Today marks Microsoft Patch Tuesday for September 2025, addressing 86 vulnerabilities. This includes several remote code execution and privilege escalation issues. As always, ensure your networks are updated promptly.

Notable Patch Tuesday vulnerabilities for September

• CVE-2025-55232: A flaw in Microsoft High Performance Compute Pack could allow attackers to execute code over a network without user interaction.
• CVE-2025-54113: A heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) could enable code execution over the network. This requires tricking a user into connecting to a malicious server set up by the attacker.
• CVE-2025-54897: A deserialization vulnerability in Microsoft Office SharePoint could allow an authorized attacker to gain code execution privileges.
• CVE-2025-55227: Improper neutralization of special elements could let an attacker inject SQL code and elevate privileges.
• CVE-2025-55234: A vulnerability in Windows SMB could enable relay attacks, compromising user accounts.

For more detailed information on these and other vulnerabilities, please refer to the release notes.

Need help addressing the above in your own organization? Speak to an Outpost24 expert.