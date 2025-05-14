Microsoft on Tuesday released 71 patches affecting 14 product families. Six of the addressed issues, five involving remote code execution and one permitting information disclosure (including PII, Personally Identifiable Information), are considered by Microsoft to be of Critical severity, and 12 have a CVSS base score of 8.0 or higher. Five, all Important-severity issues in Windows, are known to be under active exploit in the wild.
At patch time, nine additional CVEs are more likely to be exploited in the next 30 days by the company’s estimation. Various of this month’s issues are amenable to direct detection by Sophos protections, and we include information on those in a table below.
In addition to these patches, eight Important-severity Adobe Reader issues affecting ColdFusion are covered in the release. Those are listed in Appendix D below. That appendix also contains information on eight Edge-related vulnerabilities and seven affecting Azure, Dataverse, or Power Apps. Though several of the non-Edge issues are exciting, with CVSS Base scores over 9.0 (a “perfect” 10, in one case), Microsoft’s released information indicates that all have been patched in recent days – in other words, the information provided is strictly FYI.
We are as always including at the end of this post appendices listing all Microsoft’s patches sorted by severity, by predicted exploitability timeline and CVSS Base score, and by product family; an appendix covering the advisory-style updates; and a breakout of the patches affecting the various Windows Server platforms still in support.
By the numbers
- Total CVEs: 71
- Publicly disclosed: 2
- Exploit detected: 5
- Severity
- Critical: 6
- Important: 65
- Impact:
- Remote Code Execution: 28
- Elevation of Privilege: 17
- Information Disclosure: 15
- Denial of Service: 7
- Security Feature Bypass: 2
- Spoofing: 2
- CVSS base score 9.0 or greater: 1*
- CVSS base score 8.0 or greater: 11
* A number of advisory-only issues this month, affecting Azure, Dataverse, and Power Apps but patched by Microsoft prior to the May release, have been assigned significant CVSS scores. Please see Appendix D for details.
Figure 1: Remote code execution returns to the top of the charts for May’s Patch Tuesday. Note the unusual Critical-severity information-disclosure issue. This occurs in Nuance PowerScribe 360, a product from the medical sphere – ask your local radiologist for details. (Eight Edge updates covered this month are not released with full impact information and thus do not appear in this chart)
Products
- Windows: 43
- Office: 14
- 365: 13
- Excel: 7
- SharePoint: 4
- Visual Studio: 4
- RDP Client: 2
- .NET: 1
- Azure: 1
- Dataverse: 1
- Defender: 1
- Nuance PowerScribe 360: 1
- PC Manager: 1
- Windows HLK: 1
As is our custom for this list, CVEs that apply to more than one product family are counted once for each family they affect. It should be noted, by the way, that CVE names in May don’t always reflect affected product families closely. In particular, some CVEs names in the Office family may mention products that don’t appear in the list of products affected by the CVE, and vice versa.
Figure 2: Fourteen product families figure in May’s Patch Tuesday release. This month, we return to separating Edge / Chromium issues from the pack; those are covered in Appendix D, as are some advisory and information-only but interesting issues affecting Azure, Dataverse, and Power Apps
Notable May updates
In addition to the issues discussed above, a variety of specific items merit attention.
CVE-2025-30385, CVE-2025-30701, CVE-2025-32706 — Windows Common Log File System Driver Elevation of Privilege Vulnerability
CLFS problems account for two of the five vulnerabilities currently known to be under attack in the wild, and the other one (CVE-2025-30385) is expected to see action within the next 30 days. The logging system has taken a high number of patches in the past few years, including recently seen abuse by both Play and PipeMagic malware of CVE-2025-29824, which was patched last month. Microsoft’s known to be spinning up a new verification step for parsing CLFS log files, but in the meantime, the system’s giving RDP a run for its money as a source of administrator grief.
