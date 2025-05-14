Microsoft on Tuesday released 71 patches affecting 14 product families. Six of the addressed issues, five involving remote code execution and one permitting information disclosure (including PII, Personally Identifiable Information), are considered by Microsoft to be of Critical severity, and 12 have a CVSS base score of 8.0 or higher. Five, all Important-severity issues in Windows, are known to be under active exploit in the wild.

At patch time, nine additional CVEs are more likely to be exploited in the next 30 days by the company’s estimation. Various of this month’s issues are amenable to direct detection by Sophos protections, and we include information on those in a table below.

In addition to these patches, eight Important-severity Adobe Reader issues affecting ColdFusion are covered in the release. Those are listed in Appendix D below. That appendix also contains information on eight Edge-related vulnerabilities and seven affecting Azure, Dataverse, or Power Apps. Though several of the non-Edge issues are exciting, with CVSS Base scores over 9.0 (a “perfect” 10, in one case), Microsoft’s released information indicates that all have been patched in recent days – in other words, the information provided is strictly FYI.

We are as always including at the end of this post appendices listing all Microsoft’s patches sorted by severity, by predicted exploitability timeline and CVSS Base score, and by product family; an appendix covering the advisory-style updates; and a breakout of the patches affecting the various Windows Server platforms still in support.

By the numbers

Total CVEs: 71

Publicly disclosed: 2

Exploit detected: 5

Severity Critical: 6 Important: 65

Impact: Remote Code Execution: 28 Elevation of Privilege: 17 Information Disclosure: 15 Denial of Service: 7 Security Feature Bypass: 2 Spoofing: 2

CVSS base score 9.0 or greater: 1*

CVSS base score 8.0 or greater: 11

* A number of advisory-only issues this month, affecting Azure, Dataverse, and Power Apps but patched by Microsoft prior to the May release, have been assigned significant CVSS scores. Please see Appendix D for details.

Figure 1: Remote code execution returns to the top of the charts for May’s Patch Tuesday. Note the unusual Critical-severity information-disclosure issue. This occurs in Nuance PowerScribe 360, a product from the medical sphere – ask your local radiologist for details. (Eight Edge updates covered this month are not released with full impact information and thus do not appear in this chart)

Products

Windows: 43

Office: 14

365: 13

Excel: 7

SharePoint: 4

Visual Studio: 4

RDP Client: 2

.NET: 1

Azure: 1

Dataverse: 1

Defender: 1

Nuance PowerScribe 360: 1

PC Manager: 1

Windows HLK: 1

As is our custom for this list, CVEs that apply to more than one product family are counted once for each family they affect. It should be noted, by the way, that CVE names in May don’t always reflect affected product families closely. In particular, some CVEs names in the Office family may mention products that don’t appear in the list of products affected by the CVE, and vice versa.

Figure 2: Fourteen product families figure in May’s Patch Tuesday release. This month, we return to separating Edge / Chromium issues from the pack; those are covered in Appendix D, as are some advisory and information-only but interesting issues affecting Azure, Dataverse, and Power Apps

Notable May updates

In addition to the issues discussed above, a variety of specific items merit attention.

CVE-2025-30385, CVE-2025-30701, CVE-2025-32706 — Windows Common Log File System Driver Elevation of Privilege Vulnerability

CLFS problems account for two of the five vulnerabilities currently known to be under attack in the wild, and the other one (CVE-2025-30385) is expected to see action within the next 30 days. The logging system has taken a high number of patches in the past few years, including recently seen abuse by both Play and PipeMagic malware of CVE-2025-29824, which was patched last month. Microsoft’s known to be spinning up a new verification step for parsing CLFS log files, but in the meantime, the system’s giving RDP a run for its money as a source of administrator grief.

