Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days
Today is Microsoft’s September 2025 Patch Tuesday, which includes security updates for 81 flaws, including two publicly disclosed zero-day vulnerabilities.
This Patch Tuesday also fixes nine “Critical” vulnerabilities, five of which are remote code execution vulnerabilities, 1 is information disclosure, and 2 are elevation of privileges.
The number of bugs in each vulnerability category is listed below:
- 41 Elevation of Privilege Vulnerabilities
- 2 Security Feature Bypass Vulnerabilities
- 22 Remote Code Execution Vulnerabilities
- 16 Information Disclosure Vulnerabilities
- 3 Denial of Service Vulnerabilities
- 1 Spoofing Vulnerabilities
When GeekFeed reports on the Patch Tuesday security updates, we only count those released on Patch Tuesday.
Therefore, the number of flaws does not include three Azure, one Dynamics 365 FastTrack Implementation Assets, two Mariner, five Microsoft Edge, and 1 Xbox vulnerabilities fixed earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5065426 & KB5065431 cumulative updates and the Windows 10 KB5065429 update.
Two publicly disclosed zero-days fixed
This month’s Patch Tuesday fixes two publicly disclosed zero-day flaws in Windows SMB Server and Microsoft SQL Server. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available.
The two publicly disclosed zero-days are:
CVE-2025-55234 – Windows SMB Elevation of Privilege Vulnerability
Microsoft fixed an elevation of privileges flaw in SMB Server that is exploited through relay attacks.
“SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks,” explains Microsoft.
Microsoft says that Windows already includes settings to harden the SMB Server against relay attacks, including enabling SMB Server Signing and SMB Server Extended Protection for Authentication (EPA).
However, enabling these features could cause compatibility issues with older devices and implementations.
Microsoft recommends that admins enable auditing on SMB servers to determine if they will encounter any issues when those hardening features are fully enforced.
“As part of the Windows updates released on and after September 9, 2025 (CVE-2025-55234), support is enabled for auditing SMB client compatibility for SMB Server signing as well as SMB Server EPA,” explains Microsoft.
Microsoft has not attributed the flaw to any researchers, and it is unclear where it was disclosed.
CVE-2024-21907 – VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json
Microsoft has fixed a previously known vulnerability in Newtonsoft.Json that is included as part of Microsoft SQL Server.
“CVE-2024-21907 addresses a mishandling of exceptional conditions vulnerability in Newtonsoft.Json before version 13.0.1,” explains Microsoft.
“Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.”
“The documented SQL Server updates incorporate updates in Newtonsoft.Json which address this vulnerability.”
This flaw was publicly disclosed in 2024.
Recent updates from other companies
Other vendors who released updates or advisories in September 2025 include:
- Adobe released security updates for a “SessionReaper” flaw impacting Magento eCommerce stores.
- Argo fixed an Argo CD vulnerability that allows low-privileged API tokens to access API endpoints and retrieve all repository credentials associated with the project.
- Cisco released patches for WebEx, Cisco ASA, and other products.
- Google released the September Android security updates that address a total of 84 vulnerabilities, including two actively exploited flaws.
- SAP released the September security updates for multiple products, including a fix for a maximum severity command execution bug in Netweaver.
- Sitecore released security updates for a zero day vulnerability tracked as CVE-2025-53690 that was actively exploited in attacks.
- TP-Link confirmed a new zero-day exists in some of its routers, with the company exploring its exploitability and is creating patches for US customers.
The September 2025 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities in the September 2025 Patch Tuesday updates.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Azure – Networking | CVE-2025-54914 | Azure Networking Elevation of Privilege Vulnerability | Critical |
| Azure Arc | CVE-2025-55316 | Azure Arc Elevation of Privilege Vulnerability | Important |
| Azure Bot Service | CVE-2025-55244 | Azure Bot Service Elevation of Privilege Vulnerability | Critical |
| Azure Entra | CVE-2025-55241 | Azure Entra Elevation of Privilege Vulnerability | Critical |
| Azure Windows Virtual Machine Agent | CVE-2025-49692 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | Important |
| Capability Access Management Service (camsvc) | CVE-2025-54108 | Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability | Important |
| Dynamics 365 FastTrack Implementation Assets | CVE-2025-55238 | Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability | Critical |
| Graphics Kernel | CVE-2025-55236 | Graphics Kernel Remote Code Execution Vulnerability | Critical |
| Graphics Kernel | CVE-2025-55223 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important |
| Graphics Kernel | CVE-2025-55226 | Graphics Kernel Remote Code Execution Vulnerability | Critical |
| Microsoft AutoUpdate (MAU) | CVE-2025-55317 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2025-54105 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2025-9866 | Chromium: CVE-2025-9866 Inappropriate implementation in Extensions | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-9867 | Chromium: CVE-2025-9867 Inappropriate implementation in Downloads | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-53791 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | Moderate |
| Microsoft Edge (Chromium-based) | CVE-2025-9864 | Chromium: CVE-2025-9864 Use after free in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-9865 | Chromium: CVE-2025-9865 Inappropriate implementation in Toolbar | Unknown |
| Microsoft Graphics Component | CVE-2025-53807 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2025-53800 | Windows Graphics Component Elevation of Privilege Vulnerability | Critical |
