Advisory

Microsoft releases May 2025 Patch Tuesday updates addressing 72 vulnerabilities

Take action: This month prioritize updating Windows OS patching, Microsoft Defender, Visual Studio and Microsoft office. All these havee actively exploited flaws. Then move on to Azure Devops and Powerapps, they carry critical flaws which will probably be next in line to be attacked. Don't delay on the Windows update, there are actively exploited flaws.

Learn More

Microsoft has released its May 2025 Patch Tuesday security updates, addressing a total of 72 vulnerabilities across its product ecosystem. This update includes patches for five actively exploited zero-day vulnerabilities and two publicly disclosed zero-day flaws.

Actively Exploited Zero-Day Vulnerabilities

  • CVE-2025-30400 - Microres tricking authenticated users into clicking specially crafted links in Edge or Internet Explorer

Microsoft has not provided specific details on how these vulnerabilities were exploited in real-world attacks.

Two publicly disclosed zero-day vulnerabilities have also been patched:

  • CVE-2025-26685 - Microsoft Defender for Identity Spoofing Vulnerability. Allows unauthenticated attackers with LAN access to spoof another account due to improper authentication
  • CVE-2025-32702 - Visual Studio Remote Code Execution Vulnerability. Enables unauthenticated attackers to execute code locally through command injection

Critical flaws

  • CVE-2025-33072 - Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability
  • CVE-2025-29827 - Azure Automation Elevation of Privilege Vulnerability
  • CVE-2025-29813 - Azure DevOps Server Elevation of Privilege Vulnerability
  • CVE-2025-29972 - Azure Storage Resource Provider Spoofing Vulnerability
  • CVE-2025-47732 - Microsoft Dataverse Remote Code Execution Vulnerability
  • CVE-2025-30377 - Microsoft Office Remote Code Execution Vulnerability
  • CVE-2025-30386 - Microsoft Office Remote Code Execution Vulnerability
  • CVE-2025-47733 - Microsoft Power Apps Information Disclosure Vulnerability
  • CVE-2025-29967 - Remote Desktop Client Remote Code Execution Vulnerability
  • CVE-2025-29966 - Remote Desktop Client Remote Code Execution Vulnerability
  • CVE-2025-29833 - Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability

The May 2025 Patch Tuesday addresses vulnerabilities across multiple severity levels and categories:

  • 17 Elevation of Privilege Vulnerabilities
  • 2 Security Feature Bypass Vulnerabilities
  • 28 Remote Code Execution Vulnerabilities
  • 15 Information Disclosure Vulnerabilities
  • 7 Denial of Service Vulnerabilities
  • 2 Spoofing Vulnerabilities