CVE-2025-30377, CVE-2025-30386 — Microsoft Office Remote Code Execution Vulnerability

Both of these vulnerabilities can be triggered via Preview Pane. If it were a competition CVE-2025-30386 would have the slight edge, as Microsoft finds that in the worst case, in their words, “an attacker could send a specially crafted email to the user without a requirement that the victim open, read, or click on the link.” Both vulnerabilities apply to 365 as well as Office.

CVE-2025-27488 — Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability

An Important-class issue, this bug affects the Windows Hardware Kit Lab, which is a framework for testing hardware devices and drivers for certain editions of Windows; multiple versions of the entire kit likewise take an update this month. That’s good, as the problem itself lies in certain third-party infrastructure within the kit using a hard-coded password (!).

CVE-2025-30384 — Microsoft SharePoint Server Remote Code Execution Vulnerability

An Important-severity issue requiring the attacker to prepare the target ahead of time, the finder credited for this item is “zcgonvh’s cat Vanilla.” We admit to some curiosity about how Vanilla caught this bug; did they use… a mouse?

Figure 3: RCE and EoP issues continue to dominate the charts in 2025

Sophos protections

CVE Sophos Intercept X/Endpoint IPS Sophos XGS Firewall CVE-2025-24063 Exp/2524063-A Exp/2524063-A CVE-2025-29971 Exp/2529971-A Exp/2529971-A CVE-2025-30377 sid:2310992 sid:2310992 CVE-2025-30386 sid:2310976 sid:2310976 CVE-2025-30388 sid:2310990 sid:2310990 CVE-2025-30397 Exp/2530397-A Exp/2530397-A CVE-2025-30400 Exp/2530400-A Exp/2530400-A CVE-2025-32701 Exp/2532701-A Exp/2532701-A CVE-2025-32706 Exp/2532706-A Exp/2532706-A CVE-2025-32709 Exp/2532709-A Exp/2532709-A

As you can every month, if you don’t want to wait for your system to pull down Microsoft’s updates itself, you can download them manually from the Windows Update Catalog website. Run the winver.exe tool to determine which build of Windows 10 or 11 you’re running, then download the Cumulative Update package for your specific system’s architecture and build number.

Appendix A: Vulnerability Impact and Severity

This is a list of May patches sorted by impact, then sub-sorted by severity. Each list is further arranged by CVE.

Remote Code Execution (28 CVEs)

Critical severity CVE-2025-29833 Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability CVE-2025-29966 Remote Desktop Client Remote Code Execution Vulnerability CVE-2025-29967 Windows Remote Desktop Services Remote Code Execution Vulnerability CVE-2025-30377 Microsoft Office Remote Code Execution Vulnerability CVE-2025-30386 Microsoft Office Remote Code Execution Vulnerability Important severity CVE-2025-29831 Windows Remote Desktop Services Remote Code Execution Vulnerability CVE-2025-29840 Windows Media Remote Code Execution Vulnerability CVE-2025-29962 Windows Media Remote Code Execution Vulnerability CVE-2025-29963 Windows Media Remote Code Execution Vulnerability CVE-2025-29964 Windows Media Remote Code Execution Vulnerability CVE-2025-29969 MS-EVEN RPC Remote Code Execution Vulnerability CVE-2025-29977 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-29978 Microsoft PowerPoint Remote Code Execution Vulnerability CVE-2025-29979 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30375 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30376 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30378 Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30381 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30382 Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2025-30383 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30384 Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2025-30388 Windows Graphics Component Remote Code Execution Vulnerability CVE-2025-30393 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30397 Scripting Engine Memory Corruption Vulnerability CVE-2025-32702 Visual Studio Remote Code Execution Vulnerability CVE-2025-32704 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-32705 Microsoft Outlook Remote Code Execution Vulnerability

Elevation of Privilege (17 CVEs)

