Microsoft at present launched updates to repair at the very least 137 safety vulnerabilities in its Home windows working methods and supported software program. Not one of the weaknesses addressed this month are recognized to be actively exploited, however 14 of the failings earned Microsoft’s most-dire “crucial” ranking, that means they could possibly be exploited to grab management over weak Home windows PCs with little or no assist from customers.

Whereas not listed as crucial, CVE-2025-49719 is a publicly disclosed data disclosure vulnerability, with all variations way back to SQL Server 2016 receiving patches. Microsoft charges CVE-2025-49719 as much less prone to be exploited, however the availability of proof-of-concept code for this flaw means its patch ought to in all probability be a precedence for affected enterprises.

Mike Walters, co-founder of Action1, stated CVE-2025-49719 may be exploited with out authentication, and that many third-party purposes depend upon SQL server and the affected drivers — doubtlessly introducing a supply-chain danger that extends past direct SQL Server customers.

“The potential publicity of delicate data makes this a high-priority concern for organizations dealing with worthwhile or regulated knowledge,” Walters stated. “The excellent nature of the affected variations, spanning a number of SQL Server releases from 2016 via 2022, signifies a elementary situation in how SQL Server handles reminiscence administration and enter validation.”

Adam Barnett at Rapid7 notes that at present is the tip of the street for SQL Server 2012, that means there might be no future safety patches even for crucial vulnerabilities, even should you’re keen to pay Microsoft for the privilege.

Barnett additionally known as consideration to CVE-2025-47981, a vulnerability with a CVSS rating of 9.8 (10 being the worst), a distant code execution bug in the best way Home windows servers and shoppers negotiate to find mutually supported authentication mechanisms. This pre-authentication vulnerability impacts any Home windows consumer machine working Home windows 10 1607 or above, and all present variations of Home windows Server. Microsoft considers it extra seemingly that attackers will exploit this flaw.

Microsoft additionally patched at the very least 4 crucial, distant code execution flaws in Workplace (CVE-2025-49695, CVE-2025-49696, CVE-2025-49697, CVE-2025-49702). The primary two are each rated by Microsoft as having the next probability of exploitation, don’t require person interplay, and may be triggered via the Preview Pane.

Two extra excessive severity bugs embody CVE-2025-49740 (CVSS 8.8) and CVE-2025-47178 (CVSS 8.0); the previous is a weak spot that would enable malicious information to bypass screening by Microsoft Defender SmartScreen, a built-in characteristic of Home windows that tries to dam untrusted downloads and malicious websites.

CVE-2025-47178 entails a distant code execution flaw in Microsoft Configuration Supervisor, an enterprise instrument for managing, deploying, and securing computer systems, servers, and units throughout a community. Ben Hopkins at Immersive Labs stated this bug requires very low privileges to take advantage of, and that it’s attainable for a person or attacker with a read-only entry position to take advantage of it.

“Exploiting this vulnerability permits an attacker to execute arbitrary SQL queries because the privileged SMS service account in Microsoft Configuration Supervisor,” Hopkins stated. “This entry can be utilized to control deployments, push malicious software program or scripts to all managed units, alter configurations, steal delicate knowledge, and doubtlessly escalate to full working system code execution throughout the enterprise, giving the attacker broad management over the complete IT setting.”

Individually, Adobe has launched safety updates for a broad vary of software program, together with After Results, Adobe Audition, Illustrator, FrameMaker, and ColdFusion.

The SANS Web Storm Heart has a breakdown of every particular person patch, listed by severity. If you happen to’re liable for administering a lot of Home windows methods, it could be price maintaining a tally of AskWoody for the lowdown on any doubtlessly wonky updates (contemplating the big variety of vulnerabilities and Home windows parts addressed this month).

If you happen to’re a Home windows dwelling person, please contemplate backing up your knowledge and/or drive earlier than putting in any patches, and drop a be aware within the feedback should you encounter any issues with these updates.

.Microsoft on Tuesday released 67 patches affecting 12 product households. Ten of the addressed points, 5 involving 365 and Workplace and one involving SharePoint, are thought-about by Microsoft to be of Critical severity, and 17 have a CVSS base rating of 8.0 or increased. One, an Necessary-severity RCE in Home windows associated to WEBDAV (CVE-2025-33053), is recognized to be beneath lively exploitation within the wild. A further Necessary-severity SMB problem has been publicly disclosed, however will not be at present recognized to be beneath exploit. 

At patch time, 9 further CVEs are extra prone to be exploited within the subsequent 30 days by the corporate’s estimation, not together with the WEBDAV problem talked about above. Varied of this month’s points are amenable to direct detection by Sophos protections, and we embrace info on those in a desk under. This most definitely contains CVE-2025-33053, by which Sophos itself has taken a selected curiosity – and, apparently, vice versa.

Along with these patches, ten Adobe Reader fixes, 4 of them thought-about to be of Essential severity, are included within the launch. These are listed in Appendix D under. That appendix additionally contains info on two Edge-related vulnerabilities and a Essential-severity Energy Automate problem that was addressed earlier this month, in addition to restricted info on a Essential-severity bug in Copilot for which an advisory was launched the next day (Wednesday). The periodically launched Servicing Stack updates are additionally out there.  

We’re as at all times together with on the finish of this submit further appendices itemizing all Microsoft’s patches sorted by severity, by predicted exploitability timeline and CVSS Base rating, and by product household; an appendix protecting the advisory-style updates; and a breakout of the patches affecting the assorted Home windows Server platforms nonetheless in assist.  

By the numbers

• Whole CVEs: 67
• Publicly disclosed: 1
• Exploit detected: 1
• Severity
  • Essential: 10
  • Necessary: 57
• Affect
  • Distant Code Execution: 26
  • Info Disclosure: 17
  • Elevation of Privilege: 13
  • Denial of Service: 6
  • Safety Function Bypass: 3
  • Spoofing: 2
• CVSS base rating 9.0 or larger: 0*
• CVSS base rating 8.0 or later: 18

 * One problem, affecting Energy Automate for Desktop however patched by Microsoft on June 5, has been assigned a 9.8 CVSS base rating. Because it was mitigated previous to launch, we’re treating that info as advisory-only and don’t embrace it on this month’s statistics. Likewise, the Copilot advisory launched on June 11 has a CVSS base rating of 9.3, however doesn’t determine into these tallies or charts.

Determine 1: A proportionally heavier-than-usual ten Essential-severity patches have been launched in June,  although unusually six of these happen in 365, Workplace, or SharePoint reasonably than the extra customary Home windows. (Two Edge updates coated this month usually are not launched with full affect info and thus don’t seem on this chart; we’re additionally excluding the Energy Automate patch as mentioned above) 

Merchandise 

• Home windows: 45*
• 365: 15
• Workplace: 14
• SharePoint: 5
• Visible Studio: 2
• Phrase: 2
• .NET: 1
• Excel: 1
• Microsoft AutoUpdate for Macintosh: 1
• Nuance Digital Engagement Platform: 1
• Outlook: 1
• PowerPoint: 1

* One Home windows SDK patch (CVE-2025-47962) and one patch affecting the Home windows Safety App part (CVE-2025-47956) are included within the Home windows counts for reader comfort, although neither impacts particular variations of the shopper or server platforms.  

As is our customized for this checklist, CVEs that apply to multiple product household are counted as soon as for every household they have an effect on. We notice that CVE names don’t at all times mirror affected product households carefully. Particularly, some CVEs names within the Workplace household could point out merchandise that don’t seem within the checklist of merchandise affected by the CVE, and vice versa.

Determine 2: Twelve product households determine in Could’s Patch Tuesday launch; the Nuance medical-product household returns to the charts for a second month, this time addressing a spoofing problem in its Digital Engagement Platform 

Notable June updates 

Along with the problems mentioned above, a number of particular gadgets advantage consideration.  

CVE-2025-33053 — Net Distributed Authoring and Versioning (WebDAV) Distant Code Execution Vulnerability 

The one patched problem at present recognized to be beneath exploit within the wild is an Necessary-severity flaw in Net Distributed Authoring and Versioning code, which has been underpinning a lot of the web for the reason that IE period. That’s the issue; this patch touches the MSHTML, EdgeHTML, and scripting platforms, that are all nonetheless supported. Because of this these Microsoft prospects at present taking Safety Solely updates want to put in the IE Cumulative updates to correctly guard towards this vulnerability – one thing right here for everybody, in different phrases. 

The adversaries exploiting that vulnerability apparently discovered Sophos protections vexing.  Endpoint safety scans new packages earlier than they run—however after launch, scanning drops off. Attackers exploit this by delivering packages with encrypted our bodies that evade static scanning and AI fashions. As soon as operating, the code decrypts itself, hundreds implants, and executes completely in reminiscence—by no means touching disk. 

Sophos counters this with Dynamic Shellcode Safety, which limits how a lot executable reminiscence a course of can allocate. That restriction breaks stealthy in-memory assaults, forcing adversaries to revert to noisier, extra detectable methods like distant injection—the place they’re a lot simpler to catch. 

 After that the attackers would have run into a number of extra Sophos layers of blacklist, antimalware signatures, and different defenses — however it’s fascinating to us to see ourselves mirrored in an adversary’s code as a very powerful nut to crack. In any case, we advocate as at all times that defenders prioritize higher-profile patches similar to this one. 

CVE-2025-33073 – Home windows SMB Consumer Elevation of Privilege Vulnerability 

It’s not recognized to be beneath lively exploitation but, and Microsoft signifies that they suppose it’s much less prone to be exploited inside the subsequent 30 days, however this Necessary-severity EoP is the one June CVE recognized to have been publicly disclosed up to now. The problem comes all the way down to improper entry controls, and it impacts all supported Home windows shopper and server variations. 

CVE-2025-47166 — Microsoft SharePoint Server Distant Code Execution Vulnerability 

After debuting in Could, “zcgonvh’s cat Vanilla” makes a right away return look on the finder roster – that’s proper, the cat got here again the very subsequent Patch Tuesday. 

CVE-2025-32711 — M365 Copilot Info Disclosure Vulnerability 

Lastly, one CVE that was not launched within the Tuesday assortment, however merited the discharge of an advisory the next day: a Essential-severity, CVSS-base 9.3, information-disclosure error that made it potential for an unauthorized attacker to make use of command injection to reveal info from the AI software. The vulnerability was responsibly disclosed to Microsoft and the corporate said early Wednesday that the patch is already pushed to prospects.  