CVE-2025-30377, CVE-2025-30386 — Microsoft Office Remote Code Execution Vulnerability
Both of these vulnerabilities can be triggered via Preview Pane. If it were a competition CVE-2025-30386 would have the slight edge, as Microsoft finds that in the worst case, in their words, “an attacker could send a specially crafted email to the user without a requirement that the victim open, read, or click on the link.” Both vulnerabilities apply to 365 as well as Office.
CVE-2025-27488 — Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability
An Important-class issue, this bug affects the Windows Hardware Kit Lab, which is a framework for testing hardware devices and drivers for certain editions of Windows; multiple versions of the entire kit likewise take an update this month. That’s good, as the problem itself lies in certain third-party infrastructure within the kit using a hard-coded password (!).
CVE-2025-30384 — Microsoft SharePoint Server Remote Code Execution Vulnerability
An Important-severity issue requiring the attacker to prepare the target ahead of time, the finder credited for this item is “zcgonvh’s cat Vanilla.” We admit to some curiosity about how Vanilla caught this bug; did they use… a mouse?
Figure 3: RCE and EoP issues continue to dominate the charts in 2025
Sophos protections
|CVE
|Sophos Intercept X/Endpoint IPS
|Sophos XGS Firewall
|CVE-2025-24063
|Exp/2524063-A
|Exp/2524063-A
|CVE-2025-29971
|Exp/2529971-A
|Exp/2529971-A
|CVE-2025-30377
|sid:2310992
|sid:2310992
|CVE-2025-30386
|sid:2310976
|sid:2310976
|CVE-2025-30388
|sid:2310990
|sid:2310990
|CVE-2025-30397
|Exp/2530397-A
|Exp/2530397-A
|CVE-2025-30400
|Exp/2530400-A
|Exp/2530400-A
|CVE-2025-32701
|Exp/2532701-A
|Exp/2532701-A
|CVE-2025-32706
|Exp/2532706-A
|Exp/2532706-A
|CVE-2025-32709
|Exp/2532709-A
|Exp/2532709-A
As you can every month, if you don’t want to wait for your system to pull down Microsoft’s updates itself, you can download them manually from the Windows Update Catalog website. Run the winver.exe tool to determine which build of Windows 10 or 11 you’re running, then download the Cumulative Update package for your specific system’s architecture and build number.
Appendix A: Vulnerability Impact and Severity
This is a list of May patches sorted by impact, then sub-sorted by severity. Each list is further arranged by CVE.
Remote Code Execution (28 CVEs)
|Critical severity
|CVE-2025-29833
|Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
|CVE-2025-29966
|Remote Desktop Client Remote Code Execution Vulnerability
|CVE-2025-29967
|Windows Remote Desktop Services Remote Code Execution Vulnerability
|CVE-2025-30377
|Microsoft Office Remote Code Execution Vulnerability
|CVE-2025-30386
|Microsoft Office Remote Code Execution Vulnerability
|Important severity
|CVE-2025-29831
|Windows Remote Desktop Services Remote Code Execution Vulnerability
|CVE-2025-29840
|Windows Media Remote Code Execution Vulnerability
|CVE-2025-29962
|Windows Media Remote Code Execution Vulnerability
|CVE-2025-29963
|Windows Media Remote Code Execution Vulnerability
|CVE-2025-29964
|Windows Media Remote Code Execution Vulnerability
|CVE-2025-29969
|MS-EVEN RPC Remote Code Execution Vulnerability
|CVE-2025-29977
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-29978
|Microsoft PowerPoint Remote Code Execution Vulnerability
|CVE-2025-29979
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30375
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30376
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30378
|Microsoft SharePoint Server Remote Code Execution Vulnerability
|CVE-2025-30379
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30381
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30382
|Microsoft SharePoint Server Remote Code Execution Vulnerability
|CVE-2025-30383
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30384
|Microsoft SharePoint Server Remote Code Execution Vulnerability
|CVE-2025-30388
|Windows Graphics Component Remote Code Execution Vulnerability
|CVE-2025-30393
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30397
|Scripting Engine Memory Corruption Vulnerability
|CVE-2025-32702
