Back to overview

Threat intelligence

Microsoft Security Bulletin Coverage for November 2025

by Security News

Overview

Microsoft’s November 2025 Patch Tuesday has 63 vulnerabilities, of which 29 are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of November 2025 and has produced coverage for 5 of the reported vulnerabilities

Vulnerabilities with Detections

CVE

CVE Title

Signature

CVE-2025-59512Customer Experience Improvement Program (CEIP) Elevation of Privilege VulnerabilityASPY 7144 Malformed-reg reg.MP_1
CVE-2025-60705Windows Client-Side Caching Elevation of Privilege VulnerabilityIPS 21637 Windows Client-Side Caching Privilege Escalation (CVE-2025-60705)
CVE-2025-60719Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityASPY 7145 Exploit-exe exe.MP_477
CVE-2025-62213Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityASPY 658 Exploit-exe exe.MP_479
CVE-2025-62215Windows Kernel Elevation of Privilege VulnerabilityASPY 657 Exploit-exe exe.MP_478

Release Breakdown

The vulnerabilities can be classified into the following categories:

 

Nov_2025_chart_impact_1.png

 

Nov_2025_chart_severity_2.png

For November, there are 5 critical and 58 important vulnerabilities.

 

Nov_2025_Vul_count_3.png

 

Nov_2025_chart_expl_dis_4.png

Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month. The above chart displays these metrics as seen each month.

 

Nov_2025_chart_expl_assesment_5.png

Release Detailed Breakdown

Denial of Service Vulnerabilities

CVECVE Title
CVE-2025-59510Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability
CVE-2025-60708Storvsp.sys Driver Denial of Service Vulnerability
CVE-2025-60723DirectX Graphics Kernel Denial of Service Vulnerability

Elevation of Privilege Vulnerabilities

CVECVE Title
CVE-2025-47179Configuration Manager Elevation of Privilege Vulnerability
CVE-2025-59499Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2025-59505Windows Smart Card Reader Elevation of Privilege Vulnerability
CVE-2025-59506DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2025-59507Windows Speech Runtime Elevation of Privilege Vulnerability
CVE-2025-59508Windows Speech Recognition Elevation of Privilege Vulnerability
CVE-2025-59511Windows WLAN Service Elevation of Privilege Vulnerability
CVE-2025-59512Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability
CVE-2025-59514Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
CVE-2025-59515Windows Broadcast DVR User Service Elevation of Privilege Vulnerability
CVE-2025-60703Windows Remote Desktop Services Elevation of Privilege Vulnerability
CVE-2025-60704Windows Kerberos Elevation of Privilege Vulnerability
CVE-2025-60705Windows Client-Side Caching Elevation of Privilege Vulnerability
CVE-2025-60707Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability
CVE-2025-60709Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2025-60710Host Process for Windows Tasks Elevation of Privilege Vulnerability
CVE-2025-60713Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
CVE-2025-60716DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2025-60717Windows Broadcast DVR User Service Elevation of Privilege Vulnerability
CVE-2025-60718Windows Administrator Protection Elevation of Privilege Vulnerability
CVE-2025-60719Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-60720Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability
CVE-2025-60721Windows Administrator Protection Elevation of Privilege Vulnerability
CVE-2025-60722Microsoft OneDrive for Android Elevation of Privilege Vulnerability
CVE-2025-62213Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-62215Windows Kernel Elevation of Privilege Vulnerability
CVE-2025-62217Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-62218Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability
CVE-2025-62219Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability

Information Disclosure Vulnerabilities

CVECVE Title
CVE-2025-30398Nuance PowerScribe 360 Information Disclosure Vulnerability
CVE-2025-59240Microsoft Excel Information Disclosure Vulnerability
CVE-2025-59509Windows Speech Recognition Information Disclosure Vulnerability
CVE-2025-59513Windows Bluetooth RFCOM Protocol Driver Information Disclosure Vulnerability
CVE-2025-60706Windows Hyper-V Information Disclosure Vulnerability
CVE-2025-60726Microsoft Excel Information Disclosure Vulnerability
CVE-2025-60728Microsoft Excel Information Disclosure Vulnerability
CVE-2025-62201Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-62202Microsoft Excel Information Disclosure Vulnerability
CVE-2025-62206Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVE-2025-62208Windows License Manager Information Disclosure Vulnerability
CVE-2025-62209Windows License Manager Information Disclosure Vulnerability

Remote Code Execution Vulnerabilities

CVECVE Title
CVE-2025-59504Azure Monitor Agent Remote Code Execution Vulnerability
CVE-2025-60714Windows OLE Remote Code Execution Vulnerability
CVE-2025-60715Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-60724GDI+ Remote Code Execution Vulnerability
CVE-2025-60727Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-62199Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62200Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-62203Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-62204Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2025-62205Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62214Visual Studio Remote Code Execution Vulnerability
CVE-2025-62216Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62220Windows Subsystem for Linux GUI Remote Code Execution Vulnerability
CVE-2025-62222Agentic AI and Visual Studio Code Remote Code Execution Vulnerability
CVE-2025-62452Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Security Feature Bypass Vulnerabilities

CVECVE Title
CVE-2025-62449Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability
CVE-2025-62453GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability

Spoofing Vulnerabilities

CVECVE Title
CVE-2025-62210Dynamics 365 Field Service (online) Spoofing Vulnerability
CVE-2025-62211Dynamics 365 Field Service (online) Spoofing Vulnerability

 

 

Share This Article

An Article By

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.

Related Articles

  • Nested Deserialization to RCE in Adobe Commerce & Magento (CVE-2025-54236)
    Read More
  • Command Injection in HuangDou UTCMS (CVE-2024-9916) Enables RCE
    Read More