Determine 3: As we wrap up the primary half of the yr, the proportion of Essential-severity RCEs over the previous six months is eye-catching 

Determine 4: Evaluating first-half totals for 2024 and 2025, we see that the excessive variety of Essential-severity RCEs stands out much more strongly when in comparison with the yr earlier than – 40, in contrast with simply 9 for the primary half of the yr earlier than. A couple of different traits stand out as nicely, together with giant year-over-year will increase in info disclosure CVEs (44 in 1H24, 77 up to now in 2025) and denial of service points (34 in 1H24, 57 up to now in 2025) 

Sophos protections 

CVE	Sophos Intercept X/Endpoint IPS	Sophos XGS Firewall
CVE-2025-32713	Exp/2532713-A	Exp/2532713-A
CVE-2025-32714	Exp/2532714-A	Exp/2532714-A
CVE-2025-33053	sid:2311111	sid:2311111
CVE-2025-33070	sid:2311128	sid:2311128
CVE-2025-47162	sid:2311145	sid:2311145
CVE-2025-47164	sid:2311146	sid:2311146
CVE-2025-47167	sid:231113	sid:231113

 

CVE-2025-33053 additionally has an relevant detection of notice, Troj/UrlRun-B, along with the XSG signature famous above. 

As you may each month, in the event you don’t need to wait to your system to drag down Microsoft’s updates itself, you may obtain them manually from the Home windows Replace Catalog web site. Run the winver.exe software to find out which construct of Home windows 10 or 11 you’re operating, then obtain the Cumulative Replace package deal to your particular system’s structure and construct quantity. 

Appendix A: Vulnerability Affect and Severity 

This can be a checklist of June patches sorted by affect, then sub-sorted by severity. Every checklist is additional organized by CVE.  

Distant Code Execution (25 CVEs) 

Essential severity
CVE-2025-29828	Home windows Schannel Distant Code Execution Vulnerability
CVE-2025-32710	Home windows Distant Desktop Companies Distant Code Execution Vulnerability
CVE-2025-32717	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-33071	Home windows KDC Proxy Service (KPSSVC) Distant Code Execution Vulnerability
CVE-2025-47162	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-47164	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-47167	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-47172	Microsoft SharePoint Server Distant Code Execution Vulnerability
CVE-2025-47953	Microsoft Workplace Distant Code Execution Vulnerability
Necessary severity
CVE-2025-30399	.NET and Visible Studio Distant Code Execution Vulnerability
CVE-2025-33053	Net Distributed Authoring and Versioning (WEBDAV) Distant Code Execution Vulnerability
CVE-2025-33064	Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability
CVE-2025-33066	Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability
CVE-2025-47163	Microsoft SharePoint Server Distant Code Execution Vulnerability
CVE-2025-47165	Microsoft Excel Distant Code Execution Vulnerability
CVE-2025-47166	Microsoft SharePoint Server Distant Code Execution Vulnerability
CVE-2025-47168	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-47169	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-47170	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-47171	Microsoft Outlook Distant Code Execution Vulnerability
CVE-2025-47173	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-47174	Microsoft Excel Distant Code Execution Vulnerability
CVE-2025-47175	Microsoft PowerPoint Distant Code Execution Vulnerability
CVE-2025-47176	Microsoft Outlook Distant Code Execution Vulnerability
CVE-2025-47957	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-47959	Visible Studio Distant Code Execution Vulnerability

 

Info Disclosure (17 CVEs) 

Necessary severity
CVE-2025-24065	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-24068	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-24069	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-32715	Distant Desktop Protocol Consumer Info Disclosure Vulnerability
CVE-2025-32719	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-32720	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-32722	Home windows Storage Port Driver Info Disclosure Vulnerability
CVE-2025-33052	Home windows DWM Core Library Info Disclosure  Vulnerability
CVE-2025-33055	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-33058	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-33059	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-33060	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-33061	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-33062	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-33063	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-33065	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-47969	Home windows Virtualization-Primarily based Safety (VBS) Info Disclosure Vulnerability

 

Elevation of Privilege (13 CVEs) 

Essential severity
CVE-2025-33070	Home windows Netlogon Elevation of Privilege Vulnerability
Necessary severity
CVE-2025-32712	Win32k Elevation of Privilege Vulnerability
CVE-2025-32713	Home windows Widespread Log File System Driver Elevation of Privilege Vulnerability
CVE-2025-32714	Home windows Installer Elevation of Privilege Vulnerability
CVE-2025-32716	Home windows Media Elevation of Privilege Vulnerability
CVE-2025-32718	Home windows SMB Consumer Elevation of Privilege Vulnerability
CVE-2025-32721	Home windows Restoration Driver Elevation of Privilege Vulnerability
CVE-2025-33067	Home windows Activity Scheduler Elevation of Privilege Vulnerability
CVE-2025-33073	Home windows SMB Consumer Elevation of Privilege Vulnerability
CVE-2025-33075	Home windows Installer Elevation of Privilege Vulnerability
CVE-2025-47955	Home windows Distant Entry Connection Supervisor Elevation of Privilege Vulnerability
CVE-2025-47962	Home windows SDK Elevation of Privilege Vulnerability
CVE-2025-47968	Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

 

Denial of Service (6 CVEs) 

Necessary severity
CVE-2025-32724	Native Safety Authority Subsystem Service (LSASS) Denial of Service Vulnerability
CVE-2025-32725	DHCP Server Service Denial of Service Vulnerability
CVE-2025-33050	DHCP Server Service Denial of Service Vulnerability
CVE-2025-33056	Home windows Native Safety Authority (LSA) Denial of Service Vulnerability
CVE-2025-33057	Home windows Native Safety Authority (LSA) Denial of Service Vulnerability
CVE-2025-33068	Home windows Requirements-Primarily based Storage Administration Service Denial of Service Vulnerability
CVE-2025-32724	Native Safety Authority Subsystem Service (LSASS) Denial of Service Vulnerability

 

Safety Function Bypass (3 CVEs) 

Necessary severity
CVE-2025-3052	Cert CC: CVE-2025-3052 InsydeH2O Safe Boot Bypass
CVE-2025-33069	Home windows App Management for Enterprise Safety Function Bypass Vulnerability
CVE-2025-47160	Home windows Shortcut Recordsdata Safety Function Bypass Vulnerability

 

Spoofing (2 CVEs) 

Necessary severity
CVE-2025-47956	Home windows Safety App Spoofing Vulnerability
CVE-2025-47977	Nuance Digital Engagement Platform Spoofing Vulnerability

 

 

Appendix B: Exploitability and CVSS 

This can be a checklist of the June CVEs judged by Microsoft to be both beneath exploitation within the wild or extra prone to be exploited within the wild inside the first 30 days post-release. The checklist is additional organized by CVE. The three Workplace gadgets extra prone to be exploited within the subsequent 30 days (CVE-2025-47162, CVE-2025-47164, and CVE-2025-47167) are all exploitable through Preview Pane. 

Exploitation detected
CVE-2025-33053	Net Distributed Authoring and Versioning (WEBDAV) Distant Code Execution Vulnerability
Exploitation extra seemingly inside the subsequent 30 days
CVE-2025-32713	Home windows Widespread Log File System Driver Elevation of Privilege Vulnerability
CVE-2025-32714	Home windows Installer Elevation of Privilege Vulnerability
CVE-2025-32717	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-33070	Home windows Netlogon Elevation of Privilege Vulnerability
CVE-2025-33071	Home windows KDC Proxy Service (KPSSVC) Distant Code Execution Vulnerability
CVE-2025-47162	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-47164	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-47167	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-47962	Home windows SDK Elevation of Privilege Vulnerability

 

This can be a checklist of June’s CVEs with a Microsoft-assessed CVSS Base rating of 8.0 or increased. They’re organized by rating and additional sorted by CVE. For extra info on how CVSS works, please see our sequence on patch prioritization schema.  

CVSS Base	CVSS Temporal	CVE	Title
8.8	8.2	CVE-2025-33053	Net Distributed Authoring and Versioning (WEBDAV) Distant Code Execution Vulnerability
8.8	7.7	CVE-2025-33064	Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability
8.8	7.7	CVE-2025-33066	Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability
8.8	7.9	CVE-2025-33073	Home windows SMB Consumer Elevation of Privilege Vulnerability
8.8	7.7	CVE-2025-47163	Microsoft SharePoint Server Distant Code Execution Vulnerability
8.8	7.7	CVE-2025-47166	Microsoft SharePoint Server Distant Code Execution Vulnerability
8.8	7.7	CVE-2025-47172	Microsoft SharePoint Server Distant Code Execution Vulnerability
8.4	7.3	CVE-2025-32717	Microsoft Phrase Distant Code Execution Vulnerability
8.4	7.3	CVE-2025-33067	Home windows Activity Scheduler Elevation of Privilege Vulnerability
8.4	7.3	CVE-2025-47162	Microsoft Workplace Distant Code Execution Vulnerability
8.4	7.3	CVE-2025-47164	Microsoft Workplace Distant Code Execution Vulnerability
8.4	7.3	CVE-2025-47167	Microsoft Workplace Distant Code Execution Vulnerability
8.4	7.3	CVE-2025-47953	Microsoft Workplace Distant Code Execution Vulnerability
8.4	7.3	CVE-2025-47957	Microsoft Phrase Distant Code Execution Vulnerability
8.1	7.1	CVE-2025-29828	Home windows Schannel Distant Code Execution Vulnerability
8.1	7.1	CVE-2025-32710	Home windows Distant Desktop Companies Distant Code Execution Vulnerability
8.1	7.1	CVE-2025-33070	Home windows Netlogon Elevation of Privilege Vulnerability
8.1	7.1	CVE-2025-33071	Home windows KDC Proxy Service (KPSSVC) Distant Code Execution Vulnerability

 

Appendix C: Merchandise Affected 

This can be a checklist of June’s patches sorted by product household, then sub-sorted by severity. Every checklist is additional organized by CVE. Patches which can be shared amongst a number of product households are listed a number of instances, as soon as for every product household. Sure vital points for which advisories have been issued are coated in Appendix D, and points affecting Home windows Server are additional sorted in Appendix E. All CVE titles are correct as made out there by Microsoft; for additional info on why sure merchandise could seem in titles and never product households (or vice versa), please seek the advice of Microsoft. 