|Visual Studio Remote Code Execution Vulnerability
|CVE-2025-32704
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-32705
|Microsoft Outlook Remote Code Execution Vulnerability
Elevation of Privilege (17 CVEs)
|Important severity
|CVE-2025-24063
|Kernel Streaming Service Driver Elevation of Privilege Vulnerability
|CVE-2025-26684
|Microsoft Defender Elevation of Privilege Vulnerability
|CVE-2025-27468
|Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
|CVE-2025-27488
|Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability
|CVE-2025-29826
|Microsoft Dataverse Elevation of Privilege Vulnerability
|CVE-2025-29838
|Windows Execution Context Driver Elevation of Privilege Vulnerability
|CVE-2025-29841
|Universal Print Management Service Elevation of Privilege Vulnerability
|CVE-2025-29970
|Microsoft Brokering File System Elevation of Privilege Vulnerability
|CVE-2025-29975
|Microsoft PC Manager Elevation of Privilege Vulnerability
|CVE-2025-29976
|Microsoft SharePoint Server Elevation of Privilege Vulnerability
|CVE-2025-30385
|Windows Common Log File System Driver Elevation of Privilege Vulnerability
|CVE-2025-30387
|Document Intelligence Studio On-Prem Information Disclosure Vulnerability
|CVE-2025-30400
|Microsoft DWM Core Library Elevation of Privilege Vulnerability
|CVE-2025-32701
|Windows Common Log File System Driver Elevation of Privilege Vulnerability
|CVE-2025-32706
|Windows Common Log File System Driver Elevation of Privilege Vulnerability
|CVE-2025-32707
|NTFS Elevation of Privilege Vulnerability
|CVE-2025-32709
|Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Information Disclosure (15 CVEs)
|Critical severity
|CVE-2025-30398
|Nuance PowerScribe 360 Information Disclosure Vulnerability
|Important severity
|CVE-2025-29829
|Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability
|CVE-2025-29830
|Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
|CVE-2025-29832
|Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
|CVE-2025-29835
|Windows Remote Access Connection Manager Information Disclosure Vulnerability
|CVE-2025-29836
|Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
|CVE-2025-29837
|Windows Installer Information Disclosure Vulnerability
|CVE-2025-29839
|Windows Multiple UNC Provider Driver Information Disclosure Vulnerability
|CVE-2025-29956
|Windows SMB Information Disclosure Vulnerability
|CVE-2025-29958
|Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
|CVE-2025-29959
|Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
|CVE-2025-29960
|Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
|CVE-2025-29961
|Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
|CVE-2025-29974
|Windows Kernel Information Disclosure Vulnerability
|CVE-2025-32703
|Visual Studio Information Disclosure Vulnerability
Denial of Service (7 CVEs)
|Important severity
|CVE-2025-26677
|Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
|CVE-2025-29954
|Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
|CVE-2025-29955
|Windows Hyper-V Denial of Service Vulnerability
|CVE-2025-29957
|Windows Deployment Services Denial of Service Vulnerability
|CVE-2025-29968
|Active Directory Certificate Services (AD CS) Denial of Service Vulnerability
|CVE-2025-29971
|Web Threat Defense (WTD.sys) Denial of Service Vulnerability
|CVE-2025-30394
|Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
Security Feature Bypass (2 CVEs)
|Important severity
|CVE-2025-21264
|Visual Studio Code Security Feature Bypass Vulnerability
|CVE-2025-29842
|UrlMon Security Feature Bypass Vulnerability
Spoofing (2 CVEs)
|Important severity
|CVE-2025-26646
|.NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
|CVE-2025-26685
|Microsoft Defender for Identity Spoofing Vulnerability
Appendix B: Exploitability and CVSS
This is a list of the May CVEs judged by Microsoft to be either under exploitation in the wild or more likely to be exploited in the wild within the first 30 days post-release. The list is further arranged by CVE. Interestingly, 28 of this month’s vulnerabilities have been marked in Microsoft’s release materials as “exploitation unlikely” – a category far less commonly assigned by the company in the past.