Important severity CVE-2025-24063 Kernel Streaming Service Driver Elevation of Privilege Vulnerability CVE-2025-26684 Microsoft Defender Elevation of Privilege Vulnerability CVE-2025-27468 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability CVE-2025-27488 Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability CVE-2025-29826 Microsoft Dataverse Elevation of Privilege Vulnerability CVE-2025-29838 Windows Execution Context Driver Elevation of Privilege Vulnerability CVE-2025-29841 Universal Print Management Service Elevation of Privilege Vulnerability CVE-2025-29970 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2025-29975 Microsoft PC Manager Elevation of Privilege Vulnerability CVE-2025-29976 Microsoft SharePoint Server Elevation of Privilege Vulnerability CVE-2025-30385 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2025-30387 Document Intelligence Studio On-Prem Information Disclosure Vulnerability CVE-2025-30400 Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2025-32701 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2025-32706 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2025-32707 NTFS Elevation of Privilege Vulnerability CVE-2025-32709 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Information Disclosure (15 CVEs)

Critical severity CVE-2025-30398 Nuance PowerScribe 360 Information Disclosure Vulnerability Important severity CVE-2025-29829 Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability CVE-2025-29830 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29832 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29835 Windows Remote Access Connection Manager Information Disclosure Vulnerability CVE-2025-29836 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29837 Windows Installer Information Disclosure Vulnerability CVE-2025-29839 Windows Multiple UNC Provider Driver Information Disclosure Vulnerability CVE-2025-29956 Windows SMB Information Disclosure Vulnerability CVE-2025-29958 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29959 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29960 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29961 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29974 Windows Kernel Information Disclosure Vulnerability CVE-2025-32703 Visual Studio Information Disclosure Vulnerability

Denial of Service (7 CVEs)

Important severity CVE-2025-26677 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability CVE-2025-29954 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability CVE-2025-29955 Windows Hyper-V Denial of Service Vulnerability CVE-2025-29957 Windows Deployment Services Denial of Service Vulnerability CVE-2025-29968 Active Directory Certificate Services (AD CS) Denial of Service Vulnerability CVE-2025-29971 Web Threat Defense (WTD.sys) Denial of Service Vulnerability CVE-2025-30394 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

Security Feature Bypass (2 CVEs)

Important severity CVE-2025-21264 Visual Studio Code Security Feature Bypass Vulnerability CVE-2025-29842 UrlMon Security Feature Bypass Vulnerability

Spoofing (2 CVEs)

Important severity CVE-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability CVE-2025-26685 Microsoft Defender for Identity Spoofing Vulnerability

Appendix B: Exploitability and CVSS

This is a list of the May CVEs judged by Microsoft to be either under exploitation in the wild or more likely to be exploited in the wild within the first 30 days post-release. The list is further arranged by CVE. Interestingly, 28 of this month’s vulnerabilities have been marked in Microsoft’s release materials as “exploitation unlikely” – a category far less commonly assigned by the company in the past.

Exploitation detected CVE-2025-30397 Scripting Engine Memory Corruption Vulnerability CVE-2025-30400 Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2025-32701 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2025-32706 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2025-32709 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation more likely within the next 30 days CVE-2025-24063 Kernel Streaming Service Driver Elevation of Privilege Vulnerability CVE-2025-29841 Universal Print Management Service Elevation of Privilege Vulnerability CVE-2025-29971 Web Threat Defense (WTD.sys) Denial of Service Vulnerability CVE-2025-29976 Microsoft SharePoint Server Elevation of Privilege Vulnerability CVE-2025-30382 Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2025-30385 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2025-30386 Microsoft Office Remote Code Execution Vulnerability CVE-2025-30388 Windows Graphics Component Remote Code Execution Vulnerability CVE-2025-30398 Nuance PowerScribe 360 Information Disclosure Vulnerability

This is a list of May’s CVEs with a Microsoft-assessed CVSS Base score of 8.0 or higher. They are arranged by score and further sorted by CVE. For more information on how CVSS works, please see our series on patch prioritization schema. For a look at the CVSS scores for certain products covered in this month’s advisories, please see Appendix D.