Home windows (45 CVEs) 

Essential severity
CVE-2025-29828	Home windows Schannel Distant Code Execution Vulnerability
CVE-2025-32710	Home windows Distant Desktop Companies Distant Code Execution Vulnerability
CVE-2025-33070	Home windows Netlogon Elevation of Privilege Vulnerability
CVE-2025-33071	Home windows KDC Proxy Service (KPSSVC) Distant Code Execution Vulnerability
Necessary severity
CVE-2025-3052	Cert CC: CVE-2025-3052 InsydeH2O Safe Boot Bypass
CVE-2025-24065	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-24068	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-24069	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-32712	Win32k Elevation of Privilege Vulnerability
CVE-2025-32713	Home windows Widespread Log File System Driver Elevation of Privilege Vulnerability
CVE-2025-32714	Home windows Installer Elevation of Privilege Vulnerability
CVE-2025-32715	Distant Desktop Protocol Consumer Info Disclosure Vulnerability
CVE-2025-32716	Home windows Media Elevation of Privilege Vulnerability
CVE-2025-32718	Home windows SMB Consumer Elevation of Privilege Vulnerability
CVE-2025-32719	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-32720	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-32721	Home windows Restoration Driver Elevation of Privilege Vulnerability
CVE-2025-32722	Home windows Storage Port Driver Info Disclosure Vulnerability
CVE-2025-32724	Native Safety Authority Subsystem Service (LSASS) Denial of Service Vulnerability
CVE-2025-32725	DHCP Server Service Denial of Service Vulnerability
CVE-2025-33050	DHCP Server Service Denial of Service Vulnerability
CVE-2025-33052	Home windows DWM Core Library Info Disclosure  Vulnerability
CVE-2025-33053	Net Distributed Authoring and Versioning (WEBDAV) Distant Code Execution Vulnerability
CVE-2025-33055	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-33056	Home windows Native Safety Authority (LSA) Denial of Service Vulnerability
CVE-2025-33057	Home windows Native Safety Authority (LSA) Denial of Service Vulnerability
CVE-2025-33058	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-33059	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-33060	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-33061	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-33062	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-33063	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-33064	Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability
CVE-2025-33065	Home windows Storage Administration Supplier Info Disclosure Vulnerability
CVE-2025-33066	Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability
CVE-2025-33067	Home windows Activity Scheduler Elevation of Privilege Vulnerability
CVE-2025-33068	Home windows Requirements-Primarily based Storage Administration Service Denial of Service Vulnerability
CVE-2025-33069	Home windows App Management for Enterprise Safety Function Bypass Vulnerability
CVE-2025-33073	Home windows SMB Consumer Elevation of Privilege Vulnerability
CVE-2025-33075	Home windows Installer Elevation of Privilege Vulnerability
CVE-2025-47160	Home windows Shortcut Recordsdata Safety Function Bypass Vulnerability
CVE-2025-47955	Home windows Distant Entry Connection Supervisor Elevation of Privilege Vulnerability
CVE-2025-47956	Home windows Safety App Spoofing Vulnerability
CVE-2025-47962	Home windows SDK Elevation of Privilege Vulnerability
CVE-2025-47969	Home windows Virtualization-Primarily based Safety (VBS) Info Disclosure Vulnerability

 

365 (14 CVEs) 

Essential severity
CVE-2025-32717	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-47162	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-47164	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-47167	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-47953	Microsoft Workplace Distant Code Execution Vulnerability
Necessary severity
CVE-2025-47165	Microsoft Excel Distant Code Execution Vulnerability
CVE-2025-47168	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-47169	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-47170	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-47171	Microsoft Outlook Distant Code Execution Vulnerability
CVE-2025-47173	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-47174	Microsoft Excel Distant Code Execution Vulnerability
CVE-2025-47175	Microsoft PowerPoint Distant Code Execution Vulnerability
CVE-2025-47176	Microsoft Outlook Distant Code Execution Vulnerability
CVE-2025-47957	Microsoft Phrase Distant Code Execution Vulnerability

 

Workplace (14 CVEs) 

Essential severity
CVE-2025-47162	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-47164	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-47167	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-47953	Microsoft Workplace Distant Code Execution Vulnerability
Necessary severity
CVE-2025-47165	Microsoft Excel Distant Code Execution Vulnerability
CVE-2025-47168	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-47169	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-47170	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-47171	Microsoft Outlook Distant Code Execution Vulnerability
CVE-2025-47173	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-47174	Microsoft Excel Distant Code Execution Vulnerability
CVE-2025-47175	Microsoft PowerPoint Distant Code Execution Vulnerability
CVE-2025-47176	Microsoft Outlook Distant Code Execution Vulnerability
CVE-2025-47957	Microsoft Phrase Distant Code Execution Vulnerability

 

SharePoint (5 CVEs) 

Essential severity
CVE-2025-47172	Microsoft SharePoint Server Distant Code Execution Vulnerability
Necessary severity
CVE-2025-47163	Microsoft SharePoint Server Distant Code Execution Vulnerability
CVE-2025-47166	Microsoft SharePoint Server Distant Code Execution Vulnerability
CVE-2025-47168	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-47169	Microsoft Phrase Distant Code Execution Vulnerability

 

Visible Studio (2 CVEs) 

Necessary severity
CVE-2025-30399	.NET and Visible Studio Distant Code Execution Vulnerability
CVE-2025-47959	Visible Studio Distant Code Execution Vulnerability

Phrase (2 CVEs) 

Necessary severity
CVE-2025-47168	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-47169	Microsoft Phrase Distant Code Execution Vulnerability

 

.NET (1 CVE) 

Necessary severity
CVE-2025-30399	.NET and Visible Studio Distant Code Execution Vulnerability

 

Excel (1 CVE) 

Necessary severity
CVE-2025-47165	Microsoft Excel Distant Code Execution Vulnerability

 

Microsoft AutoUpdate for Macintosh (1 CVE) 

Necessary severity
CVE-2025-47968	Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

 

Nuance Digital Engagement Platform (1 CVE) 

Necessary severity
CVE-2025-47977	Nuance Digital Engagement Platform Spoofing Vulnerability

 

Outlook (1 CVE) 

Necessary severity
CVE-2025-47171	Microsoft Outlook Distant Code Execution Vulnerability

 

PowerPoint (1 CVE) 

Necessary severity
CVE-2025-47175	Microsoft PowerPoint Distant Code Execution Vulnerability

 

Appendix D: Advisories and Different Merchandise 

There are 10 Adobe Reader advisories in June’s launch, APSB25-57. Since there’s some selection in severity ranges on this month’s set, we’re together with that info as nicely. 

Essential	CVE-2025-43573	Use After Free (CWE-416)
Essential	CVE-2025-43574	Use After Free (CWE-416)
Essential	CVE-2025-43575	Out-of-bounds Write (CWE-787)
Essential	CVE-2025-43576	Use After Free (CWE-416)
Necessary	CVE-2025-43550	Use After Free (CWE-416)
Necessary	CVE-2025-43577	Use After Free (CWE-416)
Necessary	CVE-2025-43578	Out-of-bounds Learn (CWE-125)
Necessary	CVE-2025-47112	Out-of-bounds Learn (CWE-125)
Average	CVE-2025-43579	Info Publicity (CWE-200)
Average	CVE-2025-47111	NULL Pointer Dereference (CWE-476)

 

There are further Microsoft advisories and informational releases that deserve consideration. The Energy Automate patch is fascinating – a Essential-severity EoP with a CVSS base rating of 9.8 – however the patch itself was issued practically every week in the past, and so the knowledge offered under is principally FYI. In further, Net elders are hereby reassured that the “Blink” concerned in CVE-2025-5068 pertains to the Chromium rendering engine, not the erstwhile markup tag greatest described as Devil’s eyelash. 

ADV990001	Newest Servicing Stack Updates
CVE-2025-5068	Chromium: CVE-2025-5068 Use after free in Blink
CVE-2025-5419	Chromium: CVE-2025-5419 Out of bounds learn and write in V8
CVE-2025-47966	Energy Automate Elevation of Privilege Vulnerability

 

As famous above, on Wednesday Microsoft launched an advisory regarding CVE-2025-32711, “M365 Copilot Info Disclosure Vulnerability,” a Essential-severity information-disclosure bug in Copilot. Although technically not included in Patch Tuesday’s haul, we embrace acknowledgement of that launch as a courtesy to the reader. 

Appendix E: Affected Home windows Server variations 

This can be a desk of the CVEs within the June launch affecting 9 Home windows Server variations, 2008 via 2025. The desk differentiates amongst main variations of the platform however doesn’t go into deeper element (eg., Server Core). Essential-severity points are marked in purple; an “x” signifies that the CVE doesn’t apply to that model. Directors are inspired to make use of this appendix as a place to begin to determine their particular publicity, as every reader’s state of affairs, particularly because it issues merchandise out of mainstream assist, will fluctuate. For particular Information Base numbers, please seek the advice of Microsoft.  

	2008	2008-R2	2012	2012-R2	2016	2019	2022	2022 23H2	2025
CVE-2025-24065	×	×	×	×	■	■	■	■	■
CVE-2025-24068	×	×	×	×	■	■	■	■	■
CVE-2025-24069	×	×	×	×	■	■	■	■	■
CVE-2025-29828	×	×	×	×	×	×	■	■	■
CVE-2025-3052	×	×	■	■	■	■	■	■	■
CVE-2025-32710	■	■	■	■	■	■	■	■	■
CVE-2025-32712	■	■	■	■	■	■	■	■	■
CVE-2025-32713	■	■	■	■	■	■	■	■	■
CVE-2025-32714	■	■	■	■	■	■	■	■	■
CVE-2025-32715	×	■	■	■	■	■	■	■	■
CVE-2025-32716	■	■	■	■	■	■	■	■	×
CVE-2025-32718	×	×	■	■	■	■	■	■	■
CVE-2025-32719	×	×	×	×	■	■	■	■	■
CVE-2025-32720	×	×	×	■	■	■	■	■	■
CVE-2025-32721	×	×	×	×	■	■	■	■	■
CVE-2025-32722	×	×	■	■	■	■	■	■	■
CVE-2025-32724	■	■	■	■	■	■	■	■	■
CVE-2025-32725	×	×	×	×	■	■	■	■	■
CVE-2025-33050	×	×	×	×	■	■	■	■	■
CVE-2025-33052	×	×	×	×	×	■	■	■	■
CVE-2025-33053	■	■	■	■	■	■	■	■	■
CVE-2025-33055	×	×	×	×	■	■	■	■	■
CVE-2025-33056	■	■	■	■	■	■	■	■	■
CVE-2025-33057	■	■	■	■	■	■	■	■	■
CVE-2025-33058	×	×	×	×	■	■	■	■	■
CVE-2025-33059	×	×	×	×	■	■	■	■	■
CVE-2025-33060	×	×	×	■	■	■	■	■	■
CVE-2025-33061	×	×	×	×	■	■	■	■	■
CVE-2025-33062	×	×	×	×	■	■	■	■	■
CVE-2025-33063	×	×	×	×	×	■	■	■	■
CVE-2025-33064	■	■	■	■	■	■	■	■	■
CVE-2025-33065	×	×	×	×	■	■	■	■	■
CVE-2025-33066	■	■	■	■	■	■	■	■	■
CVE-2025-33067	×	×	×	×	■	■	■	■	■
CVE-2025-33068	×	×	×	■	■	■	■	×	■
CVE-2025-33069	×	×	×	×	×	×	×	×	■
CVE-2025-33070	×	■	■	■	■	■	■	■	■
CVE-2025-33071	×	×	■	■	■	■	■	■	■
CVE-2025-33073	■	■	■	■	■	■	■	■	■
CVE-2025-33075	■	■	■	■	■	■	■	■	■
CVE-2025-47160	×	×	■	■	■	■	■	■	■
CVE-2025-47955	■	■	■	■	■	■	■	■	■
CVE-2025-47969	×	×	×	×	×	×	×	×	■

 

Microsoft in the present day launched safety updates to repair at the very least 67 vulnerabilities in its Home windows working techniques and software program. Redmond warns that one of many flaws is already beneath energetic assault, and that software program blueprints exhibiting exploit a pervasive Home windows bug patched this month at the moment are public.