|Exploitation detected
|CVE-2025-30397
|Scripting Engine Memory Corruption Vulnerability
|CVE-2025-30400
|Microsoft DWM Core Library Elevation of Privilege Vulnerability
|CVE-2025-32701
|Windows Common Log File System Driver Elevation of Privilege Vulnerability
|CVE-2025-32706
|Windows Common Log File System Driver Elevation of Privilege Vulnerability
|CVE-2025-32709
|Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
|Exploitation more likely within the next 30 days
|CVE-2025-24063
|Kernel Streaming Service Driver Elevation of Privilege Vulnerability
|CVE-2025-29841
|Universal Print Management Service Elevation of Privilege Vulnerability
|CVE-2025-29971
|Web Threat Defense (WTD.sys) Denial of Service Vulnerability
|CVE-2025-29976
|Microsoft SharePoint Server Elevation of Privilege Vulnerability
|CVE-2025-30382
|Microsoft SharePoint Server Remote Code Execution Vulnerability
|CVE-2025-30385
|Windows Common Log File System Driver Elevation of Privilege Vulnerability
|CVE-2025-30386
|Microsoft Office Remote Code Execution Vulnerability
|CVE-2025-30388
|Windows Graphics Component Remote Code Execution Vulnerability
|CVE-2025-30398
|Nuance PowerScribe 360 Information Disclosure Vulnerability
This is a list of May’s CVEs with a Microsoft-assessed CVSS Base score of 8.0 or higher. They are arranged by score and further sorted by CVE. For more information on how CVSS works, please see our series on patch prioritization schema. For a look at the CVSS scores for certain products covered in this month’s advisories, please see Appendix D.
|CVSS Base
|CVSS Temporal
|CVE
|Title
|9.8
|8.5
|CVE-2025-30387
|Document Intelligence Studio On-Prem Information Disclosure Vulnerability
|8.8
|7.7
|CVE-2025-29840
|Windows Media Remote Code Execution Vulnerability
|8.8
|7.7
|CVE-2025-29962
|Windows Media Remote Code Execution Vulnerability
|8.8
|7.7
|CVE-2025-29963
|Windows Media Remote Code Execution Vulnerability
|8.8
|7.7
|CVE-2025-29964
|Windows Media Remote Code Execution Vulnerability
|8.8
|7.7
|CVE-2025-29966
|Remote Desktop Client Remote Code Execution Vulnerability
|8.8
|7.7
|CVE-2025-29967
|Windows Remote Desktop Services Remote Code Execution Vulnerability
|8.4
|7.3
|CVE-2025-30377
|Microsoft Office Remote Code Execution Vulnerability
|8.4
|7.3
|CVE-2025-30386
|Microsoft Office Remote Code Execution Vulnerability
|8.4
|7.3
|CVE-2025-32704
|Microsoft Excel Remote Code Execution Vulnerability
|8.1
|7.1
|CVE-2025-30398
|Nuance PowerScribe 360 Information Disclosure Vulnerability
|8.0
|7.0
|CVE-2025-26646
|.NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
Appendix C: Products Affected
This is a list of May’s patches sorted by product family, then sub-sorted by severity. Each list is further arranged by CVE. Patches that are shared among multiple product families are listed multiple times, once for each product family. Certain significant issues for which advisories have been issued are covered in Appendix D, and issues affecting Windows Server are further sorted in Appendix E. All CVE titles are accurate as made available by Microsoft; for further information on why certain products may appear in titles and not product families (or vice versa), please consult Microsoft.
