Three high-risk Windows kernel flaws were among the fixes included in Microsoft’s September 2025 Patch Tuesday updates released today.
In all, the Patch Tuesday September 2025 updates included fixes for 86 Microsoft CVEs – eight of which are considered high risk – and five non-Microsoft flaws in Chromium-based Edge and SQL Server (CVE-2024-21907 in Newtonsoft.Json).
The highest rated vulnerabilities patched this month are rated 8.8 under CVSS 3.1, and three of those – in the Windows kernel, NTLM and SMB – are considered at higher risk for exploitation.
Windows Kernel Vulnerabilities
CVE-2025-54110 is an 8.8 rated Windows kernel Elevation of Privilege vulnerability that Microsoft labeled as “Exploitation More Likely.”
CVE-2025-54110, an Integer Overflow or Wraparound vulnerability (CWE-190) in the Windows kernel, could allow an authorized attacker to elevate privileges locally by sending specially crafted input from a sandboxed user-mode process to trigger an integer overflow, resulting in a buffer overflow in the kernel and enabling privilege escalation or sandbox escape. An attacker who successfully exploited the vulnerability could gain SYSTEM privileges, Microsoft said.
Microsoft credited an anonymous researcher on Mastodon for the discovery.
Microsoft also labeled two 5.5-rated Windows kernel vulnerabilities as being at higher risk of exploitation.
CVE-2025-53804 is a Windows kernel-mode driver Information Disclosure vulnerability that Microsoft said “could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.”
The vulnerability was reported by Lewis Lee.
CVE-2025-53803, credited to Lee and three other researchers, is a Windows kernel memory Information Disclosure vulnerability that could also allow the disclosure of memory addresses through the generation of error messages containing sensitive information.
Patch Tuesday September 2025: Other High-risk Vulnerabilities
CVE-2025-54918 is an 8.8-rated Windows NTLM Elevation of Privilege vulnerability and is remotely exploitable and low complexity. Improper authentication in Windows NTLM could allow an authorized attacker to elevate privileges over a network. The vulnerability was credited to Brian De Houwer of Crimson7.
CVE-2025-55234 is an 8.8-severity Windows SMB Elevation of Privilege/Improper Authentication vulnerability. SMB Server might be susceptible to relay attacks depending on the configuration, and Microsoft advises enabling SMB Server hardening measures.
Other high-risk vulnerabilities in the Patch Tuesday September 2025 updates include:
- CVE-2025-54916, a 7.8-rated Windows NTFS Remote Code Execution vulnerability
- CVE-2025-54098, a 7.8-severity Windows Hyper-V Elevation of Privilege vulnerability
- CVE-2025-54093, a 7.0 Windows TCP/IP Driver Elevation of Privilege vulnerability
Adobe, SAP and Ivanti are among the other IT vendors with critical updates out today.
