OnlyFm252
Patch Tuesday Archive

Patch Tuesday May 2025

Total CVEs

79

Critical

11

Important

67

Exploited

5

Publicly Disclosed

2

All CVEs this month 79

CVE Title Severity CVSS Product Exploited Disclosed
CVE-2025-29813 Azure DevOps Server Elevation of Privilege Vulnerability Critical 10 Azure DevOps - -
CVE-2025-29827 Azure Automation Elevation of Privilege Vulnerability Critical 9.9 Azure Automation - -
CVE-2025-29833 Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability Critical 7.7 Windows Virtual Machine Bus - -
CVE-2025-29966 Remote Desktop Client Remote Code Execution Vulnerability Critical 8.8 Windows Remote Desktop - -
CVE-2025-29967 Remote Desktop Client Remote Code Execution Vulnerability Critical 8.8 Remote Desktop Gateway Service - -
CVE-2025-29972 Azure Storage Resource Provider Spoofing Vulnerability Critical 9.9 Azure Storage Resource Provider - -
CVE-2025-30377 Microsoft Office Remote Code Execution Vulnerability Critical 8.4 Microsoft Office - -
CVE-2025-30386 Microsoft Office Remote Code Execution Vulnerability Critical 8.4 Microsoft Office - -
CVE-2025-33072 Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability Critical 8.1 Azure - -
CVE-2025-47732 Microsoft Dataverse Remote Code Execution Vulnerability Critical 8.7 Microsoft Dataverse - -
CVE-2025-47733 Microsoft Power Apps Information Disclosure Vulnerability Critical 9.1 Microsoft Power Apps - -
CVE-2025-21264 Visual Studio Code Security Feature Bypass Vulnerability Important 7.1 Visual Studio Code - -
CVE-2025-24063 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Important 7.8 Windows Kernel - -
CVE-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability Important 8 .NET, Visual Studio, and Build Tools for Visual Studio - -
CVE-2025-26677 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Important 7.5 Remote Desktop Gateway Service - -
CVE-2025-26684 Microsoft Defender Elevation of Privilege Vulnerability Important 6.7 Microsoft Defender for Endpoint - -
CVE-2025-26685 Microsoft Defender for Identity Spoofing Vulnerability Important 6.5 Microsoft Defender for Identity - Yes
CVE-2025-27468 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important 7 Windows Secure Kernel Mode - -
CVE-2025-27488 Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability Important 6.7 Windows Hardware Lab Kit - -
CVE-2025-29826 Microsoft Dataverse Elevation of Privilege Vulnerability Important 7.3 Microsoft Dataverse - -
CVE-2025-29829 Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability Important 5.5 Windows Trusted Runtime Interface Driver - -
CVE-2025-29830 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 Windows Routing and Remote Access Service (RRAS) - -
CVE-2025-29831 Windows Remote Desktop Services Remote Code Execution Vulnerability Important 7.5 Remote Desktop Gateway Service - -
CVE-2025-29832 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 Windows Routing and Remote Access Service (RRAS) - -
CVE-2025-29835 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important 6.5 Windows Routing and Remote Access Service (RRAS) - -
CVE-2025-29836 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 Windows Routing and Remote Access Service (RRAS) - -
CVE-2025-29837 Windows Installer Information Disclosure Vulnerability Important 5.5 Windows Installer - -
CVE-2025-29838 Windows ExecutionContext Driver Elevation of Privilege Vulnerability Important 7.4 Windows Drivers - -
CVE-2025-29839 Windows Multiple UNC Provider Driver Information Disclosure Vulnerability Important 4 Windows File Server - -
CVE-2025-29840 Windows Media Remote Code Execution Vulnerability Important 8.8 Windows Media - -
CVE-2025-29841 Universal Print Management Service Elevation of Privilege Vulnerability Important 7 Universal Print Management Service - -
CVE-2025-29842 UrlMon Security Feature Bypass Vulnerability Important 7.5 UrlMon - -
CVE-2025-29954 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Important 5.9 Windows LDAP - Lightweight Directory Access Protocol - -
CVE-2025-29955 Windows Hyper-V Denial of Service Vulnerability Important 6.2 Role: Windows Hyper-V - -
CVE-2025-29956 Windows SMB Information Disclosure Vulnerability Important 5.4 Windows SMB - -
CVE-2025-29957 Windows Deployment Services Denial of Service Vulnerability Important 6.2 Windows Deployment Services - -
CVE-2025-29958 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 Windows Routing and Remote Access Service (RRAS) - -
CVE-2025-29959 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 Windows Routing and Remote Access Service (RRAS) - -
CVE-2025-29960 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 Windows Routing and Remote Access Service (RRAS) - -
CVE-2025-29961 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 Windows Routing and Remote Access Service (RRAS) - -
CVE-2025-29962 Windows Media Remote Code Execution Vulnerability Important 8.8 Windows Media - -
CVE-2025-29963 Windows Media Remote Code Execution Vulnerability Important 8.8 Windows Media - -
CVE-2025-29964 Windows Media Remote Code Execution Vulnerability Important 8.8 Windows Media - -
CVE-2025-29968 Active Directory Certificate Services (AD CS) Denial of Service Vulnerability Important 6.5 Active Directory Certificate Services (AD CS) - -
CVE-2025-29969 MS-EVEN RPC Remote Code Execution Vulnerability Important 7.5 Windows Fundamentals - -
CVE-2025-29970 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7.8 Microsoft Brokering File System - -
CVE-2025-29971 Web Threat Defense (WTD.sys) Denial of Service Vulnerability Important 7.5 Web Threat Defense (WTD.sys) - -
CVE-2025-29973 Microsoft Azure File Sync Elevation of Privilege Vulnerability Important 7 Azure File Sync - -
CVE-2025-29974 Windows Kernel Information Disclosure Vulnerability Important 5.7 Windows Kernel - -
CVE-2025-29975 Microsoft PC Manager Elevation of Privilege Vulnerability Important 7.8 Microsoft PC Manager - -
CVE-2025-29976 Microsoft SharePoint Server Elevation of Privilege Vulnerability Important 7.8 Microsoft Office SharePoint - -
CVE-2025-29977 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2025-29978 Microsoft PowerPoint Remote Code Execution Vulnerability Important 7.8 Microsoft Office PowerPoint - -
CVE-2025-29979 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2025-30375 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2025-30376 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2025-30378 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 7 Microsoft Office SharePoint - -
CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2025-30381 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2025-30382 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 7.8 Microsoft Office SharePoint - -
CVE-2025-30383 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2025-30384 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 7.4 Microsoft Office SharePoint - -
CVE-2025-30385 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 Windows Common Log File System Driver - -
CVE-2025-30387 Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability Important 9.8 Azure - -
CVE-2025-30388 Windows Graphics Component Remote Code Execution Vulnerability Important 7.8 Windows Win32K - GRFX - -
CVE-2025-30393 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2025-30394 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Important 5.9 Remote Desktop Gateway Service - -
CVE-2025-30397 Scripting Engine Memory Corruption Vulnerability Important 7.5 Microsoft Scripting Engine Yes -
CVE-2025-30400 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 7.8 Windows DWM Yes -
CVE-2025-32701 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 Windows Common Log File System Driver Yes -
CVE-2025-32702 Visual Studio Remote Code Execution Vulnerability Important 7.8 Visual Studio - Yes
CVE-2025-32703 Visual Studio Information Disclosure Vulnerability Important 5.5 Visual Studio - -
CVE-2025-32704 Microsoft Excel Remote Code Execution Vulnerability Important 8.4 Microsoft Office Excel - -
CVE-2025-32705 Microsoft Outlook Remote Code Execution Vulnerability Important 7.8 Microsoft Office Outlook - -
CVE-2025-32706 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 Windows Common Log File System Driver Yes -
CVE-2025-32707 NTFS Elevation of Privilege Vulnerability Important 7.8 Windows NTFS - -
CVE-2025-32709 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 Windows Ancillary Function Driver for WinSock Yes -
CVE-2025-47161 Microsoft Defender for Endpoint Elevation of Privilege Vulnerability Important 7.8 - -
CVE-2025-29825 Microsoft Edge (Chromium-based) Spoofing Vulnerability Low 6.5 Microsoft Edge (Chromium-based) - -