Windows (43 CVEs)
|Critical severity
|CVE-2025-29833
|Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
|CVE-2025-29966
|Remote Desktop Client Remote Code Execution Vulnerability
|CVE-2025-29967
|Windows Remote Desktop Services Remote Code Execution Vulnerability
|Important severity
|CVE-2025-24063
|Kernel Streaming Service Driver Elevation of Privilege Vulnerability
|CVE-2025-26677
|Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
|CVE-2025-27468
|Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
|CVE-2025-29829
|Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability
|CVE-2025-29830
|Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
|CVE-2025-29831
|Windows Remote Desktop Services Remote Code Execution Vulnerability
|CVE-2025-29832
|Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
|CVE-2025-29835
|Windows Remote Access Connection Manager Information Disclosure Vulnerability
|CVE-2025-29836
|Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
|CVE-2025-29837
|Windows Installer Information Disclosure Vulnerability
|CVE-2025-29838
|Windows ExecutionContext Driver Elevation of Privilege Vulnerability
|CVE-2025-29839
|Windows Multiple UNC Provider Driver Information Disclosure Vulnerability
|CVE-2025-29840
|Windows Media Remote Code Execution Vulnerability
|CVE-2025-29841
|Universal Print Management Service Elevation of Privilege Vulnerability
|CVE-2025-29842
|UrlMon Security Feature Bypass Vulnerability
|CVE-2025-29954
|Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
|CVE-2025-29955
|Windows Hyper-V Denial of Service Vulnerability
|CVE-2025-29956
|Windows SMB Information Disclosure Vulnerability
|CVE-2025-29957
|Windows Deployment Services Denial of Service Vulnerability
|CVE-2025-29958
|Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
|CVE-2025-29959
|Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
|CVE-2025-29960
|Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
|CVE-2025-29961
|Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
|CVE-2025-29962
|Windows Media Remote Code Execution Vulnerability
|CVE-2025-29963
|Windows Media Remote Code Execution Vulnerability
|CVE-2025-29964
|Windows Media Remote Code Execution Vulnerability
|CVE-2025-29968
|Active Directory Certificate Services (AD CS) Denial of Service Vulnerability
|CVE-2025-29969
|MS-EVEN RPC Remote Code Execution Vulnerability
|CVE-2025-29970
|Microsoft Brokering File System Elevation of Privilege Vulnerability
|CVE-2025-29971
|Web Threat Defense (WTD.sys) Denial of Service Vulnerability
|CVE-2025-29974
|Windows Kernel Information Disclosure Vulnerability
|CVE-2025-30385
|Windows Common Log File System Driver Elevation of Privilege Vulnerability
|CVE-2025-30388
|Windows Graphics Component Remote Code Execution Vulnerability
|CVE-2025-30394
|Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
|CVE-2025-30397
|Scripting Engine Memory Corruption Vulnerability
|CVE-2025-30400
|Microsoft DWM Core Library Elevation of Privilege Vulnerability
|CVE-2025-32701
|Windows Common Log File System Driver Elevation of Privilege Vulnerability
|CVE-2025-32706
|Windows Common Log File System Driver Elevation of Privilege Vulnerability
|CVE-2025-32707
|NTFS Elevation of Privilege Vulnerability
|CVE-2025-32709
|Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Office (14 CVEs)
|Critical severity
|CVE-2025-30377
|Microsoft Office Remote Code Execution Vulnerability
|CVE-2025-30386
|Microsoft Office Remote Code Execution Vulnerability
|Important severity
|CVE-2025-29977
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-29978
|Microsoft PowerPoint Remote Code Execution Vulnerability
|CVE-2025-29979
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30375
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30376
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30379
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30381
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30383
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30388
|Windows Graphics Component Remote Code Execution Vulnerability
|CVE-2025-30393
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-32704
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-32705
|Microsoft Outlook Remote Code Execution Vulnerability
