CVE-2025-21376: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVE-2025-21375: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

CVE-2025-21369: Microsoft Digest Authentication Remote Code Execution Vulnerability

CVE-2025-21383: Microsoft Excel Information Disclosure Vulnerability

CVE-2025-21379: DHCP Client Service Remote Code Execution Vulnerability

**According to the CVSS metric, Integrity (I:L) is Low. What does that mean for this vulnerability?**

An attacker's message can inherit the sender's email address from another message in the UI. The attacker cannot control which message it inherits from. This issue occurs exclusively for messages in the Junk folder, as it is the only folder where the app displays the sender's email address. The attacker cannot affect confidentiality or availability.

Headline

CVE-2025-21259: Microsoft Outlook Spoofing Vulnerability

Microsoft Security Response Center: Latest News