CVE-2025-24036: Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

CVE-2023-32002: HackerOne: CVE-2023-32002 Node.js `Module._load()` policy Remote Code Execution Vulnerability

CVE-2025-21259: Microsoft Outlook Spoofing Vulnerability

CVE-2025-24039: Visual Studio Code Elevation of Privilege Vulnerability

CVE-2025-21406: Windows Telephony Service Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?**

An authorized attacker with standard user privileges could place a malicious file on the machine running Visual Studio Code and then wait for the privileged victim to use certain JavaScript debugger functionality.

Headline

CVE-2025-24042: Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability

Microsoft Security Response Center: Latest News