CVSS Base CVSS Temporal CVE Title 9.8 8.5 CVE-2025-30387 Document Intelligence Studio On-Prem Information Disclosure Vulnerability 8.8 7.7 CVE-2025-29840 Windows Media Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-29962 Windows Media Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-29963 Windows Media Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-29964 Windows Media Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-29966 Remote Desktop Client Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-29967 Windows Remote Desktop Services Remote Code Execution Vulnerability 8.4 7.3 CVE-2025-30377 Microsoft Office Remote Code Execution Vulnerability 8.4 7.3 CVE-2025-30386 Microsoft Office Remote Code Execution Vulnerability 8.4 7.3 CVE-2025-32704 Microsoft Excel Remote Code Execution Vulnerability 8.1 7.1 CVE-2025-30398 Nuance PowerScribe 360 Information Disclosure Vulnerability 8.0 7.0 CVE-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability

Appendix C: Products Affected

This is a list of May’s patches sorted by product family, then sub-sorted by severity. Each list is further arranged by CVE. Patches that are shared among multiple product families are listed multiple times, once for each product family. Certain significant issues for which advisories have been issued are covered in Appendix D, and issues affecting Windows Server are further sorted in Appendix E. All CVE titles are accurate as made available by Microsoft; for further information on why certain products may appear in titles and not product families (or vice versa), please consult Microsoft.

Windows (43 CVEs)

Critical severity CVE-2025-29833 Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability CVE-2025-29966 Remote Desktop Client Remote Code Execution Vulnerability CVE-2025-29967 Windows Remote Desktop Services Remote Code Execution Vulnerability Important severity CVE-2025-24063 Kernel Streaming Service Driver Elevation of Privilege Vulnerability CVE-2025-26677 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability CVE-2025-27468 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability CVE-2025-29829 Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability CVE-2025-29830 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29831 Windows Remote Desktop Services Remote Code Execution Vulnerability CVE-2025-29832 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29835 Windows Remote Access Connection Manager Information Disclosure Vulnerability CVE-2025-29836 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29837 Windows Installer Information Disclosure Vulnerability CVE-2025-29838 Windows ExecutionContext Driver Elevation of Privilege Vulnerability CVE-2025-29839 Windows Multiple UNC Provider Driver Information Disclosure Vulnerability CVE-2025-29840 Windows Media Remote Code Execution Vulnerability CVE-2025-29841 Universal Print Management Service Elevation of Privilege Vulnerability CVE-2025-29842 UrlMon Security Feature Bypass Vulnerability CVE-2025-29954 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability CVE-2025-29955 Windows Hyper-V Denial of Service Vulnerability CVE-2025-29956 Windows SMB Information Disclosure Vulnerability CVE-2025-29957 Windows Deployment Services Denial of Service Vulnerability CVE-2025-29958 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29959 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29960 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29961 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29962 Windows Media Remote Code Execution Vulnerability CVE-2025-29963 Windows Media Remote Code Execution Vulnerability CVE-2025-29964 Windows Media Remote Code Execution Vulnerability CVE-2025-29968 Active Directory Certificate Services (AD CS) Denial of Service Vulnerability CVE-2025-29969 MS-EVEN RPC Remote Code Execution Vulnerability CVE-2025-29970 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2025-29971 Web Threat Defense (WTD.sys) Denial of Service Vulnerability CVE-2025-29974 Windows Kernel Information Disclosure Vulnerability CVE-2025-30385 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2025-30388 Windows Graphics Component Remote Code Execution Vulnerability CVE-2025-30394 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability CVE-2025-30397 Scripting Engine Memory Corruption Vulnerability CVE-2025-30400 Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2025-32701 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2025-32706 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2025-32707 NTFS Elevation of Privilege Vulnerability CVE-2025-32709 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Office (14 CVEs)