The only zero-day flaw this month is CVE-2025-33053, a distant code execution flaw within the Home windows implementation of WebDAV — an HTTP extension that lets customers remotely handle recordsdata and directories on a server. Whereas WebDAV isn’t enabled by default in Home windows, its presence in legacy or specialised techniques nonetheless makes it a related goal, stated Seth Hoyt, senior safety engineer at Automox.

Adam Barnett, lead software program engineer at Rapid7, stated Microsoft’s advisory for CVE-2025-33053 doesn’t point out that the Home windows implementation of WebDAV is listed as deprecated since November 2023, which in sensible phrases signifies that the WebClient service not begins by default.

“The advisory additionally has assault complexity as low, which signifies that exploitation doesn’t require preparation of the goal atmosphere in any means that’s past the attacker’s management,” Barnett stated. “Exploitation depends on the consumer clicking a malicious hyperlink. It’s not clear how an asset can be instantly weak if the service isn’t working, however all variations of Home windows obtain a patch, together with these launched because the deprecation of WebClient, like Server 2025 and Home windows 11 24H2.”

Microsoft warns that an “elevation of privilege” vulnerability within the Home windows Server Message Block (SMB) shopper (CVE-2025-33073) is more likely to be exploited, provided that proof-of-concept code for this bug is now public. CVE-2025-33073 has a CVSS danger rating of 8.8 (out of 10), and exploitation of the flaw results in the attacker gaining “SYSTEM” degree management over a weak PC.

“What makes this particularly harmful is that no additional consumer interplay is required after the preliminary connection—one thing attackers can usually set off with out the consumer realizing it,” stated Alex Vovk, co-founder and CEO of Action1. “Given the excessive privilege degree and ease of exploitation, this flaw poses a major danger to Home windows environments. The scope of affected techniques is intensive, as SMB is a core Home windows protocol used for file and printer sharing and inter-process communication.”

Past these highlights, 10 of the vulnerabilities fastened this month have been rated “vital” by Microsoft, together with eight distant code execution flaws.

Notably absent from this month’s patch batch is a repair for a newly found weak spot in Home windows Server 2025 that permits attackers to behave with the privileges of any consumer in Energetic Listing. The bug, dubbed “BadSuccessor,” was publicly disclosed by researchers at Akamai on Could 21, and a number of other public proof-of-concepts at the moment are accessible. Tenable’s Satnam Narang stated organizations which have at the very least one Home windows Server 2025 area controller ought to assessment permissions for principals and restrict these permissions as a lot as potential.

Adobe has launched updates for Acrobat Reader and 6 different merchandise addressing at the very least 259 vulnerabilities, most of them in an replace for Expertise Supervisor. Mozilla Firefox and Google Chrome each lately launched safety updates that require a restart of the browser to take impact. The newest Chrome replace fixes two zero-day exploits within the browser (CVE-2025-5419 and CVE-2025-4664).

For an in depth breakdown on the person safety updates launched by Microsoft in the present day, try the Patch Tuesday roundup from the SANS Web Storm Middle. Motion 1 has a breakdown of patches from Microsoft and a raft of different software program distributors releasing fixes this month. As at all times, please again up your system and/or knowledge earlier than patching, and be happy to drop a notice within the feedback when you run into any issues making use of these updates.

Microsoft on Tuesday launched software program updates to repair a minimum of 70 vulnerabilities in Home windows and associated merchandise, together with 5 zero-day flaws which might be already seeing energetic exploitation. Including to the sense of urgency with this month’s patch batch from Redmond are fixes for 2 different weaknesses that now have public proof-of-concept exploits obtainable.

Microsoft and a number of other safety companies have disclosed that attackers are exploiting a pair of bugs within the Home windows Widespread Log File System (CLFS) driver that enable attackers to raise their privileges on a weak machine. The Home windows CLFS is a important Home windows part liable for logging providers, and is broadly utilized by Home windows system providers and third-party functions for logging. Tracked as CVE-2025-32701 & CVE-2025-32706, these flaws are current in all supported variations of Home windows 10 and 11, in addition to their server variations.

Kev Breen, senior director of risk analysis at Immersive Labs, mentioned privilege escalation bugs assume an attacker already has preliminary entry to a compromised host, usually by a phishing assault or through the use of stolen credentials. But when that entry already exists, Breen mentioned, attackers can achieve entry to the rather more highly effective Home windows SYSTEM account, which may disable safety tooling and even achieve area administration stage permissions utilizing credential harvesting instruments.

“The patch notes don’t present technical particulars on how that is being exploited, and no Indicators of Compromise (IOCs) are shared, which means the one mitigation safety groups have is to use these patches instantly,” he mentioned. “The common time from public disclosure to exploitation at scale is lower than 5 days, with risk actors, ransomware teams, and associates fast to leverage these vulnerabilities.”

Two different zero-days patched by Microsoft right this moment additionally have been elevation of privilege flaws: CVE-2025-32709, which issues afd.sys, the Home windows Ancillary Operate Driver that allows Home windows functions to connect with the Web; and CVE-2025-30400, a weak spot within the Desktop Window Supervisor (DWM) library for Home windows. As Adam Barnett at Rapid7 notes, tomorrow marks the one-year anniversary of CVE-2024-30051, a earlier zero-day elevation of privilege vulnerability on this similar DWM part.

The fifth zero-day patched right this moment is CVE-2025-30397, a flaw within the Microsoft Scripting Engine, a key part utilized by Web Explorer and Web Explorer mode in Microsoft Edge.

Chris Goettl at Ivanti factors out that the Home windows 11 and Server 2025 updates embrace some new AI options that carry quite a lot of baggage and weigh in at round 4 gigabytes. Mentioned baggage consists of new synthetic intelligence (AI) capabilities, together with the controversial Recall function, which continuously takes screenshots of what customers are doing on Home windows CoPilot-enabled computer systems.

Microsoft went again to the drafting board on Recall after a fountain of detrimental suggestions from safety consultants, who warned it might current a pretty goal and a possible gold mine for attackers. Microsoft seems to have made some efforts to stop Recall from scooping up delicate monetary info, however privateness and safety issues nonetheless linger. Former Microsoftie Kevin Beaumont has a great teardown on Microsoft’s updates to Recall.

In any case, windowslatest.com studies that Home windows 11 model 24H2 reveals up prepared for downloads, even for those who don’t need it.

“It can now present up for ‘obtain and set up’ robotically for those who go to Settings > Home windows Replace and click on Examine for updates, however solely when your machine doesn’t have a compatibility maintain,” the publication reported. “Even for those who don’t verify for updates, Home windows 11 24H2 will robotically obtain sooner or later.”

Apple customers seemingly have their very own patching to do. On Could 12 Apple launched safety updates to repair a minimum of 30 vulnerabilities in iOS and iPadOS (the up to date model is eighteen.5). TechCrunch writes that iOS 18.5 additionally expands emergency satellite tv for pc capabilities to iPhone 13 homeowners for the primary time (beforehand it was solely obtainable on iPhone 14 or later).

Apple additionally launched updates for macOS Sequoia, macOS Sonoma, macOS Ventura, WatchOS, tvOS and visionOS. Apple mentioned there is no such thing as a indication of energetic exploitation for any of the vulnerabilities fastened this month.

As all the time, please again up your machine and/or essential knowledge earlier than trying any updates. And please be happy to hold forth within the feedback for those who run into any issues making use of any of those fixes.

Microsoft in the present day issued greater than 50 safety updates for its varied Home windows working methods, together with fixes for a whopping six zero-day vulnerabilities which are already seeing lively exploitation.

Two of the zero-day flaws embody CVE-2025-24991 and CVE-2025-24993, each vulnerabilities in NTFS, the default file system for Home windows and Home windows Server. Each require the attacker to trick a goal into mounting a malicious digital arduous disk. CVE-2025-24993 would result in the potential of native code execution, whereas CVE-2025-24991 might trigger NTFS to reveal parts of reminiscence.

Microsoft credit researchers at ESET with reporting the zero-day bug labeled CVE-2025-24983, an elevation of privilege vulnerability in older variations of Home windows. ESET mentioned the exploit was deployed by way of the PipeMagic backdoor, able to exfiltrating knowledge and enabling distant entry to the machine.

ESET’s Filip Jurčacko mentioned the exploit within the wild targets solely older variations of Home windows OS: Home windows 8.1 and Server 2012 R2. Though nonetheless utilized by hundreds of thousands, safety help for these merchandise ended greater than a 12 months in the past, and mainstream help ended years in the past. Nonetheless, ESET notes the vulnerability itself is also current in newer Home windows OS variations, together with Home windows 10 construct 1809 and the still-supported Home windows Server 2016.

Rapid7’s lead software program engineer Adam Barnett mentioned Home windows 11 and Server 2019 onwards will not be listed as receiving patches, so are presumably not weak.

“It’s not clear why newer Home windows merchandise dodged this explicit bullet,” Barnett wrote. “The Home windows 32 subsystem remains to be presumably alive and properly, since there isn’t any obvious point out of its demise on the Home windows shopper OS deprecated options checklist.”

The zero-day flaw CVE-2025-24984 is one other NTFS weak spot that may be exploited by inserting a malicious USB drive right into a Home windows laptop. Barnett mentioned Microsoft’s advisory for this bug doesn’t fairly be part of the dots, however profitable exploitation seems to imply that parts of heap reminiscence could possibly be improperly dumped right into a log file, which might then be combed by by an attacker hungry for privileged data.

“A comparatively low CVSSv3 base rating of 4.6 displays the sensible difficulties of real-world exploitation, however a motivated attacker can generally obtain extraordinary outcomes ranging from the smallest of toeholds, and Microsoft does fee this vulnerability as essential by itself proprietary severity rating scale,” Barnett mentioned.

One other zero-day mounted this month — CVE-2025-24985 — might enable attackers to put in malicious code. As with the NTFS bugs, this one requires that the consumer mount a malicious digital arduous drive.

The ultimate zero-day this month is CVE-2025-26633, a weak spot within the Microsoft Administration Console, a part of Home windows that offers system directors a approach to configure and monitor the system. Exploiting this flaw requires the goal to open a malicious file.

This month’s bundle of patch love from Redmond additionally addresses six different vulnerabilities Microsoft has rated “crucial,” which means that malware or malcontents might exploit them to grab management over weak PCs with no assist from customers.

Barnett noticed that that is now the sixth consecutive month the place Microsoft has printed zero-day vulnerabilities on Patch Tuesday with out evaluating any of them as crucial severity at time of publication.

