Microsoft Patch Tuesday for May 2025 included five actively exploited zero days and another eight vulnerabilities judged to be at high risk of attack.
Microsoft Patch Tuesday May 2025 included fixes for 78 Microsoft vulnerabilities in all – six of which were reported and fixed last week – and an additional five Chromium-based Microsoft Edge vulnerabilities.
The vulnerabilities reported earlier included critical Azure vulnerabilities rated as high as 10.0 that have already been fixed by Microsoft.
Microsoft Patch Tuesday May 2025: Zero Day Vulnerabilities
The five zero days were also added to CISA’s Known Exploited Vulnerabilities catalog. They included:
CVE-2025-30397, a 7.5-severity Scripting Engine Memory Corruption Vulnerability that requires some effort to exploit. The Type Confusion vulnerability in Microsoft Scripting Engine could allow an unauthorized attacker to execute code over a network, but the attack would need to prepare the target so that it uses Edge in Internet Explorer Mode. The vulnerability also requires an authenticated client to click on a specially crafted URL so an unauthenticated attacker can initiate remote code execution.
CVE-2025-30400, a 7.8-rated Microsoft DWM Core Library Elevation of Privilege/Use After Free Vulnerability with low attack complexity that could allow an attacker to gain SYSTEM privileges.
CVE-2025-32701, 7.8-severity Windows Common Log File System Driver Elevation of Privilege Vulnerability. This low attack complexity User After Free vulnerability could allow an attacker to gain SYSTEM privileges.
CVE-2025-32706, a 7.8-rated Windows Common Log File System Driver Elevation of Privilege Vulnerability. This Improper Input Validation vulnerability requires low attack complexity and could allow an attacker to gain SYSTEM privileges.
CVE-2025-32709, a 7.8-severity Windows Ancillary Function Driver for WinSock Elevation of Privilege/Use After Free Vulnerability with low attack complexity that could allow an attacker to gain administrative privileges.
Critical Azure Vulnerabilities
Six vulnerabilities were reported early, on May 8, and have already been fully mitigated by Microsoft. Among the vulnerabilities were:
- CVE-2025-29813, a 10.0-rated Azure DevOps Server Elevation of Privilege Vulnerability
- CVE-2025-29827, a 9.9-rated Azure Automation Elevation of Privilege Vulnerability
- CVE-2025-29972, a 9.9-severity Azure Storage Resource Provider Spoofing Vulnerability
- CVE-2025-47733, a 9.1-severity Microsoft Power Apps Information Disclosure Vulnerability
- CVE-2025-47732, an 8.7-rated Microsoft Dataverse Remote Code Execution Vulnerability
High-Risk Vulnerabilities
Microsoft judged the following eight vulnerabilities as “exploitation more likely.” They range in severity from 7.0 to 8.4.
- CVE-2025-30386: Microsoft Office Remote Code Execution Vulnerability (8.4 severity)
- CVE-2025-24063: Kernel Streaming Service Driver Elevation of Privilege Vulnerability (7.8 severity)
- CVE-2025-29976: Microsoft SharePoint Server Elevation of Privilege Vulnerability (7.8)
- CVE-2025-30382: Microsoft SharePoint Server Remote Code Execution Vulnerability (7.8)
- CVE-2025-30385: Windows Common Log File System Driver Elevation of Privilege Vulnerability (7.8)
- CVE-2025-30388: Windows Graphics Component Remote Code Execution Vulnerability (7.8)
- CVE-2025-29971: Web Threat Defense (WTD.sys) Denial of Service Vulnerability (7.5)
- CVE-2025-29841: Universal Print Management Service Elevation of Privilege Vulnerability (7.0)
Other Vendors Releasing Updates
Other vendors releasing May 2025 Patch Tuesday fixes included:
