On September 9, 2025, Microsoft released its September 2025 security update, addressing 86 newly disclosed vulnerabilities. Arctic Wolf highlighted three vulnerabilities in this bulletin. At the time of writing, none of the vulnerabilities in this update have been reported as exploited in the wild, and no proof-of-concept exploits have been released.
Vulnerabilities
| Vulnerability | CVSS | Description |
| CVE-2025-55232 | 9.8 | Microsoft High Performance Compute (HPC) Pack Remote Code Execution – A threat actor can achieve code execution without user interaction by exploiting a deserialization of untrusted data vulnerability in Microsoft High Performance Computing (HPC) Pack, a platform for managing and running high-performance computing tasks across server clusters. |
| CVE-2025-55234 | 8.8 | Windows SMB Elevation of Privilege Vulnerability – SMB Server could be susceptible to relay attacks that a threat actor could exploit. Successful exploitation of this vulnerability could allow the threat actor to gain the privileges of the compromised user. Microsoft indicated that this vulnerability was publicly disclosed before a fix was released. |
| CVE-2025-54918 | 8.8 | Windows NTLM Elevation of Privilege Vulnerability – A remote threat actor can exploit this vulnerability to gain SYSTEM privileges without any user interaction required. |
Recommendation
Upgrade to Latest Fixed Versions
Arctic Wolf strongly recommends that customers upgrade to the latest fixed versions.
| Affected Product | Vulnerability | Update Article |
| Windows Server 2025 | CVE-2025-55234, CVE-2025-54918 | 5065426, 5065474 |
| Windows Server 2022, 23H2 Edition | CVE-2025-55234, CVE-2025-54918 | 5065425 |
| Windows Server 2022 | CVE-2025-55234, CVE-2025-54918 | 5065432, 5065306 |
| Windows Server 2019 | CVE-2025-55234, CVE-2025-54918 | 5065428 |
| Windows Server 2016 | CVE-2025-55234, CVE-2025-54918 | 5065427 |
| Windows Server 2012 R2 | CVE-2025-55234, CVE-2025-54918 | 5065507 |
| Windows Server 2012 | CVE-2025-55234, CVE-2025-54918 | 5065509 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | CVE-2025-55234, CVE-2025-54918 | 5065468, 5065510 |
| Windows Server 2008 for 32-bit, and x64-based Systems Service Pack 2 | CVE-2025-55234, CVE-2025-54918 | 5065508, 5065511 |
| Windows 11 Version 24H2 for x64-based, and ARM64-based Systems | CVE-2025-55234, CVE-2025-54918 | 5065426, 5065474 |
| Windows 11 Version 23H2 for x64-based, and ARM64-based Systems | CVE-2025-55234, CVE-2025-54918 | 5065431 |
| Windows 11 Version 22H2 for x64-based, and ARM64-based Systems | CVE-2025-55234, CVE-2025-54918 | 5065431 |
| Windows 10 Version 22H2 for 32-bit, x64-based, and ARM64-based Systems | CVE-2025-55234, CVE-2025-54918 | 5065429 |
| Windows 10 Version 21H2 for 32-bit, x64-based, and ARM64-based Systems | CVE-2025-55234, CVE-2025-54918 | 5065429 |
| Windows 10 Version 1809 for 32-bit, and x64-based Systems | CVE-2025-55234, CVE-2025-54918 | 5065428 |
| Windows 10 Version 1607 for 32-bit, and x64-based Systems | CVE-2025-55234, CVE-2025-54918 | 5065427 |
| Windows 10 for 32-bit, and x64-based Systems | CVE-2025-55234, CVE-2025-54918 | 5065430 |
| Microsoft HPC Pack 2019 | CVE-2025-55232 | Release Notes |
Please follow your organization’s patching and testing guidelines to minimize potential operational impact.
References
Microsoft Patch Tuesday (September 2025)
Resources
Understand the threat landscape, and how to better defend your organization, with the 2025 Arctic Wolf Threat Report.
See how Arctic Wolf utilizes threat intelligence to harden your attack surface and stop threats earlier and faster.