365 (13 CVEs)
|Critical severity
|CVE-2025-30377
|Microsoft Office Remote Code Execution Vulnerability
|CVE-2025-30386
|Microsoft Office Remote Code Execution Vulnerability
|Important severity
|CVE-2025-29977
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-29978
|Microsoft PowerPoint Remote Code Execution Vulnerability
|CVE-2025-29979
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30375
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30376
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30379
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30381
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30383
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30393
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-32704
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-32705
|Microsoft Outlook Remote Code Execution Vulnerability
Excel (7 CVEs)
|Important severity
|CVE-2025-29977
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30375
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30376
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30379
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30381
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-30383
|Microsoft Excel Remote Code Execution Vulnerability
|CVE-2025-32704
|Microsoft Excel Remote Code Execution Vulnerability
SharePoint (4 CVEs)
|Important severity
|CVE-2025-29976
|Microsoft SharePoint Server Elevation of Privilege Vulnerability
|CVE-2025-30378
|Microsoft SharePoint Server Remote Code Execution Vulnerability
|CVE-2025-30382
|Microsoft SharePoint Server Remote Code Execution Vulnerability
|CVE-2025-30384
|Microsoft SharePoint Server Remote Code Execution Vulnerability
Visual Studio (4 CVEs)
|Important severity
|CVE-2025-21264
|Visual Studio Code Security Feature Bypass Vulnerability
|CVE-2025-26646
|.NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
|CVE-2025-32702
|Visual Studio Remote Code Execution Vulnerability
|CVE-2025-32703
|Visual Studio Information Disclosure Vulnerability
RDP Client (2 CVEs)
|Critical severity
|CVE-2025-29966
|Remote Desktop Client Remote Code Execution Vulnerability
|CVE-2025-29967
|Windows Remote Desktop Services Remote Code Execution Vulnerability
.NET (1 CVE)
|Important severity
|CVE-2025-26646
|.NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
Azure (1 CVE)
|Important severity
|CVE-2025-30387
|Document Intelligence Studio On-Prem Information Disclosure Vulnerability
Dataverse (1 CVE)
|Important severity
|CVE-2025-29826
|Microsoft Dataverse Elevation of Privilege Vulnerability
Defender (1 CVE)
|Important severity
|CVE-2025-26685
|Microsoft Defender for Identity Spoofing Vulnerability
Nuance PowerScribe 360 (1 CVE)
|Critical severity
|CVE-2025-30398
|Nuance PowerScribe 360 Information Disclosure Vulnerability
PC Manager (1 CVE)
|Important severity
|CVE-2025-29975
|Microsoft PC Manager Elevation of Privilege Vulnerability
Windows HLK (1 CVE)
|Important severity
|CVE-2025-27488
|Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability
Appendix D: Advisories and Other Products
There are 8 Adobe advisories in this month’s release.
|CVE-2025-43559
|APSB25-52
|Improper Input Validation (CWE-20)
|CVE-2025-43560
|APSB25-52
|Improper Input Validation (CWE-20)
|CVE-2025-43561
|APSB25-52
|Improper Access Control (CWE-284)
|CVE-2025-43562
|APSB25-52
|Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) (CWE-78)
|CVE-2025-43563
|APSB25-52
|Improper Access Control (CWE-284)
|CVE-2025-43564
|APSB25-52
|Incorrect Authorization (CWE-863)
|CVE-2025-43565
|APSB25-52
|Improper Access Control (CWE-284)
|CVE-2025-43566
|APSB25-52
|Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) (CWE-22)
There are, this month, an additional load of Microsoft advisories and informational releases that deserve attention. Most of them are Edge-related, and we present those in the usual fashion. However, seven additional CVEs involve Azure, Dataverse, or Power Apps. All of them have already been addressed by Microsoft and thus should pose no action item for administrators, but are significant enough that we choose to flag them here with their severities and CVSS scores. May’s release also includes servicing stack updates.