The SANS Web Storm Heart has a helpful checklist of all of the Microsoft patches launched in the present day, listed by severity. Home windows enterprise directors would do properly to regulate askwoody.com, which frequently has the inside track on any patches inflicting issues. Please think about backing up your knowledge earlier than updating, and go away a remark under should you expertise any points making use of this month’s updates.

Microsoft on Tuesday launched 135 patches affecting 19 product households. Ten of the addressed points, all distant code execution points, are thought of by Microsoft to be of Important severity, and 18 have a CVSS base rating of 8.0 or increased. One, an Vital-severity elevation of privilege difficulty touching the Home windows Widespread Log File system driver, is understood to be beneath lively exploit within the wild.  

At patch time, 11 further CVEs usually tend to be exploited within the subsequent 30 days by the corporate’s estimation. Numerous of this month’s points are amenable to direct detection by Sophos protections, and we embrace info on these in a desk beneath.  

Along with these patches, sixteen Vital-severity Adobe Reader points affecting ColdFusion are lined within the launch. These are listed in Appendix D beneath. In a departure from ordinary process, we’re together with all Edge CVEs in our numbers this month the place potential, although these patches have been for essentially the most half made obtainable individually from right now’s launch. 

We’re as at all times together with on the finish of this publish further appendices itemizing all Microsoft’s patches sorted by severity, by predicted exploitability timeline and CVSS Base rating, and by product household; an appendix overlaying the advisory-style updates; and a breakout of the patches affecting the assorted Home windows Server platforms nonetheless in help.  

By the numbers 

• Whole CVEs: 135
• Publicly disclosed: 0
• Exploit detected: 1
• Severity
  • Important: 10
  • Vital: 114
  • Low: 2
  • Excessive / Medium / Low: 9 (Edge-related CVEs issued by Chromium; see Appendix C)
• Influence
  • Elevation of Privilege: 48
  • Distant Code Execution: 33
  • Data Disclosure: 18
  • Denial of Service: 14
  • Safety Characteristic Bypass: 9
  • Spoofing: 4
  • Unknown: 9 (Edge-related CVEs issued by Chromium; see Appendix C)
• CVSS rating 9.0 or higher: 0
• CVSS base rating 8.0 or higher: 18

 

Determine 1: Elevation of privilege accounts for over a 3rd of all April patches, however all of the Important-severity gadgets are distant code execution. (Please be aware that 9 of the Edge updates lined on this difficulty are usually not launched with full influence info and comply with a distinct severity schema, and thus don’t seem on this chart; please see Appendix C) 

Merchandise 

• Home windows: 89
• 365: 15
• Workplace: 15
• Edge: 13
• SharePoint: 6
• Visible Studio: 5
• Azure: 4
• Excel: 3
• Microsoft AutoUpdate (MAU) for Mac: 2
• Phrase: 2
• Entry: 1
• ASP.NET: 1
• Dynamics 365: 1
• OneNote: 1
• Outlook for Android: 1
• Energy Automate for Desktop: 1
• SQL Server: 1
• System Heart: 1
• Visible Studio Instruments for Purposes (VSTA): 1

As is our customized for this checklist, CVEs that apply to multiple product household are counted as soon as for every household they have an effect on. It ought to be famous that CVE names in April don’t at all times replicate affected product households carefully. In explicit, some CVEs names within the Workplace household might point out merchandise that don’t seem within the checklist of merchandise affected by the CVE, and vice versa.

Determine 2: Nineteen product households are affected by April’s patches; as famous above, 9 of the Edge updates lined on this difficulty are usually not launched with full influence info and comply with a distinct severity schema, and thus seem right here as “unknown” in influence; please see Appendix C 

Notable April updates 

Along with the problems mentioned above, quite a lot of particular gadgets advantage consideration.  

CVE-2025-26642, CVE-2025-27745, CVE-2025-27747, CVE-2025-27748, CVE-2025-27749, CVE-2025-27750, CVE-2025-27751, CVE-2025-2772, CVE-2025-29791, CVE-2025-29816, CVE-2025-29820, CVE-2025-29822 (12 CVEs) – assorted Workplace points 

Workplace takes a heavy patch load this month, and the information is especially not good for customers of Workplace LTSC for Mac 2021 and 2024. All twelve CVEs listed above are relevant to these variations, however the replace isn’t prepared but; affected events are suggested to watch these CVEs for replace availability. Worse, 5 of the twelve (CVE-2025-27745, CVE-2025-27748, CVE-2025-27749, CVE-2025-27752, CVE-2025-29791) embrace the Preview Pane as a vector, elevating 4 of them from Vital to Important severity.  

CVE-2025-26647 — Home windows Kerberos Elevation of Privilege Vulnerability 

An Vital-severity elevation of privilege difficulty, this one seems to hinge on the attacker’s means to compromise a trusted CA (Certificates Authority). If the attacker can accomplish that after which difficulty a certificates with a selected Topic Key Identifier (SKI) worth, they might then use that certificates to connect with the system, finally assuming the identification of any account. This one comes with really helpful mitigations, together with updating of all Home windows machines and area controllers to the patch launched right now, monitoring audit occasions to identify any machine or machine that escapes that replace, and enabling Enforcement Mode as soon as your surroundings now not makes use of certificates issued by authorities not within the NTAuth retailer. CA compromise is after all a longstanding drawback within the ecosystem; with this CVE marked by Microsoft as extra prone to be exploited throughout the subsequent 30 days, it’s price prioritizing in your property. 

CVE-2025-27743 — Microsoft System Heart Elevation of Privilege Vulnerability 

An Vital-severity elevation-of-privilege difficulty, this CVE touches a constellation of System Heart merchandise (Operations Supervisor, Service Supervisor, Orchestrator, Information Safety Supervisor, Digital Machine Supervisor) and impacts clients who re-use current System Heart .exe installer information to deploy new cases of their environments. The issue stems from an untrusted search path in System Heart, which an attacker may, with approved entry and a few facility with DLL hijacking, use to raise their privileges. Microsoft advises affected customers to delete their current installer setup information (.exe) after which obtain the most recent model of their System Heart product (.ZIP). 

CVE-2025-29809 — Home windows Kerberos Safety Characteristic Bypass Vulnerability 

One other difficulty doubtlessly requiring further care from directors, this Vital-severity safety function bypass requires rollback of a earlier coverage. To cite Microsoft’s steerage, “The coverage described in Steerage for blocking rollback of Virtualization-based Safety (VBS) associated safety updates has been up to date to account for the most recent modifications. For those who deployed this coverage, then you definitely’ll must redeploy utilizing the up to date coverage.” 

Additionally, for any readers who missed the announcement, opposite to earlier plans Microsoft shouldn’t be deprecating driver replace synchronization through WSUS (Home windows Server Replace Providers) simply but. These nonetheless counting on the service to do this work (significantly for “disconnected” units) have a reprieve for now, however ought to proceed planning to maneuver to the cloud-based companies Microsoft now prioritizes. 

Determine 3: As distant code execution did final month, elevation of privilege points handed the 100-CVE mark with this month’s Patch Tuesday launch 

Sophos protections 

CVE	Sophos Intercept X/Endpoint IPS	Sophos XGS Firewall
CVE-2025-27482	Exp/2527482-A	Exp/2527482-A
CVE-2025-29792	Exp/2529792-A	Exp/2529792-A
CVE-2025-29812	Exp/2529812-A	Exp/2529812-A
CVE-2025-29812	Exp/2529812-A	Exp/2529812-A

 

As you may each month, in the event you don’t need to wait in your system to drag down Microsoft’s updates itself, you may obtain them manually from the Home windows Replace Catalog web site. Run the winver.exe software to find out which construct of Home windows 10 or 11 you’re operating, then obtain the Cumulative Replace package deal in your particular system’s structure and construct quantity. 

Appendix A: Vulnerability Influence and Severity 

This can be a checklist of April patches sorted by influence, then sub-sorted by severity. Every checklist is additional organized by CVE.  

Elevation of Privilege (48 CVEs) 

Vital severity
CVE-2025-20570	Visible Studio Code Elevation of Privilege Vulnerability
CVE-2025-21191	Home windows Native Safety Authority (LSA) Elevation of Privilege Vulnerability
CVE-2025-21204	Home windows Course of Activation Elevation of Privilege Vulnerability
CVE-2025-24058	Home windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2025-24060	Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2025-24062	Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2025-24073	Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2025-24074	Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2025-26639	Home windows USB Print Driver Elevation of Privilege Vulnerability
CVE-2025-26640	Home windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-26648	Home windows Kernel Elevation of Privilege Vulnerability
CVE-2025-26649	Home windows Safe Channel Elevation of Privilege Vulnerability
CVE-2025-26665	Home windows upnphost.dll Elevation of Privilege Vulnerability
CVE-2025-26675	Home windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2025-26679	RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
CVE-2025-26681	Win32k Elevation of Privilege Vulnerability
CVE-2025-26687	Win32k Elevation of Privilege Vulnerability
CVE-2025-26688	Microsoft Digital Exhausting Disk Elevation of Privilege Vulnerability
CVE-2025-27467	Home windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-27475	Home windows Replace Stack Elevation of Privilege Vulnerability
CVE-2025-27476	Home windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-27478	Home windows Native Safety Authority (LSA) Elevation of Privilege Vulnerability
CVE-2025-27483	NTFS Elevation of Privilege Vulnerability
CVE-2025-27484	Home windows Common Plug and Play (UPnP) Machine Host Elevation of Privilege Vulnerability
CVE-2025-27489	Azure Native Elevation of Privilege Vulnerability
CVE-2025-27490	Home windows Bluetooth Service Elevation of Privilege Vulnerability
CVE-2025-27492	Home windows Safe Channel Elevation of Privilege Vulnerability
CVE-2025-27727	Home windows Installer Elevation of Privilege Vulnerability
CVE-2025-27728	Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2025-27730	Home windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-27731	Microsoft OpenSSH for Home windows Elevation of Privilege Vulnerability
CVE-2025-27732	Home windows Graphics Element Elevation of Privilege Vulnerability
CVE-2025-27733	NTFS Elevation of Privilege Vulnerability
CVE-2025-27739	Home windows Kernel Elevation of Privilege Vulnerability
CVE-2025-27740	Energetic Listing Certificates Providers Elevation of Privilege Vulnerability
CVE-2025-27741	NTFS Elevation of Privilege Vulnerability
CVE-2025-27743	Microsoft System Heart Elevation of Privilege Vulnerability
CVE-2025-27744	Microsoft Workplace Elevation of Privilege Vulnerability
CVE-2025-29792	Microsoft Workplace Elevation of Privilege Vulnerability
CVE-2025-29800	Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
CVE-2025-29801	Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
CVE-2025-29802	Visible Studio Elevation of Privilege Vulnerability
CVE-2025-29803	Visible Studio Instruments for Purposes and SQL Server Administration Studio Elevation of Privilege Vulnerability
CVE-2025-29804	Visible Studio Elevation of Privilege Vulnerability
CVE-2025-29810	Energetic Listing Area Providers Elevation of Privilege Vulnerability
CVE-2025-29811	Home windows Cellular Broadband Driver Elevation of Privilege Vulnerability
CVE-2025-29812	DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2025-29824	Home windows Widespread Log File System Driver Elevation of Privilege Vulnerability

