevation of Privilege Vulnerability: This flaw in SMB Server can be exploited through relay attacks, allowing attackers to perform elevation of privilege attacks. Microsoft explains that “SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks.” Windows includes settings to mitigate this, such as enabling SMB Server Signing and SMB Server Extended Protection for Authentication (EPA). However, Microsoft acknowledges that enabling these features could cause compatibility issues with older devices. Administers are advised to enable auditing on SMB servers to assess potential issues before fully enforcing these hardening features. “As part of the Windows updates released on and after September 9, 2025 (CVE-2025-55234), support is enabled for auditing SMB client compatibility for SMB Server signing as well as SMB Server EPA,” Microsoft stated. The source and researchers of this vulnerability remain unacknowledged.
  • CVE-2024-21907 – VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json: This vulnerability, present in Newtonsoft.Json within Microsoft SQL Server, involves mishandling of exceptional conditions. Microsoft states, “CVE-2024-21907 addresses a mishandling of exceptional conditions vulnerability in Newtonsoft.Json before version 13.0.1. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.” The SQL Server updates incorporate updates in Newtonsoft.Json to address this issue, which was publicly disclosed in 2024.

Several other vendors have also released security updates and advisories in September 2025:

  • Adobe: Released security updates for a “SessionReaper” flaw impacting Magento eCommerce stores.
  • Argo: Fixed an Argo CD vulnerability enabling low-privileged API tokens to access API endpoints and retrieve all repository credentials associated with the project.
  • Cisco: Released patches for WebEx, Cisco ASA, and other products.
  • Google: Released the September Android security updates addressing 84 vulnerabilities, including two actively exploited flaws.
  • SAP: Released September security updates for multiple products, including a fix for a maximum severity command execution bug in Netweaver.
  • Sitecore: Released security updates for a zero-day vulnerability tracked as CVE-2025-53690 that was actively exploited in attacks.
  • TP-Link: Confirmed a new zero-day exists in some of its routers, with the company exploring its exploitability and creating patches for US customers.

The following is a comprehensive list of the resolved vulnerabilities in the Microsoft September 2025 Patch Tuesday updates:

  • Azure – Networking | CVE-2025-54914 | Azure Networking Elevation of Privilege Vulnerability | Critical
  • Azure Arc | CVE-2025-55316 | Azure Arc Elevation of Privilege Vulnerability | Important
  • Azure Bot Service | CVE-2025-55244 | Azure Bot Service Elevation of Privilege Vulnerability | Critical
  • Azure Entra | CVE-2025-55241 | Azure Entra Elevation of Privilege Vulnerability | Critical
  • Azure Windows Virtual Machine Agent | CVE-2025-49692 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | Important
  • Capability Access Management Service (camsvc) | CVE-2025-54108 | Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability | Important
  • Dynamics 365 FastTrack Implementation Assets | CVE-2025-55238 | Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability | Critical
  • Graphics Kernel | CVE-2025-55236 | Graphics Kernel Remote Code Execution Vulnerability | Critical
  • Graphics Kernel | CVE-2025-55223 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important
  • Graphics Kernel | CVE-2025-55226 | Graphics Kernel Remote Code Execution Vulnerability | Critical
  • Microsoft AutoUpdate (MAU) | CVE-2025-55317 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Important
  • Microsoft Brokering File System | CVE-2025-54105 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important
  • Microsoft Edge (Chromium-based) | CVE-2025-9866 | Chromium: CVE-2025-9866 Inappropriate implementation in Extensions | Unknown
  • Microsoft Edge (Chromium-based) | CVE-2025-9867 | Chromium: CVE-2025-9867 Inappropriate implementation in Downloads | Unknown
  • Microsoft Edge (Chromium-based) | CVE-2025-53791 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | Moderate
  • Microsoft Edge (Chromium-based) | CVE-2025-9864 | Chromium: CVE-2025-9864 Use after free in V8 | Unknown
  • Microsoft Edge (Chromium-based) | CVE-2025-9865 | Chromium: CVE-2025-9865 Inappropriate implementation in Toolbar | Unknown