Critical severity CVE-2025-30377 Microsoft Office Remote Code Execution Vulnerability CVE-2025-30386 Microsoft Office Remote Code Execution Vulnerability Important severity CVE-2025-29977 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-29978 Microsoft PowerPoint Remote Code Execution Vulnerability CVE-2025-29979 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30375 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30376 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30381 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30383 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30388 Windows Graphics Component Remote Code Execution Vulnerability CVE-2025-30393 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-32704 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-32705 Microsoft Outlook Remote Code Execution Vulnerability

365 (13 CVEs)

Critical severity CVE-2025-30377 Microsoft Office Remote Code Execution Vulnerability CVE-2025-30386 Microsoft Office Remote Code Execution Vulnerability Important severity CVE-2025-29977 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-29978 Microsoft PowerPoint Remote Code Execution Vulnerability CVE-2025-29979 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30375 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30376 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30381 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30383 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30393 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-32704 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-32705 Microsoft Outlook Remote Code Execution Vulnerability

Excel (7 CVEs)

Important severity CVE-2025-29977 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30375 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30376 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30381 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30383 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-32704 Microsoft Excel Remote Code Execution Vulnerability

SharePoint (4 CVEs)

Important severity CVE-2025-29976 Microsoft SharePoint Server Elevation of Privilege Vulnerability CVE-2025-30378 Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2025-30382 Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2025-30384 Microsoft SharePoint Server Remote Code Execution Vulnerability

Visual Studio (4 CVEs)

Important severity CVE-2025-21264 Visual Studio Code Security Feature Bypass Vulnerability CVE-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability CVE-2025-32702 Visual Studio Remote Code Execution Vulnerability CVE-2025-32703 Visual Studio Information Disclosure Vulnerability

RDP Client (2 CVEs)

Critical severity CVE-2025-29966 Remote Desktop Client Remote Code Execution Vulnerability CVE-2025-29967 Windows Remote Desktop Services Remote Code Execution Vulnerability

.NET (1 CVE)

Important severity CVE-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability

Azure (1 CVE)

Important severity CVE-2025-30387 Document Intelligence Studio On-Prem Information Disclosure Vulnerability

Dataverse (1 CVE)

Important severity CVE-2025-29826 Microsoft Dataverse Elevation of Privilege Vulnerability

Defender (1 CVE)

Important severity CVE-2025-26685 Microsoft Defender for Identity Spoofing Vulnerability

Nuance PowerScribe 360 (1 CVE)

Critical severity CVE-2025-30398 Nuance PowerScribe 360 Information Disclosure Vulnerability

PC Manager (1 CVE)

Important severity CVE-2025-29975 Microsoft PC Manager Elevation of Privilege Vulnerability

Windows HLK (1 CVE)

Important severity CVE-2025-27488 Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability

Appendix D: Advisories and Other Products

There are 8 Adobe advisories in this month’s release.

CVE-2025-43559 APSB25-52 Improper Input Validation (CWE-20) CVE-2025-43560 APSB25-52 Improper Input Validation (CWE-20) CVE-2025-43561 APSB25-52 Improper Access Control (CWE-284) CVE-2025-43562 APSB25-52 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) (CWE-78) CVE-2025-43563 APSB25-52 Improper Access Control (CWE-284) CVE-2025-43564 APSB25-52 Incorrect Authorization (CWE-863) CVE-2025-43565 APSB25-52 Improper Access Control (CWE-284) CVE-2025-43566 APSB25-52 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) (CWE-22)

There are, this month, an additional load of Microsoft advisories and informational releases that deserve attention. Most of them are Edge-related, and we present those in the usual fashion. However, seven additional CVEs involve Azure, Dataverse, or Power Apps. All of them have already been addressed by Microsoft and thus should pose no action item for administrators, but are significant enough that we choose to flag them here with their severities and CVSS scores. May’s release also includes servicing stack updates.