| Microsoft High Performance Compute Pack (HPC) | CVE-2025-55232 | Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-54910 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-55243 | Microsoft OfficePlus Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2025-54906 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-54902 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-54899 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-54904 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-54903 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-54898 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-54896 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-54900 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-54901 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office PowerPoint | CVE-2025-54908 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-54897 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
| Microsoft Office Visio | CVE-2025-54907 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-54905 | Microsoft Word Information Disclosure Vulnerability | Important |
| Microsoft Virtual Hard Drive | CVE-2025-54112 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-54092 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-54091 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-54115 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-54098 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2025-47997 | Microsoft SQL Server Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2025-55227 | Microsoft SQL Server Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2024-21907 | VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json | Unknown |
| Windows Ancillary Function Driver for WinSock | CVE-2025-54099 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows BitLocker | CVE-2025-54911 | Windows BitLocker Elevation of Privilege Vulnerability | Important |
| Windows BitLocker | CVE-2025-54912 | Windows BitLocker Elevation of Privilege Vulnerability | Important |
| Windows Bluetooth Service | CVE-2025-53802 | Windows Bluetooth Service Elevation of Privilege Vulnerability | Important |
| Windows Connected Devices Platform Service | CVE-2025-54102 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
| Windows Connected Devices Platform Service | CVE-2025-54114 | Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability | Important |
| Windows Defender Firewall Service | CVE-2025-53810 | Windows Defender Firewall Service Elevation of Privilege Vulnerability | Important |
| Windows Defender Firewall Service | CVE-2025-53808 | Windows Defender Firewall Service Elevation of Privilege Vulnerability | Important |
| Windows Defender Firewall Service | CVE-2025-54094 | Windows Defender Firewall Service Elevation of Privilege Vulnerability | Important |
| Windows Defender Firewall Service | CVE-2025-54915 | Windows Defender Firewall Service Elevation of Privilege Vulnerability | Important |
| Windows Defender Firewall Service | CVE-2025-54109 | Windows Defender Firewall Service Elevation of Privilege Vulnerability | Important |
| Windows Defender Firewall Service | CVE-2025-54104 | Windows Defender Firewall Service Elevation of Privilege Vulnerability | Important |
| Windows DWM | CVE-2025-53801 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows Imaging Component | CVE-2025-53799 | Windows Imaging Component Information Disclosure Vulnerability | Critical |
| Windows Internet Information Services | CVE-2025-53805 | HTTP.sys Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2025-53803 | Windows Kernel Memory Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2025-53804 | Windows Kernel-Mode Driver Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2025-54110 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Local Security Authority Subsystem Service (LSASS) | CVE-2025-54894 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | Important |
| Windows Local Security Authority Subsystem Service (LSASS) | CVE-2025-53809 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | Important |
| Windows Management Services | CVE-2025-54103 | Windows Management Service Elevation of Privilege Vulnerability | Important |
| Windows MapUrlToZone | CVE-2025-54107 | MapUrlToZone Security Feature Bypass Vulnerability | Important |
| Windows MapUrlToZone | CVE-2025-54917 | MapUrlToZone Security Feature Bypass Vulnerability | Important |
| Windows MultiPoint Services | CVE-2025-54116 | Windows MultiPoint Services Elevation of Privilege Vulnerability | Important |
| Windows NTFS | CVE-2025-54916 | Windows NTFS Remote Code Execution Vulnerability | Important |
| Windows NTLM | CVE-2025-54918 | Windows NTLM Elevation of Privilege Vulnerability | Critical |
| Windows PowerShell | CVE-2025-49734 | PowerShell Direct Elevation of Privilege Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-54095 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-54096 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-53797 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-53796 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-54106 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-54097 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-53798 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-54113 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-55225 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-53806 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows SMB | CVE-2025-55234 | Windows SMB Elevation of Privilege Vulnerability | Important |
| Windows SMBv3 Client | CVE-2025-54101 | Windows SMB Client Remote Code Execution Vulnerability | Important |
| Windows SPNEGO Extended Negotiation | CVE-2025-54895 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2025-54093 | Windows TCP/IP Driver Elevation of Privilege Vulnerability | Important |
| Windows UI XAML Maps MapControlSettings | CVE-2025-54913 | Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability | Important |
| Windows UI XAML Phone DatePickerFlyout | CVE-2025-54111 | Windows UI XAML Phone DatePickerFlyout Elevation of Privilege Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2025-55224 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| Windows Win32K – GRFX | CVE-2025-55228 | Windows Graphics Component Remote Code Execution Vulnerability | Critical |
| Windows Win32K – GRFX | CVE-2025-54919 | Windows Graphics Component Remote Code Execution Vulnerability | Important |
| Xbox | CVE-2025-55242 | Xbox Certification Bug Copilot Djando Information Disclosure Vulnerability | Critical |
| XBox Gaming Services | CVE-2025-55245 | Xbox Gaming Services Elevation of Privilege Vulnerability | Important |
