Back to overview

Threat intelligence

Microsoft Security Bulletin Coverage for September 2025

by Security News

Overview

Microsoft’s September 2025 Patch Tuesday has 81 vulnerabilities, of which 38 are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of September 2025 and has produced coverage for seven of the reported vulnerabilities. 

Vulnerabilities with Detections

CVECVE TitleSignature 
CVE-2025-53803 Windows Kernel Memory Information Disclosure Vulnerability ASPY 7116 Malformed-ps1 ps1.MP_2 
CVE-2025-53804 Windows Kernel-Mode Driver Information Disclosure Vulnerability ASPY 7117 Malformed-ps1 ps1.MP_3 
CVE-2025-54093 Windows TCP/IP Driver Elevation of Privilege Vulnerability ASPY 7118 Exploit-exe exe.MP_463 
CVE-2025-54098 Windows Hyper-V Elevation of Privilege Vulnerability ASPY 7119 Exploit-exe exe.MP_464 
CVE-2025-54110 Windows Kernel Elevation of Privilege Vulnerability ASPY 649 Exploit-exe exe.MP_465 
CVE-2025-54916 Windows NTFS Remote Code Execution Vulnerability ASPY 650 Exploit-exe exe.MP_466 
CVE-2025-54918 Windows NTLM Elevation of Privilege Vulnerability ASPY 4602 Windows NTLM Privilege Escalation (CVE-2025-54918) 

Release Breakdown

The vulnerabilities can be classified into the following categories:

Sep_impact_1.png

 

Sep_severity_2.png

For September, there are 10 critical and 71 important vulnerabilities. 

 

Sep_Vul_count_3.png

 

Sep_expl_dis_4.png

Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month. The above chart displays these metrics as seen each month. 

 

Sep_assesment_5.png

Release Detailed Breakdown

Denial of Service Vulnerabilities 
CVE CVE Title 
CVE-2025-53805 HTTP.sys Denial of Service Vulnerability 
CVE-2025-53809 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability 
CVE-2025-54114 Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability 
Elevation of Privilege Vulnerabilities 
CVE CVE Title 
CVE-2025-49692 Azure Connected Machine Agent Elevation of Privilege Vulnerability 
CVE-2025-49734 PowerShell Direct Elevation of Privilege Vulnerability 
CVE-2025-53800 Windows Graphics Component Elevation of Privilege Vulnerability 
CVE-2025-53801 Microsoft DWM Core Library Elevation of Privilege Vulnerability 
CVE-2025-53802 Windows Bluetooth Service Elevation of Privilege Vulnerability 
CVE-2025-53807 Windows Graphics Component Elevation of Privilege Vulnerability 
CVE-2025-53808 Windows Defender Firewall Service Elevation of Privilege Vulnerability 
CVE-2025-53810 Windows Defender Firewall Service Elevation of Privilege Vulnerability 
CVE-2025-54091 Windows Hyper-V Elevation of Privilege Vulnerability 
CVE-2025-54092 Windows Hyper-V Elevation of Privilege Vulnerability 
CVE-2025-54093 Windows TCP/IP Driver Elevation of Privilege Vulnerability 
CVE-2025-54094 Windows Defender Firewall Service Elevation of Privilege Vulnerability 
CVE-2025-54098 Windows Hyper-V Elevation of Privilege Vulnerability 
CVE-2025-54099 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 
CVE-2025-54102 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability 
CVE-2025-54103 Windows Management Service Elevation of Privilege Vulnerability 
CVE-2025-54104 Windows Defender Firewall Service Elevation of Privilege Vulnerability 
CVE-2025-54105 Microsoft Brokering File System Elevation of Privilege Vulnerability 
CVE-2025-54108 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability 
CVE-2025-54109 Windows Defender Firewall Service Elevation of Privilege Vulnerability 
CVE-2025-54110 Windows Kernel Elevation of Privilege Vulnerability 
CVE-2025-54111 Windows UI XAML Phone DatePickerFlyout Elevation of Privilege Vulnerability 
CVE-2025-54112 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability 
CVE-2025-54115 Windows Hyper-V Elevation of Privilege Vulnerability 
CVE-2025-54116 Windows MultiPoint Services Elevation of Privilege Vulnerability 
CVE-2025-54894 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability 
CVE-2025-54895 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege Vulnerability 
CVE-2025-54911 Windows BitLocker Elevation of Privilege Vulnerability 
CVE-2025-54912 Windows BitLocker Elevation of Privilege Vulnerability 
CVE-2025-54913 Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability 
CVE-2025-54915 Windows Defender Firewall Service Elevation of Privilege Vulnerability 
CVE-2025-54918 Windows NTLM Elevation of Privilege Vulnerability 
CVE-2025-55223 DirectX Graphics Kernel Elevation of Privilege Vulnerability 
CVE-2025-55227 Microsoft SQL Server Elevation of Privilege Vulnerability 
CVE-2025-55234 Windows SMB Elevation of Privilege Vulnerability 
CVE-2025-55245 Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability 
CVE-2025-55316 Azure Arc Elevation of Privilege Vulnerability 
CVE-2025-55317 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability 
Information Disclosure Vulnerabilities 
CVE CVE Title 
CVE-2025-30398 Nuance PowerScribe 360 Information Disclosure Vulnerability 
CVE-2025-47997 Microsoft SQL Server Information Disclosure Vulnerability 
CVE-2025-53796 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability 
CVE-2025-53797 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability 
CVE-2025-53798 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability 
CVE-2025-53799 Windows Imaging Component Information Disclosure Vulnerability 
CVE-2025-53803 Windows Kernel Memory Information Disclosure Vulnerability 
CVE-2025-53804 Windows Kernel-Mode Driver Information Disclosure Vulnerability 
CVE-2025-53806 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability 
CVE-2025-54095 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability 
CVE-2025-54096 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability 
CVE-2025-54097 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability 
CVE-2025-54901 Microsoft Excel Information Disclosure Vulnerability 
CVE-2025-54905 Microsoft Word Information Disclosure Vulnerability 
CVE-2025-55225 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability 
Remote Code Execution Vulnerabilities 
CVE CVE Title 
CVE-2025-54101 Windows SMB Client Remote Code Execution Vulnerability 
CVE-2025-54106 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 
CVE-2025-54113 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 
CVE-2025-54896 Microsoft Excel Remote Code Execution Vulnerability 
CVE-2025-54897 Microsoft SharePoint Remote Code Execution Vulnerability 
CVE-2025-54898 Microsoft Excel Remote Code Execution Vulnerability 
CVE-2025-54899 Microsoft Excel Remote Code Execution Vulnerability 
CVE-2025-54900 Microsoft Excel Remote Code Execution Vulnerability 
CVE-2025-54902 Microsoft Excel Remote Code Execution Vulnerability 
CVE-2025-54903 Microsoft Excel Remote Code Execution Vulnerability 
CVE-2025-54904 Microsoft Excel Remote Code Execution Vulnerability 
CVE-2025-54906 Microsoft Office Remote Code Execution Vulnerability 
CVE-2025-54907 Microsoft Office Visio Remote Code Execution Vulnerability 
CVE-2025-54908 Microsoft PowerPoint Remote Code Execution Vulnerability 
CVE-2025-54910 Microsoft Office Remote Code Execution Vulnerability 
CVE-2025-54916 Windows NTFS Remote Code Execution Vulnerability 
CVE-2025-54919 Windows Graphics Component Remote Code Execution Vulnerability 
CVE-2025-55224 Windows Hyper-V Remote Code Execution Vulnerability 
CVE-2025-55226 Graphics Kernel Remote Code Execution Vulnerability 
CVE-2025-55228 Windows Graphics Component Remote Code Execution Vulnerability 
CVE-2025-55232 Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability 
CVE-2025-55236 Graphics Kernel Remote Code Execution Vulnerability 
Security Feature Bypass Vulnerabilities 
CVE CVE Title 
CVE-2025-54107 MapUrlToZone Security Feature Bypass Vulnerability 
CVE-2025-54917 MapUrlToZone Security Feature Bypass Vulnerability 
Spoofing Vulnerability 
CVE CVE Title 
CVE-2025-55243 Microsoft OfficePlus Spoofing Vulnerability 

Share This Article

An Article By

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.

Related Articles

  • Apache NiFi Code Injection (CVE-2023-34468)
    Read More
  • LummaC Attacks Directly and Indirectly
    Read More