ADV990001 Latest Servicing Stack Updates CVE-2025-4050 Chromium: CVE-2025-4050 Out of bounds memory access in DevTools CVE-2025-4051 Chromium: CVE-2025-4051 Insufficient data validation in DevTools CVE-2025-4052 Chromium: CVE-2025-4052 Inappropriate implementation in DevTools CVE-2025-4096 Chromium: CVE-2025-4096 Heap buffer overflow in HTML CVE-2025-4372 Chromium: CVE-2025-4372 Use after free in WebAudio CVE-2025-21353 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability CVE-2025-21388 Microsoft Edge (Chromium-based) Spoofing Vulnerability CVE-2025-29825 Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE Title Impact Severity CVSS Base CVSS Temporal CVE-2025-29813 Azure DevOps Elevation of Privilege Vulnerability Elevation of Privilege Critical 10.0 9.0 CVE-2025-29827 Azure Automation Elevation of Privilege Vulnerability Elevation of Privilege Critical 9.9 8.9 CVE-2025-29972 Azure Storage Resource Provider Spoofing Vulnerability Spoofing Critical 9.9 8.9 CVE-2025-29973 Microsoft Azure File Sync Elevation of Privilege Vulnerability Elevation of Privilege Important 7.0 6.1 CVE-2025-33072 Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability Information Disclosure Critical 8.1 7.1 CVE-2025-47732 Microsoft Dataverse Remote Code Execution Vulnerability Remote Code Execution Critical 8.7 7.6 CVE-2025-47733 Microsoft Power Apps Information Disclosure Vulnerability Information Disclosure Critical 9.1 7.9

Appendix E: Affected Windows Server versions

This is a table of the CVEs in the May release affecting nine Windows Server versions, 2008 through 2025. The table differentiates among major versions of the platform but doesn’t go into deeper detail (eg., Server Core). Critical-severity issues are marked in red; an “x” indicates that the CVE does not apply to that version. Administrators are encouraged to use this appendix as a starting point to ascertain their specific exposure, as each reader’s situation, especially as it concerns products out of mainstream support, will vary. For specific Knowledge Base numbers, please consult Microsoft. Please note that CVE-2025-29971 is a client-only Windows issue and thus appears in this chart, but with no server versions marked.

2008 2008-R2 2012 2012-R2 2016 2019 2022 2022 23H2 2025 CVE-2025-24063 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-26677 × × × × ■ ■ ■ ■ ■ CVE-2025-27468 × × ■ ■ ■ ■ ■ ■ ■ CVE-2025-29829 × × × × ■ ■ ■ ■ ■ CVE-2025-29830 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-29831 × ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-29832 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-29833 × × ■ ■ ■ ■ ■ ■ ■ CVE-2025-29835 × ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-29836 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-29837 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-29838 × × × × × × × × ■ CVE-2025-29839 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-29840 × × × × ■ ■ ■ ■ × CVE-2025-29841 × × × × × × ■ ■ ■ CVE-2025-29842 × × × × ■ ■ ■ ■ ■ CVE-2025-29954 ■ ■ ■ ■ ■ ■ ■ ■ × CVE-2025-29955 × × × × × × × ■ ■ CVE-2025-29956 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-29957 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-29958 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-29959 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-29960 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-29961 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-29962 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-29963 × × × × × ■ ■ ■ ■ CVE-2025-29964 × × × × × ■ ■ ■ ■ CVE-2025-29966 × ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-29967 × ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-29968 ■ ■ ■ ■ ■ ■ ■ ■ × CVE-2025-29969 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-29970 × × × × × × × ■ ■ CVE-2025-29971 × × × × × × × × × CVE-2025-29974 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-30385 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-30388 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-30394 × × ■ ■ ■ ■ ■ ■ ■ CVE-2025-30397 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-30400 × × × × × ■ ■ ■ ■ CVE-2025-32701 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-32706 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-32707 ■ ■ ■ ■ ■ ■ × × × CVE-2025-32709 ■ ■ ■ ■ ■ ■ ■ ■ ■