|ADV990001
|Latest Servicing Stack Updates
|CVE-2025-4050
|Chromium: CVE-2025-4050 Out of bounds memory access in DevTools
|CVE-2025-4051
|Chromium: CVE-2025-4051 Insufficient data validation in DevTools
|CVE-2025-4052
|Chromium: CVE-2025-4052 Inappropriate implementation in DevTools
|CVE-2025-4096
|Chromium: CVE-2025-4096 Heap buffer overflow in HTML
|CVE-2025-4372
|Chromium: CVE-2025-4372 Use after free in WebAudio
|CVE-2025-21353
|Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
|CVE-2025-21388
|Microsoft Edge (Chromium-based) Spoofing Vulnerability
|CVE-2025-29825
|Microsoft Edge (Chromium-based) Spoofing Vulnerability
|CVE
|Title
|Impact
|Severity
|CVSS Base
|CVSS Temporal
|CVE-2025-29813
|Azure DevOps Elevation of Privilege Vulnerability
|Elevation of Privilege
|Critical
|10.0
|9.0
|CVE-2025-29827
|Azure Automation Elevation of Privilege Vulnerability
|Elevation of Privilege
|Critical
|9.9
|8.9
|CVE-2025-29972
|Azure Storage Resource Provider Spoofing Vulnerability
|Spoofing
|Critical
|9.9
|8.9
|CVE-2025-29973
|Microsoft Azure File Sync Elevation of Privilege Vulnerability
|Elevation of Privilege
|Important
|7.0
|6.1
|CVE-2025-33072
|Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability
|Information Disclosure
|Critical
|8.1
|7.1
|CVE-2025-47732
|Microsoft Dataverse Remote Code Execution Vulnerability
|Remote Code Execution
|Critical
|8.7
|7.6
|CVE-2025-47733
|Microsoft Power Apps Information Disclosure Vulnerability
|Information Disclosure
|Critical
|9.1
|7.9
Appendix E: Affected Windows Server versions
This is a table of the CVEs in the May release affecting nine Windows Server versions, 2008 through 2025. The table differentiates among major versions of the platform but doesn’t go into deeper detail (eg., Server Core). Critical-severity issues are marked in red; an “x” indicates that the CVE does not apply to that version. Administrators are encouraged to use this appendix as a starting point to ascertain their specific exposure, as each reader’s situation, especially as it concerns products out of mainstream support, will vary. For specific Knowledge Base numbers, please consult Microsoft. Please note that CVE-2025-29971 is a client-only Windows issue and thus appears in this chart, but with no server versions marked.
|2008
|2008-R2
|2012
|2012-R2
|2016
|2019
|2022
|2022 23H2
|2025
|CVE-2025-24063
|■
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-26677
|×
|×
|×
|×
|■
|■
|■
|■
|■
|CVE-2025-27468
|×
|×
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-29829
|×
|×
|×
|×
|■
|■
|■
|■
|■
|CVE-2025-29830
|■
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-29831
|×
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-29832
|■
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-29833
|×
|×
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-29835
|×
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-29836
|■
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-29837
|■
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-29838
|×
|×
|×
|×
|×
|×
|×
|×
|■
|CVE-2025-29839
|■
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-29840
|×
|×
|×
|×
|■
|■
|■
|■
|×
|CVE-2025-29841
|×
|×
|×
|×
|×
|×
|■
|■
|■
|CVE-2025-29842
|×
|×
|×
|×
|■
|■
|■
|■
|■
|CVE-2025-29954
|■
|■
|■
|■
|■
|■
|■
|■
|×
|CVE-2025-29955
|×
|×
|×
|×
|×
|×
|×
|■
|■
|CVE-2025-29956
|■
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-29957
|■
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-29958
|■
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-29959
|■
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-29960
|■
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-29961
|■
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-29962
|■
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-29963
|×
|×
|×
|×
|×
|■
|■
|■
|■
|CVE-2025-29964
|×
|×
|×
|×
|×
|■
|■
|■
|■
|CVE-2025-29966
|×
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-29967
|×
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-29968
|■
|■
|■
|■
|■
|■
|■
|■
|×
|CVE-2025-29969
|■
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-29970
|×
|×
|×
|×
|×
|×
|×
|■
|■
|CVE-2025-29971
|×
|×
|×
|×
|×
|×
|×
|×
|×
|CVE-2025-29974
|■
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-30385
|■
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-30388
|■
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-30394
|×
|×
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-30397
|■
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-30400
|×
|×
|×
|×
|×
|■
|■
|■
|■
|CVE-2025-32701
|■
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-32706
|■
|■
|■
|■
|■
|■
|■
|■
|■
|CVE-2025-32707
|■
|■
|■
|■
|■
|■
|×
|×
|×
|CVE-2025-32709
|■
|■
|■
|■
|■
|■
|■
|■
|■