 

Distant Code Execution (33 CVEs) 

Important severity
CVE-2025-26663	Home windows Light-weight Listing Entry Protocol (LDAP) Distant Code Execution Vulnerability
CVE-2025-26670	Light-weight Listing Entry Protocol (LDAP) Shopper Distant Code Execution Vulnerability
CVE-2025-26686	Home windows TCP/IP Distant Code Execution Vulnerability
CVE-2025-27480	Home windows Distant Desktop Providers Distant Code Execution Vulnerability
CVE-2025-27482	Home windows Distant Desktop Providers Distant Code Execution Vulnerability
CVE-2025-27491	Home windows Hyper-V Distant Code Execution Vulnerability
CVE-2025-27745	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-27748	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-27749	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-27752	Microsoft Excel Distant Code Execution Vulnerability
Vital severity
CVE-2025-21205	Home windows Telephony Service Distant Code Execution Vulnerability
CVE-2025-21221	Home windows Telephony Service Distant Code Execution Vulnerability
CVE-2025-21222	Home windows Telephony Service Distant Code Execution Vulnerability
CVE-2025-25000	Microsoft Edge (Chromium-based) Distant Code Execution Vulnerability
CVE-2025-26642	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-26666	Home windows Media Distant Code Execution Vulnerability
CVE-2025-26668	Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability
CVE-2025-26671	Home windows Distant Desktop Providers Distant Code Execution Vulnerability
CVE-2025-26674	Home windows Media Distant Code Execution Vulnerability
CVE-2025-27477	Home windows Telephony Service Distant Code Execution Vulnerability
CVE-2025-27481	Home windows Telephony Service Distant Code Execution Vulnerability
CVE-2025-27487	Distant Desktop Shopper Distant Code Execution Vulnerability
CVE-2025-27729	Home windows Shell Distant Code Execution Vulnerability
CVE-2025-27746	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-27747	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-27750	Microsoft Excel Distant Code Execution Vulnerability
CVE-2025-27751	Microsoft Excel Distant Code Execution Vulnerability
CVE-2025-29791	Microsoft Excel Distant Code Execution Vulnerability
CVE-2025-29793	Microsoft SharePoint Distant Code Execution Vulnerability
CVE-2025-29794	Microsoft SharePoint Distant Code Execution Vulnerability
CVE-2025-29815	Microsoft Edge (Chromium-based) Distant Code Execution Vulnerability
CVE-2025-29820	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-29823	Microsoft Excel Distant Code Execution Vulnerability

 

Data Disclosure (18 CVEs) 

Vital severity
CVE-2025-21197	Home windows NTFS Data Disclosure Vulnerability
CVE-2025-21203	Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability
CVE-2025-25002	Azure Native Cluster Data Disclosure Vulnerability
CVE-2025-26628	Azure Native Cluster Data Disclosure Vulnerability
CVE-2025-26664	Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability
CVE-2025-26667	Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability
CVE-2025-26669	Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability
CVE-2025-26672	Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability
CVE-2025-26676	Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability
CVE-2025-27474	Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability
CVE-2025-27736	Home windows Energy Dependency Coordinator Data Disclosure Vulnerability
CVE-2025-27738	Home windows Resilient File System (ReFS) Data Disclosure Vulnerability
CVE-2025-27742	NTFS Data Disclosure Vulnerability
CVE-2025-29805	Outlook for Android Data Disclosure Vulnerability
CVE-2025-29808	Home windows Cryptographic Providers Data Disclosure Vulnerability
CVE-2025-29817	Microsoft Energy Automate Desktop Data Disclosure Vulnerability
CVE-2025-29819	Home windows Admin Heart in Azure Portal Data Disclosure Vulnerability
CVE-2025-29821	Microsoft Dynamics Enterprise Central Data Disclosure Vulnerability

 

Denial of Service (14 CVEs) 

Vital severity
CVE-2025-21174	Home windows Requirements-Primarily based Storage Administration Service Denial of Service Vulnerability
CVE-2025-26641	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-26651	Home windows Native Session Supervisor (LSM) Denial of Service Vulnerability
CVE-2025-26652	Home windows Requirements-Primarily based Storage Administration Service Denial of Service Vulnerability
CVE-2025-26673	Home windows Light-weight Listing Entry Protocol (LDAP) Denial of Service Vulnerability
CVE-2025-26680	Home windows Requirements-Primarily based Storage Administration Service Denial of Service Vulnerability
CVE-2025-26682	ASP.NET Core and Visible Studio Denial of Service Vulnerability
CVE-2025-27469	Home windows Light-weight Listing Entry Protocol (LDAP) Denial of Service Vulnerability
CVE-2025-27470	Home windows Requirements-Primarily based Storage Administration Service Denial of Service Vulnerability
CVE-2025-27471	Microsoft Streaming Service Denial of Service Vulnerability
CVE-2025-27473	HTTP.sys Denial of Service Vulnerability
CVE-2025-27479	Kerberos Key Distribution Proxy Service Denial of Service Vulnerability
CVE-2025-27485	Home windows Requirements-Primarily based Storage Administration Service Denial of Service Vulnerability
CVE-2025-27486	Home windows Requirements-Primarily based Storage Administration Service Denial of Service Vulnerability

 

Safety Characteristic Bypass (9 CVEs) 

Vital severity
CVE-2025-26635	Home windows Hi there Safety Characteristic Bypass Vulnerability
CVE-2025-26637	BitLocker Safety Characteristic Bypass Vulnerability
CVE-2025-26678	Home windows Defender Software Management Safety Characteristic Bypass Vulnerability
CVE-2025-27472	Home windows Mark of the Net Safety Characteristic Bypass Vulnerability
CVE-2025-27735	Home windows Virtualization-Primarily based Safety (VBS) Safety Characteristic Bypass Vulnerability
CVE-2025-27737	Home windows Safety Zone Mapping Safety Characteristic Bypass Vulnerability
CVE-2025-29809	Home windows Kerberos Safety Characteristic Bypass Vulnerability
CVE-2025-29816	Microsoft Phrase Safety Characteristic Bypass Vulnerability
CVE-2025-29822	Microsoft OneNote Safety Characteristic Bypass Vulnerability

 

Spoofing (4 CVE) 

Vital severity
CVE-2025-26644	Home windows Hi there Spoofing Vulnerability
CVE-2025-26647	Home windows Kerberos Elevation of Privilege Vulnerability
CVE-2025-25001	Microsoft Edge for iOS Spoofing Vulnerability
CVE-2025-29796	Microsoft Edge for iOS Spoofing Vulnerability

 

 

Appendix B: Exploitability and CVSS 

This can be a checklist of the April CVEs judged by Microsoft to be both beneath exploitation within the wild or extra prone to be exploited within the wild throughout the first 30 days post-release. The checklist is additional organized by CVE.  

Exploitation detected
CVE-2025-29824	Home windows Widespread Log File System Driver Elevation of Privilege Vulnerability
Exploitation extra possible throughout the subsequent 30 days
CVE-2025-26663	Home windows Light-weight Listing Entry Protocol (LDAP) Distant Code Execution Vulnerability
CVE-2025-26670	Light-weight Listing Entry Protocol (LDAP) Shopper Distant Code Execution Vulnerability
CVE-2025-27472	Home windows Mark of the Net Safety Characteristic Bypass Vulnerability
CVE-2025-27480	Home windows Distant Desktop Providers Distant Code Execution Vulnerability
CVE-2025-27482	Home windows Distant Desktop Providers Distant Code Execution Vulnerability
CVE-2025-27727	Home windows Installer Elevation of Privilege Vulnerability
CVE-2025-29792	Microsoft Workplace Elevation of Privilege Vulnerability
CVE-2025-29793	Microsoft SharePoint Distant Code Execution Vulnerability
CVE-2025-29794	Microsoft SharePoint Distant Code Execution Vulnerability
CVE-2025-29809	Home windows Kerberos Safety Characteristic Bypass Vulnerability
CVE-2025-29812	DirectX Graphics Kernel Elevation of Privilege Vulnerability

 

This can be a checklist of April’s CVEs with a Microsoft-assessed CVSS Base rating of 8.0 or increased. They’re organized by rating and additional sorted by CVE. For extra info on how CVSS works, please see our sequence on patch prioritization schema. 

CVSS Base	CVSS Temporal	CVE	Title
8.8	7.7	CVE-2025-21205	Home windows Telephony Service Distant Code Execution Vulnerability
8.8	7.7	CVE-2025-21221	Home windows Telephony Service Distant Code Execution Vulnerability
8.8	7.7	CVE-2025-21222	Home windows Telephony Service Distant Code Execution Vulnerability
8.8	7.7	CVE-2025-25000	Microsoft Edge (Chromium-based) Distant Code Execution Vulnerability
8.8	7.7	CVE-2025-26669	Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability
8.8	7.7	CVE-2025-27477	Home windows Telephony Service Distant Code Execution Vulnerability
8.8	7.7	CVE-2025-27481	Home windows Telephony Service Distant Code Execution Vulnerability
8.8	7.7	CVE-2025-27740	Energetic Listing Certificates Providers Elevation of Privilege Vulnerability
8.8	7.7	CVE-2025-29794	Microsoft SharePoint Distant Code Execution Vulnerability
8.6	7.5	CVE-2025-27737	Home windows Safety Zone Mapping Safety Characteristic Bypass Vulnerability
8.4	7.3	CVE-2025-26678	Home windows Defender Software Management Safety Characteristic Bypass Vulnerability
8.1	7.1	CVE-2025-26647	Home windows Kerberos Elevation of Privilege Vulnerability
8.1	7.1	CVE-2025-26663	Home windows Light-weight Listing Entry Protocol (LDAP) Distant Code Execution Vulnerability
8.1	7.1	CVE-2025-26670	Light-weight Listing Entry Protocol (LDAP) Shopper Distant Code Execution Vulnerability
8.1	7.1	CVE-2025-26671	Home windows Distant Desktop Providers Distant Code Execution Vulnerability
8.1	7.1	CVE-2025-27480	Home windows Distant Desktop Providers Distant Code Execution Vulnerability
8.1	7.1	CVE-2025-27482	Home windows Distant Desktop Providers Distant Code Execution Vulnerability
8.0	7.0	CVE-2025-27487	Distant Desktop Shopper Distant Code Execution Vulnerability

 

Appendix C: Merchandise Affected 

This can be a checklist of April’s patches sorted by product household, then sub-sorted by severity. Every checklist is additional organized by CVE. Patches which can be shared amongst a number of product households are listed a number of instances, as soon as for every product household. Points affecting Home windows Server are additional sorted in Appendix E.  