  • Microsoft Graphics Component | CVE-2025-53807 | Windows Graphics Component Elevation of Privilege Vulnerability | Important
  • Microsoft Graphics Component | CVE-2025-53800 | Windows Graphics Component Elevation of Privilege Vulnerability | Critical
  • Microsoft High Performance Compute Pack (HPC) | CVE-2025-55232 | Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability | Important
  • Microsoft Office | CVE-2025-54910 | Microsoft Office Remote Code Execution Vulnerability | Critical
  • Microsoft Office | CVE-2025-55243 | Microsoft OfficePlus Spoofing Vulnerability | Important
  • Microsoft Office | CVE-2025-54906 | Microsoft Office Remote Code Execution Vulnerability | Important
  • Microsoft Office Excel | CVE-2025-54902 | Microsoft Excel Remote Code Execution Vulnerability | Important
  • Microsoft Office Excel | CVE-2025-54899 | Microsoft Excel Remote Code Execution Vulnerability | Important
  • Microsoft Office Excel | CVE-2025-54904 | Microsoft Excel Remote Code Execution Vulnerability | Important
  • Microsoft Office Excel | CVE-2025-54903 | Microsoft Excel Remote Code Execution Vulnerability | Important
  • Microsoft Office Excel | CVE-2025-54898 | Microsoft Excel Remote Code Execution Vulnerability | Important
  • Microsoft Office Excel | CVE-2025-54896 | Microsoft Excel Remote Code Execution Vulnerability | Important
  • Microsoft Office Excel | CVE-2025-54900 | Microsoft Excel Remote Code Execution Vulnerability | Important
  • Microsoft Office Excel | CVE-2025-54901 | Microsoft Excel Information Disclosure Vulnerability | Important
  • Microsoft Office PowerPoint | CVE-2025-54908 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important
  • Microsoft Office SharePoint | CVE-2025-54897 | Microsoft SharePoint Remote Code Execution Vulnerability | Important
  • Microsoft Office Visio | CVE-2025-54907 | Microsoft Office Visio Remote Code Execution Vulnerability | Important
  • Microsoft Office Word | CVE-2025-54905 | Microsoft Word Information Disclosure Vulnerability | Important
  • Microsoft Virtual Hard Drive | CVE-2025-54112 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | Important
  • Role: Windows Hyper-V | CVE-2025-54092 | Windows Hyper-V Elevation of Privilege Vulnerability | Important
  • Role: Windows Hyper-V | CVE-2025-54091 | Windows Hyper-V Elevation of Privilege Vulnerability | Important
  • Role: Windows Hyper-V | CVE-2025-54115 | Windows Hyper-V Elevation of Privilege Vulnerability | Important
  • Role: Windows Hyper-V | CVE-2025-54098 | Windows Hyper-V Elevation of Privilege Vulnerability | Important
  • SQL Server | CVE-2025-47997 | Microsoft SQL Server Information Disclosure Vulnerability | Important
  • SQL Server | CVE-2025-55227 | Microsoft SQL Server Elevation of Privilege Vulnerability | Important
  • SQL Server | CVE-2024-21907 | VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json | Unknown
  • Windows Ancillary Function Driver for WinSock | CVE-2025-54099 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important
  • Windows BitLocker | CVE-2025-54911 | Windows BitLocker Elevation of Privilege Vulnerability | Important
  • Windows BitLocker | CVE-2025-54912 | Windows BitLocker Elevation of Privilege Vulnerability | Important
  • Windows Bluetooth Service | CVE-2025-53802 | Windows Bluetooth Service Elevation of Privilege Vulnerability | Important
  • Windows Connected Devices Platform Service | CVE-2025-54102 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | Important
  • Windows Connected Devices Platform Service | CVE-2025-54114 | Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability | Important
  • Windows Defender Firewall Service | CVE-2025-53810 | Windows Defender Firewall Service Elevation of Privilege Vulnerability | Important
  • Windows Defender Firewall Service | CVE-2025-53808 | Windows Defender Firewall Service Elevation of Privilege Vulnerability | Important
  • Windows Defender Firewall Service | CVE-2025-54094 | Windows Defender Firewall Service Elevation of Privilege Vulnerability | Important
  • Windows Defender Firewall Service | CVE-2025-54915 | Windows Defender Firewall Service Elevation of Privilege Vulnerability | Important
  • Windows Defender Firewall Service | CVE-2025-54109 | Windows Defender Firewall Service Elevation of Privilege Vulnerability | Important
