| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a through <= 2.0.7. |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Case-Themes Booked booked allows Authentication Abuse.This issue affects Booked: from n/a through <= 3.0.0. |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in ahachat AhaChat Messenger Marketing ahachat-messenger-marketing allows Password Recovery Exploitation.This issue affects AhaChat Messenger Marketing: from n/a through <= 1.1. |
| Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release. |
| Azure Bot Service Elevation of Privilege Vulnerability |
| Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability |
| Azure Networking Elevation of Privilege Vulnerability |
| Azure Entra ID Elevation of Privilege Vulnerability |
| Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. |
| SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks.
The SMB Server already supports mechanisms for hardening against relay attacks:
SMB Server signing
SMB Server Extended Protection for Authentication (EPA)
Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks.
If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks:
Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server Hardening—SMB Server Signing & SMB Server EPA.
Adopt appropriate SMB Server hardening measures. |
| Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. |
| Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network. |
| Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally. |
| Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally. |
| Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally. |
| Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally. |
| Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. |
| Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally. |
| Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. |
| Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network. |