Home windows (89 CVEs) 

Important severity
CVE-2025-26663	Home windows Light-weight Listing Entry Protocol (LDAP) Distant Code Execution Vulnerability
CVE-2025-26670	Light-weight Listing Entry Protocol (LDAP) Shopper Distant Code Execution Vulnerability
CVE-2025-26686	Home windows TCP/IP Distant Code Execution Vulnerability
CVE-2025-27480	Home windows Distant Desktop Providers Distant Code Execution Vulnerability
CVE-2025-27482	Home windows Distant Desktop Providers Distant Code Execution Vulnerability
CVE-2025-27491	Home windows Hyper-V Distant Code Execution Vulnerability
Vital severity
CVE-2025-21174	Home windows Requirements-Primarily based Storage Administration Service Denial of Service Vulnerability
CVE-2025-21191	Home windows Native Safety Authority (LSA) Elevation of Privilege Vulnerability
CVE-2025-21197	Home windows NTFS Data Disclosure Vulnerability
CVE-2025-21203	Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability
CVE-2025-21204	Home windows Course of Activation Elevation of Privilege Vulnerability
CVE-2025-21205	Home windows Telephony Service Distant Code Execution Vulnerability
CVE-2025-21221	Home windows Telephony Service Distant Code Execution Vulnerability
CVE-2025-21222	Home windows Telephony Service Distant Code Execution Vulnerability
CVE-2025-24058	Home windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2025-24060	Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2025-24062	Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2025-24073	Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2025-24074	Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2025-26635	Home windows Hi there Safety Characteristic Bypass Vulnerability
CVE-2025-26637	BitLocker Safety Characteristic Bypass Vulnerability
CVE-2025-26639	Home windows USB Print Driver Elevation of Privilege Vulnerability
CVE-2025-26640	Home windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-26641	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-26644	Home windows Hi there Spoofing Vulnerability
CVE-2025-26647	Home windows Kerberos Elevation of Privilege Vulnerability
CVE-2025-26648	Home windows Kernel Elevation of Privilege Vulnerability
CVE-2025-26649	Home windows Safe Channel Elevation of Privilege Vulnerability
CVE-2025-26651	Home windows Native Session Supervisor (LSM) Denial of Service Vulnerability
CVE-2025-26652	Home windows Requirements-Primarily based Storage Administration Service Denial of Service Vulnerability
CVE-2025-26664	Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability
CVE-2025-26665	Home windows upnphost.dll Elevation of Privilege Vulnerability
CVE-2025-26666	Home windows Media Distant Code Execution Vulnerability
CVE-2025-26667	Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability
CVE-2025-26668	Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability
CVE-2025-26669	Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability
CVE-2025-26671	Home windows Distant Desktop Providers Distant Code Execution Vulnerability
CVE-2025-26672	Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability
CVE-2025-26673	Home windows Light-weight Listing Entry Protocol (LDAP) Denial of Service Vulnerability
CVE-2025-26674	Home windows Media Distant Code Execution Vulnerability
CVE-2025-26675	Home windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2025-26676	Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability
CVE-2025-26678	Home windows Defender Software Management Safety Characteristic Bypass Vulnerability
CVE-2025-26679	RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
CVE-2025-26680	Home windows Requirements-Primarily based Storage Administration Service Denial of Service Vulnerability
CVE-2025-26681	Win32k Elevation of Privilege Vulnerability
CVE-2025-26687	Win32k Elevation of Privilege Vulnerability
CVE-2025-26688	Microsoft Digital Exhausting Disk Elevation of Privilege Vulnerability
CVE-2025-27467	Home windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-27469	Home windows Light-weight Listing Entry Protocol (LDAP) Denial of Service Vulnerability
CVE-2025-27470	Home windows Requirements-Primarily based Storage Administration Service Denial of Service Vulnerability
CVE-2025-27471	Microsoft Streaming Service Denial of Service Vulnerability
CVE-2025-27472	Home windows Mark of the Net Safety Characteristic Bypass Vulnerability
CVE-2025-27473	HTTP.sys Denial of Service Vulnerability
CVE-2025-27474	Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability
CVE-2025-27475	Home windows Replace Stack Elevation of Privilege Vulnerability
CVE-2025-27476	Home windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-27477	Home windows Telephony Service Distant Code Execution Vulnerability
CVE-2025-27478	Home windows Native Safety Authority (LSA) Elevation of Privilege Vulnerability
CVE-2025-27479	Kerberos Key Distribution Proxy Service Denial of Service Vulnerability
CVE-2025-27481	Home windows Telephony Service Distant Code Execution Vulnerability
CVE-2025-27483	NTFS Elevation of Privilege Vulnerability
CVE-2025-27484	Home windows Common Plug and Play (UPnP) Machine Host Elevation of Privilege Vulnerability
CVE-2025-27485	Home windows Requirements-Primarily based Storage Administration Service Denial of Service Vulnerability
CVE-2025-27486	Home windows Requirements-Primarily based Storage Administration Service Denial of Service Vulnerability
CVE-2025-27487	Distant Desktop Shopper Distant Code Execution Vulnerability
CVE-2025-27490	Home windows Bluetooth Service Elevation of Privilege Vulnerability
CVE-2025-27492	Home windows Safe Channel Elevation of Privilege Vulnerability
CVE-2025-27727	Home windows Installer Elevation of Privilege Vulnerability
CVE-2025-27728	Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2025-27729	Home windows Shell Distant Code Execution Vulnerability
CVE-2025-27730	Home windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-27731	Microsoft OpenSSH for Home windows Elevation of Privilege Vulnerability
CVE-2025-27732	Home windows Graphics Element Elevation of Privilege Vulnerability
CVE-2025-27733	NTFS Elevation of Privilege Vulnerability
CVE-2025-27735	Home windows Virtualization-Primarily based Safety (VBS) Safety Characteristic Bypass Vulnerability
CVE-2025-27736	Home windows Energy Dependency Coordinator Data Disclosure Vulnerability
CVE-2025-27737	Home windows Safety Zone Mapping Safety Characteristic Bypass Vulnerability
CVE-2025-27738	Home windows Resilient File System (ReFS) Data Disclosure Vulnerability
CVE-2025-27739	Home windows Kernel Elevation of Privilege Vulnerability
CVE-2025-27740	Energetic Listing Certificates Providers Elevation of Privilege Vulnerability
CVE-2025-27741	NTFS Elevation of Privilege Vulnerability
CVE-2025-27742	NTFS Data Disclosure Vulnerability
CVE-2025-29808	Home windows Cryptographic Providers Data Disclosure Vulnerability
CVE-2025-29809	Home windows Kerberos Safety Characteristic Bypass Vulnerability
CVE-2025-29810	Energetic Listing Area Providers Elevation of Privilege Vulnerability
CVE-2025-29811	Home windows Cellular Broadband Driver Elevation of Privilege Vulnerability
CVE-2025-29812	DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2025-29824	Home windows Widespread Log File System Driver Elevation of Privilege Vulnerability

 

365 (15 CVEs) 

Important severity
CVE-2025-27745	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-27748	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-27749	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-27752	Microsoft Excel Distant Code Execution Vulnerability
Vital severity
CVE-2025-26642	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-27746	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-27747	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-27750	Microsoft Excel Distant Code Execution Vulnerability
CVE-2025-27751	Microsoft Excel Distant Code Execution Vulnerability
CVE-2025-29791	Microsoft Excel Distant Code Execution Vulnerability
CVE-2025-29792	Microsoft Workplace Elevation of Privilege Vulnerability
CVE-2025-29816	Microsoft Phrase Safety Characteristic Bypass Vulnerability
CVE-2025-29820	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-29822	Microsoft OneNote Safety Characteristic Bypass Vulnerability
CVE-2025-29823	Microsoft Excel Distant Code Execution Vulnerability

 

Workplace (15 CVEs) 

Important severity
CVE-2025-27745	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-27748	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-27749	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-27752	Microsoft Excel Distant Code Execution Vulnerability
Vital severity
CVE-2025-26642	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-26687	Win32k Elevation of Privilege Vulnerability
CVE-2025-27744	Microsoft Workplace Elevation of Privilege Vulnerability
CVE-2025-27746	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-27747	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-27750	Microsoft Excel Distant Code Execution Vulnerability
CVE-2025-27751	Microsoft Excel Distant Code Execution Vulnerability
CVE-2025-29792	Microsoft Workplace Elevation of Privilege Vulnerability
CVE-2025-29816	Microsoft Phrase Safety Characteristic Bypass Vulnerability
CVE-2025-29820	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-29822	Microsoft OneNote Safety Characteristic Bypass Vulnerability

 

Edge (13 CVEs) 

Vital severity
CVE-2025-25000	Microsoft Edge (Chromium-based) Distant Code Execution Vulnerability
CVE-2025-29815	Microsoft Edge (Chromium-based) Distant Code Execution Vulnerability
Low severity
CVE-2025-25001	Microsoft Edge for iOS Spoofing Vulnerability
CVE-2025-29796	Microsoft Edge for iOS Spoofing Vulnerability
Chromium severity schema
Excessive severity
CVE-2025-3066	Chromium: CVE-2025-3066 Use after free in Navigations
Medium severity
CVE-2025-3067	Chromium: CVE-2025-3067 Inappropriate implementation in Customized Tabs
CVE-2025-3068	Chromium: CVE-2025-3068 Inappropriate implementation in Intents
CVE-2025-3069	Chromium: CVE-2025-3069 Inappropriate implementation in Extensions
CVE-2025-3070	Chromium: CVE-2025-3070 Inadequate validation of untrusted enter in Extensions
Low severity
CVE-2025-3071	Chromium: CVE-2025-3071 Inappropriate implementation in Navigations
CVE-2025-3072	Chromium: CVE-2025-3072 Inappropriate implementation in Customized Tabs
CVE-2025-3073	Chromium: CVE-2025-3073 Inappropriate implementation in Autofill
CVE-2025-3074	Chromium: CVE-2025-3074 Inappropriate implementation in Downloads

 

SharePoint (6 CVEs) 

Vital severity
CVE-2025-26642	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-27746	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-27747	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-29793	Microsoft SharePoint Distant Code Execution Vulnerability
CVE-2025-29794	Microsoft SharePoint Distant Code Execution Vulnerability
CVE-2025-29820	Microsoft Phrase Distant Code Execution Vulnerability

 

Visible Studio (5 CVEs) 

Vital severity
CVE-2025-20570	Visible Studio Code Elevation of Privilege Vulnerability
CVE-2025-26682	ASP.NET Core and Visible Studio Denial of Service Vulnerability
CVE-2025-29802	Visible Studio Elevation of Privilege Vulnerability
CVE-2025-29804	Visible Studio Elevation of Privilege Vulnerability