  • Windows Defender Firewall Service | CVE-2025-54104 | Windows Defender Firewall Service Elevation of Privilege Vulnerability | Important
  • Windows DWM | CVE-2025-53801 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Important
  • Windows Imaging Component | CVE-2025-53799 | Windows Imaging Component Information Disclosure Vulnerability | Critical
  • Windows Internet Information Services | CVE-2025-53805 | HTTP.sys Denial of Service Vulnerability | Important
  • Windows Kernel | CVE-2025-53803 | Windows Kernel Memory Information Disclosure Vulnerability | Important
  • Windows Kernel | CVE-2025-53804 | Windows Kernel-Mode Driver Information Disclosure Vulnerability | Important
  • Windows Kernel | CVE-2025-54110 | Windows Kernel Elevation of Privilege Vulnerability | Important
  • Windows Local Security Authority Subsystem Service (LSASS) | CVE-2025-54894 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | Important
  • Windows Local Security Authority Subsystem Service (LSASS) | CVE-2025-53809 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | Important
  • Windows Management Services | CVE-2025-54103 | Windows Management Service Elevation of Privilege Vulnerability | Important
  • Windows MapUrlToZone | CVE-2025-54107 | MapUrlToZone Security Feature Bypass Vulnerability | Important
  • Windows MapUrlToZone | CVE-2025-54917 | MapUrlToZone Security Feature Bypass Vulnerability | Important
  • Windows MultiPoint Services | CVE-2025-54116 | Windows MultiPoint Services Elevation of Privilege Vulnerability | Important
  • Windows NTFS | CVE-2025-54916 | Windows NTFS Remote Code Execution Vulnerability | Important
  • Windows NTLM | CVE-2025-54918 | Windows NTLM Elevation of Privilege Vulnerability | Critical
  • Windows PowerShell | CVE-2025-49734 | PowerShell Direct Elevation of Privilege Vulnerability | Important
  • Windows Routing and Remote Access Service (RRAS) | CVE-2025-54095 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important
  • Windows Routing and Remote Access Service (RRAS) | CVE-2025-54096 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important
  • Windows Routing and Remote Access Service (RRAS) | CVE-2025-53797 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important
  • Windows Routing and Remote Access Service (RRAS) | CVE-2025-53796 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important
  • Windows Routing and Remote Access Service (RRAS) | CVE-2025-54106 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important
  • Windows Routing and Remote Access Service (RRAS) | CVE-2025-54097 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important
  • Windows Routing and Remote Access Service (RRAS) | CVE-2025-53798 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important
  • Windows Routing and Remote Access Service (RRAS) | CVE-2025-54113 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important
  • Windows Routing and Remote Access Service (RRAS) | CVE-2025-55225 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important
  • Windows Routing and Remote Access Service (RRAS) | CVE-2025-53806 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important
  • Windows SMB | CVE-2025-55234 | Windows SMB Elevation of Privilege Vulnerability | Important
  • Windows SMBv3 Client | CVE-2025-54101 | Windows SMB Client Remote Code Execution Vulnerability | Important
  • Windows SPNEGO Extended Negotiation | CVE-2025-54895 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege Vulnerability | Important
  • Windows TCP/IP | CVE-2025-54093 | Windows TCP/IP Driver Elevation of Privilege Vulnerability | Important
  • Windows UI XAML Maps MapControlSettings | CVE-2025-54913 | Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability | Important
  • Windows UI XAML Phone DatePickerFlyout | CVE-2025-54111 | Windows UI XAML Phone DatePickerFlyout Elevation of Privilege Vulnerability | Important
  • Windows Win32K – GRFX | CVE-2025-55224 | Windows Hyper-V Remote Code Execution Vulnerability | Critical
  • Windows Win32K – GRFX | CVE-2025-55228 | Windows Graphics Component Remote Code Execution Vulnerability | Critical
  • Windows Win32K – GRFX | CVE-2025-54919 | Windows Graphics Component Remote Code Execution Vulnerability | Important
  • Xbox | CVE-2025-55242 | Xbox Certification Bug Copilot Djando Information Disclosure Vulnerability | Critical
  • XBox Gaming Services | CVE-2025-55245 | Xbox Gaming Services Elevation of Privilege Vulnerability | Important