In the latest round of security updates released on September 2025, Microsoft has addressed three significant vulnerabilities within the Windows kernel, among a total of 86 Common Vulnerabilities and Exposures (CVEs). This month’s Patch Tuesday updates also encompass eight high-risk vulnerabilities, alongside five non-Microsoft flaws affecting Chromium-based Edge and SQL Server.
Windows Kernel Vulnerabilities
Among the vulnerabilities, CVE-2025-54110 stands out with a severity rating of 8.8 under the Common Vulnerability Scoring System (CVSS) 3.1. This particular Elevation of Privilege vulnerability has been flagged by Microsoft as having a higher likelihood of exploitation. It involves an integer overflow or wraparound issue (CWE-190) within the Windows kernel, which could enable an authorized attacker to escalate privileges locally. By sending specially crafted input from a sandboxed user-mode process, an attacker could trigger a buffer overflow in the kernel, potentially gaining SYSTEM privileges. The discovery of this vulnerability is credited to an anonymous researcher on Mastodon.
Additionally, Microsoft has identified two other vulnerabilities within the Windows kernel, both rated at 5.5, which are also considered to be at heightened risk of exploitation:
- CVE-2025-53804: This information disclosure vulnerability in a Windows kernel-mode driver could allow the exposure of specific memory addresses within kernel space. Such knowledge could be leveraged by an attacker for further malicious activities. This vulnerability was reported by Lewis Lee.
- CVE-2025-53803: Also credited to Lewis Lee and three other researchers, this vulnerability allows for the disclosure of memory addresses through error messages that contain sensitive information.
Patch Tuesday September 2025: Other High-risk Vulnerabilities
Among the other high-risk vulnerabilities addressed this month, CVE-2025-54918 is noteworthy. This Windows NTLM Elevation of Privilege vulnerability, rated at 8.8, is remotely exploitable and presents low complexity for potential attackers. It arises from improper authentication in Windows NTLM, allowing an authorized user to elevate privileges over a network. Brian De Houwer of Crimson7 is credited with this discovery.
Another critical vulnerability, CVE-2025-55234, is an 8.8-severity Windows SMB Elevation of Privilege/Improper Authentication issue. Depending on the configuration, the SMB Server may be vulnerable to relay attacks, prompting Microsoft to recommend enabling hardening measures for SMB Server.
Additional high-risk vulnerabilities included in the September 2025 updates are:
- CVE-2025-54916, a 7.8-rated Windows NTFS Remote Code Execution vulnerability
- CVE-2025-54098, a 7.8-severity Windows Hyper-V Elevation of Privilege vulnerability
- CVE-2025-54093, a 7.0-rated Windows TCP/IP Driver Elevation of Privilege vulnerability
In addition to Microsoft’s updates, other IT vendors such as Adobe, SAP, and Ivanti have also rolled out critical updates today, underscoring the ongoing importance of cybersecurity across the industry.