    Threat Categories 6

    Threat Category CVEs Critical
    Remote Code Execution 29 6
    Elevation of Privilege 21 2
    Information Disclosure 16 2
    Denial of Service 7 -
    Spoofing 4 1
    Security Feature Bypass 2 -

    Affected Products 48

    Product CVEs Exploited
    Microsoft Office Excel 9 -
    Windows Routing and Remote Access Service (RRAS) 8 -
    Remote Desktop Gateway Service 4 -
    Windows Media 4 -
    Microsoft Office SharePoint 4 -
    Windows Common Log File System Driver 3 2
    Microsoft Office 2 -
    Azure 2 -
    Microsoft Dataverse 2 -
    Windows Kernel 2 -
    Visual Studio 2 -
    Azure DevOps 1 -
    Azure Automation 1 -
    Windows Virtual Machine Bus 1 -
    Windows Remote Desktop 1 -
    Azure Storage Resource Provider 1 -
    Microsoft Power Apps 1 -
    Visual Studio Code 1 -
    .NET, Visual Studio, and Build Tools for Visual Studio 1 -
    Microsoft Defender for Endpoint 1 -
    Microsoft Defender for Identity 1 -
    Windows Secure Kernel Mode 1 -
    Windows Hardware Lab Kit 1 -
    Windows Trusted Runtime Interface Driver 1 -
    Windows Installer 1 -
    Windows Drivers 1 -
    Windows File Server 1 -
    Universal Print Management Service 1 -
    UrlMon 1 -
    Windows LDAP - Lightweight Directory Access Protocol 1 -
    Role: Windows Hyper-V 1 -
    Windows SMB 1 -
    Windows Deployment Services 1 -
    Active Directory Certificate Services (AD CS) 1 -
    Windows Fundamentals 1 -
    Microsoft Brokering File System 1 -
    Web Threat Defense (WTD.sys) 1 -
    Azure File Sync 1 -
    Microsoft PC Manager 1 -
    Microsoft Office PowerPoint 1 -
    Windows Win32K - GRFX 1 -
    Microsoft Scripting Engine 1 1
    Windows DWM 1 1
    Microsoft Office Outlook 1 -
    Windows NTFS 1 -
    Windows Ancillary Function Driver for WinSock 1 1
    Other 1 -
    Microsoft Edge (Chromium-based) 1 -