 

Azure (4 CVEs) 

Vital severity
CVE-2025-25002	Azure Native Cluster Data Disclosure Vulnerability
CVE-2025-26628	Azure Native Cluster Data Disclosure Vulnerability
CVE-2025-27489	Azure Native Elevation of Privilege Vulnerability
CVE-2025-29819	Home windows Admin Heart in Azure Portal Data Disclosure Vulnerability

 

Excel (3 CVEs) 

Vital severity
CVE-2025-26642	Microsoft Workplace Distant Code Execution Vulnerability
CVE-2025-27750	Microsoft Excel Distant Code Execution Vulnerability
CVE-2025-27751	Microsoft Excel Distant Code Execution Vulnerability

 

Microsoft AutoUpdater for Mac (2 CVEs) 

Vital severity
CVE-2025-29800	Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
CVE-2025-29801	Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Phrase (2 CVEs) 

Vital severity
CVE-2025-27747	Microsoft Phrase Distant Code Execution Vulnerability
CVE-2025-29816	Microsoft Phrase Safety Characteristic Bypass Vulnerability

Entry (1 CVE) 

Vital severity
CVE-2025-26642	Microsoft Workplace Distant Code Execution Vulnerability

 

ASP.NET (1 CVE) 

Vital severity
CVE-2025-26682	ASP.NET Core and Visible Studio Denial of Service Vulnerability

 

Dynamics 365 (1 CVE) 

Vital severity
CVE-2025-29821	Microsoft Dynamics Enterprise Central Data Disclosure Vulnerability

 

OneNote (1 CVE) 

Vital severity
CVE-2025-29822	Microsoft OneNote Safety Characteristic Bypass Vulnerability

 

Outlook for Android (1 CVE) 

Vital severity
CVE-2025-29805	Outlook for Android Data Disclosure Vulnerability

 

Energy Automate Desktop (1 CVE) 

Vital severity
CVE-2025-29817	Microsoft Energy Automate Desktop Data Disclosure Vulnerability

 

SQL Server (1 CVE) 

Vital severity
CVE-2025-29803	Visible Studio Instruments for Purposes and SQL Server Administration Studio Elevation of Privilege Vulnerability

 

System Heart (1 CVE) 

Vital severity
CVE-2025-27743	Microsoft System Heart Elevation of Privilege Vulnerability

 

VSTA (1 CVE) 

Vital severity
CVE-2025-29803	Visible Studio Instruments for Purposes and SQL Server Administration Studio Elevation of Privilege Vulnerability

 

Appendix D: Advisories and Different Merchandise 

There are 16 Adobe advisories on this month’s launch. 

CVE-2025-24446	APSB25-15	Improper Enter Validation
CVE-2025-24447	APSB25-15	Deserialization of Untrusted Information
CVE-2025-30281	APSB25-15	Improper Entry Management
CVE-2025-30282	APSB25-15	Improper Authentication
CVE-2025-30283	APSB25-15	Improper Enter Validation
CVE-2025-30284	APSB25-15	Deserialization of Untrusted Information
CVE-2025-30285	APSB25-15	Deserialization of Untrusted Information
CVE-2025-30286	APSB25-15	Improper Neutralization of Particular Parts utilized in an OS Command (‘OS Command Injection’)
CVE-2025-30287	APSB25-15	Improper Authentication
CVE-2025-30288	APSB25-15	Improper Entry Management
CVE-2025-30289	APSB25-15	Improper Neutralization of Particular Parts utilized in an OS Command (‘OS Command Injection’)
CVE-2025-30290	APSB25-15	Improper Limitation of a Pathname to a Restricted Listing (‘Path Traversal’)
CVE-2025-30291	APSB25-15	Data Publicity
CVE-2025-30292	APSB25-15	Cross-site Scripting (Mirrored XSS)
CVE-2025-30293	APSB25-15	Improper Enter Validation
CVE-2025-30294	APSB25-15	Improper Enter Validation

 

Appendix E: Affected Home windows Server variations 

This can be a desk of the CVEs within the April launch affecting 9 Home windows Server variations, 2008 by way of 2025. The desk differentiates amongst main variations of the platform however doesn’t go into deeper element (eg., Server Core). Important-severity points are marked in purple; an “x” signifies that the CVE doesn’t apply to that model. Directors are inspired to make use of this appendix as a place to begin to determine their particular publicity, as every reader’s state of affairs, particularly because it issues merchandise out of mainstream help, will fluctuate. For particular Information Base numbers, please seek the advice of Microsoft. Please be aware that CVE-2025-27475 is a client-only Home windows difficulty and thus seems on this chart, however with no server variations marked. 

	2008	2008-R2	2012	2012-R2	2016	2019	2022	2022 23H2	2025
CVE-2025-21174	×	×	×	■	■	■	■	×	■
CVE-2025-21191	■	■	■	■	■	■	■	■	■
CVE-2025-21197	■	■	■	■	■	■	■	■	■
CVE-2025-21203	■	■	■	■	■	■	■	■	■
CVE-2025-21204	■	■	■	■	■	■	■	■	■
CVE-2025-21205	■	■	■	■	■	■	■	■	■
CVE-2025-21221	■	■	■	■	■	■	■	■	■
CVE-2025-21222	■	■	■	■	■	■	■	■	■
CVE-2025-24058	×	×	×	×	×	■	■	■	■
CVE-2025-24060	×	×	×	×	×	■	■	■	■
CVE-2025-24062	×	×	×	×	×	×	■	■	■
CVE-2025-24073	×	×	×	×	■	■	■	■	■
CVE-2025-24074	×	×	×	×	×	■	■	■	■
CVE-2025-26635	×	×	×	×	×	■	■	■	×
CVE-2025-26637	×	×	×	■	■	■	■	■	■
CVE-2025-26639	×	×	×	×	×	×	■	■	■
CVE-2025-26640	×	×	×	×	×	■	×	■	■
CVE-2025-26641	■	■	■	■	■	■	■	■	■
CVE-2025-26644	×	×	×	×	×	■	×	×	■
CVE-2025-26647	■	■	■	■	■	■	■	■	■
CVE-2025-26648	×	■	■	■	■	■	■	■	■
CVE-2025-26649	×	×	×	×	×	×	■	■	■
CVE-2025-26651	×	×	×	×	×	×	■	■	■
CVE-2025-26652	×	×	×	■	■	■	■	×	■
CVE-2025-26663	■	■	■	■	■	■	■	■	■
CVE-2025-26664	■	■	■	■	■	■	■	■	■
CVE-2025-26665	■	■	■	■	■	■	■	■	■
CVE-2025-26666	×	×	×	×	×	■	■	■	■
CVE-2025-26667	■	■	■	■	■	■	■	■	■
CVE-2025-26668	■	■	■	■	■	■	■	■	■
CVE-2025-26669	■	■	■	■	■	■	■	■	■
CVE-2025-26670	■	■	■	■	■	■	■	■	■
CVE-2025-26671	×	■	■	■	■	■	■	■	■
CVE-2025-26672	■	■	■	■	■	■	■	■	■
CVE-2025-26673	■	■	■	■	■	■	■	■	■
CVE-2025-26674	×	×	×	×	×	■	■	■	■
CVE-2025-26675	×	×	×	×	×	×	■	■	■
CVE-2025-26676	■	■	■	■	■	■	■	■	■
CVE-2025-26678	×	×	×	×	×	■	■	■	■
CVE-2025-26679	■	■	■	■	■	■	■	■	■
CVE-2025-26680	×	×	×	■	■	■	■	×	■
CVE-2025-26681	×	×	×	×	×	×	■	■	■
CVE-2025-26686	■	■	■	■	■	■	■	■	■
CVE-2025-26687	■	■	■	■	■	■	■	■	■
CVE-2025-26688	×	×	■	■	■	■	■	■	■
CVE-2025-27467	×	×	×	×	×	■	×	■	■
CVE-2025-27469	■	■	■	■	■	■	■	■	■
CVE-2025-27470	×	×	×	■	■	■	■	×	■
CVE-2025-27471	■	■	■	■	■	■	■	■	■
CVE-2025-27472	×	×	■	■	×	×	×	×	×
CVE-2025-27473	■	■	■	■	■	■	■	■	■
CVE-2025-27474	■	■	■	■	■	■	■	■	■
CVE-2025-27475	×	×	×	×	×	×	×	×	×
CVE-2025-27476	×	×	×	×	×	■	×	■	■
CVE-2025-27477	■	■	■	■	■	■	■	■	■
CVE-2025-27478	■	■	■	■	■	■	■	■	■
CVE-2025-27479	×	×	■	■	■	■	■	■	■
CVE-2025-27480	×	×	■	■	■	■	■	■	■
CVE-2025-27481	■	■	■	■	■	■	■	■	■
CVE-2025-27482	×	×	×	×	■	■	■	■	■
CVE-2025-27483	×	×	×	■	■	■	×	×	×
CVE-2025-27484	■	■	■	■	■	■	■	■	■
CVE-2025-27485	×	×	×	■	■	■	■	×	■
CVE-2025-27486	×	×	×	■	■	■	■	×	■
CVE-2025-27487	×	■	■	■	■	■	■	■	■
CVE-2025-27490	×	×	×	×	×	×	■	■	■
CVE-2025-27491	×	×	×	×	■	■	■	■	■
CVE-2025-27492	×	×	×	×	×	×	■	■	■
CVE-2025-27727	■	■	■	■	■	■	■	■	■
CVE-2025-27728	×	×	×	×	×	×	×	×	■
CVE-2025-27729	×	×	×	×	×	×	×	×	■
CVE-2025-27730	×	×	×	×	×	■	×	■	■
CVE-2025-27731	×	×	×	×	×	■	■	■	■
CVE-2025-27732	■	■	■	■	■	■	■	■	■
CVE-2025-27733	■	■	■	■	■	■	×	×	×
CVE-2025-27735	×	×	×	×	■	■	■	■	■
CVE-2025-27736	×	×	×	×	■	■	■	■	■
CVE-2025-27737	■	■	■	■	■	■	■	■	■
CVE-2025-27738	×	×	■	■	■	■	■	■	■
CVE-2025-27739	×	×	×	×	×	■	■	■	■
CVE-2025-27740	■	■	■	■	■	■	■	■	■
CVE-2025-27741	■	■	■	■	■	×	×	×	×
CVE-2025-27742	■	■	■	■	■	■	■	■	■
CVE-2025-29808	×	×	×	×	×	×	■	×	×
CVE-2025-29809	×	×	×	×	■	■	■	■	■
CVE-2025-29810	■	■	■	■	■	■	■	■	■
CVE-2025-29811	×	×	×	×	×	×	×	■	■
CVE-2025-29812	×	×	×	×	×	×	■	■	■
CVE-2025-29824	■	■	■	■	■	■	■	■	■