Full list of fixes

TagCVE IDCVE TitleSeverity
.NET, Visual Studio, and Build Tools for Visual StudioCVE-2025-26646.NET, Visual Studio, and Build Tools for Visual Studio Spoofing VulnerabilityImportant
Active Directory Certificate Services (AD CS)CVE-2025-29968Active Directory Certificate Services (AD CS) Denial of Service VulnerabilityImportant
AzureCVE-2025-33072Microsoft msagsfeedback.azurewebsites.net Information Disclosure VulnerabilityCritical
AzureCVE-2025-30387Document Intelligence Studio On-Prem Elevation of Privilege VulnerabilityImportant
Azure AutomationCVE-2025-29827Azure Automation Elevation of Privilege VulnerabilityCritical
Azure DevOpsCVE-2025-29813Azure DevOps Server Elevation of Privilege VulnerabilityCritical
Azure File SyncCVE-2025-29973Microsoft Azure File Sync Elevation of Privilege VulnerabilityImportant
Azure Storage Resource ProviderCVE-2025-29972Azure Storage Resource Provider Spoofing VulnerabilityCritical
Microsoft Brokering File SystemCVE-2025-29970Microsoft Brokering File System Elevation of Privilege VulnerabilityImportant
Microsoft DataverseCVE-2025-47732Microsoft Dataverse Remote Code Execution VulnerabilityCritical
Microsoft DataverseCVE-2025-29826Microsoft Dataverse Elevation of Privilege VulnerabilityImportant
Microsoft Defender for EndpointCVE-2025-26684Microsoft Defender Elevation of Privilege VulnerabilityImportant
Microsoft Defender for IdentityCVE-2025-26685Microsoft Defender for Identity Spoofing VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2025-4050Chromium: CVE-2025-4050 Out of bounds memory access in DevToolsUnknown
Microsoft Edge (Chromium-based)CVE-2025-4096Chromium: CVE-2025-4096 Heap buffer overflow in HTMLUnknown
Microsoft Edge (Chromium-based)CVE-2025-29825Microsoft Edge (Chromium-based) Spoofing VulnerabilityLow
Microsoft Edge (Chromium-based)CVE-2025-4052Chromium: CVE-2025-4052 Inappropriate implementation in DevToolsUnknown
Microsoft Edge (Chromium-based)CVE-2025-4051Chromium: CVE-2025-4051 Insufficient data validation in DevToolsUnknown
Microsoft Edge (Chromium-based)CVE-2025-4372Chromium: CVE-2025-4372 Use after free in WebAudioUnknown
Microsoft OfficeCVE-2025-30377Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-30386Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft Office ExcelCVE-2025-29977Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-30383Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-29979Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-30376Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-30393Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-32704Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-30375Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-30379Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-30381Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office OutlookCVE-2025-32705Microsoft Outlook Remote Code Execution VulnerabilityImportant
Microsoft Office PowerPointCVE-2025-29978Microsoft PowerPoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2025-30378Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2025-30382Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2025-30384Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2025-29976Microsoft SharePoint Server Elevation of Privilege VulnerabilityImportant
Microsoft PC ManagerCVE-2025-29975Microsoft PC Manager Elevation of Privilege VulnerabilityImportant
Microsoft Power AppsCVE-2025-47733Microsoft Power Apps Information Disclosure VulnerabilityCritical
Microsoft Scripting EngineCVE-2025-30397Scripting Engine Memory Corruption VulnerabilityImportant
Remote Desktop Gateway ServiceCVE-2025-26677Windows Remote Desktop Gateway (RD Gateway) Denial of Service VulnerabilityImportant
Remote Desktop Gateway ServiceCVE-2025-29967Remote Desktop Client Remote Code Execution VulnerabilityCritical
Remote Desktop Gateway ServiceCVE-2025-29831Windows Remote Desktop Services Remote Code Execution VulnerabilityImportant
Remote Desktop Gateway ServiceCVE-2025-30394Windows Remote Desktop Gateway (RD Gateway) Denial of Service VulnerabilityImportant
Role: Windows Hyper-VCVE-2025-29955Windows Hyper-V Denial of Service VulnerabilityImportant
Universal Print Management ServiceCVE-2025-29841Universal Print Management Service Elevation of Privilege VulnerabilityImportant
UrlMonCVE-2025-29842UrlMon Security Feature Bypass VulnerabilityImportant
Visual StudioCVE-2025-32703Visual Studio Information Disclosure VulnerabilityImportant
Visual StudioCVE-2025-32702Visual Studio Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2025-21264Visual Studio Code Security Feature Bypass VulnerabilityImportant
Web Threat Defense (WTD.sys)CVE-2025-29971Web Threat Defense (WTD.sys) Denial of Service VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2025-32709Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2025-32701Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2025-30385Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2025-32706Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Deployment ServicesCVE-2025-29957Windows Deployment Services Denial of Service VulnerabilityImportant
Windows DriversCVE-2025-29838Windows ExecutionContext Driver Elevation of Privilege VulnerabilityImportant
Windows DWMCVE-2025-30400Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows File ServerCVE-2025-29839Windows Multiple UNC Provider Driver Information Disclosure VulnerabilityImportant
Windows FundamentalsCVE-2025-29969MS-EVEN RPC Remote Code Execution VulnerabilityImportant
Windows Hardware Lab KitCVE-2025-27488Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2025-29837Windows Installer Information Disclosure VulnerabilityImportant
Windows KernelCVE-2025-24063Kernel Streaming Service Driver Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2025-29974Windows Kernel Information Disclosure VulnerabilityImportant
Windows LDAP - Lightweight Directory Access ProtocolCVE-2025-29954Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityImportant
Windows MediaCVE-2025-29962Windows Media Remote Code Execution VulnerabilityImportant
Windows MediaCVE-2025-29963Windows Media Remote Code Execution VulnerabilityImportant
Windows MediaCVE-2025-29964Windows Media Remote Code Execution VulnerabilityImportant
Windows MediaCVE-2025-29840Windows Media Remote Code Execution VulnerabilityImportant
Windows NTFSCVE-2025-32707NTFS Elevation of Privilege VulnerabilityImportant
Windows Remote DesktopCVE-2025-29966Remote Desktop Client Remote Code Execution VulnerabilityCritical
Windows Routing and Remote Access Service (RRAS)CVE-2025-29836Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-29959Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-29835Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-29960Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-29832Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-29830Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-29961Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-29958Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Secure Kernel ModeCVE-2025-27468Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows SMBCVE-2025-29956Windows SMB Information Disclosure VulnerabilityImportant
Windows Trusted Runtime Interface DriverCVE-2025-29829Windows Trusted Runtime Interface Driver Information Disclosure VulnerabilityImportant
Windows Virtual Machine BusCVE-2025-29833Microsoft Virtual Machine Bus (VMBus) Remote Code Execution VulnerabilityCritical
Windows Win32K - GRFXCVE-2025-30388Windows Graphics Component Remote Code Execution VulnerabilityImportant
Microsoft releases May 2025 Patch Tuesday updates addressing 72 vulnerabilities
Read More
Google releases urgent patch to Chrome, fixing two …
Google patches actively exploited Chrome vulnerability
Microsoft November 2025 Patch Tuesday fixes one exploited …
Google patches another actively exploited flaw in Chrome
Google releases April 2025 Android security update, patching …