Microsoft Patch Tuesday: May 2025 | Apple Updates Everything: May 2025 Edition
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability | |||||||
| CVE-2025-26646 | No | No | - | - | Important | 8.0 | 7.0 |
| Active Directory Certificate Services (AD CS) Denial of Service Vulnerability | |||||||
| CVE-2025-29968 | No | No | - | - | Important | 6.5 | 5.7 |
| Azure Automation Elevation of Privilege Vulnerability | |||||||
| CVE-2025-29827 | No | No | - | - | Critical | 9.9 | 8.9 |
| Azure DevOps Server Elevation of Privilege Vulnerability | |||||||
| CVE-2025-29813 | No | No | - | - | Critical | 10.0 | 9.0 |
| Azure Storage Resource Provider Spoofing Vulnerability | |||||||
| CVE-2025-29972 | No | No | - | - | Critical | 9.9 | 8.9 |
| Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability | |||||||
| CVE-2025-30387 | No | No | - | - | Important | 9.8 | 8.5 |
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-24063 | No | No | - | - | Important | 7.8 | 6.8 |
| MS-EVEN RPC Remote Code Execution Vulnerability | |||||||
| CVE-2025-29969 | No | No | - | - | Important | 7.5 | 6.5 |
| Microsoft Azure File Sync Elevation of Privilege Vulnerability | |||||||
| CVE-2025-29973 | No | No | - | - | Important | 7.0 | 6.1 |
| Microsoft Brokering File System Elevation of Privilege Vulnerability | |||||||
| CVE-2025-29970 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft DWM Core Library Elevation of Privilege Vulnerability | |||||||
| CVE-2025-30400 | No | Yes | - | - | Important | 7.8 | 7.2 |
| Microsoft Dataverse Elevation of Privilege Vulnerability | |||||||
| CVE-2025-29826 | No | No | - | - | Important | 7.3 | 6.4 |
| Microsoft Dataverse Remote Code Execution Vulnerability | |||||||
| CVE-2025-47732 | No | No | - | - | Critical | 8.7 | 7.6 |
| Microsoft Defender Elevation of Privilege Vulnerability | |||||||
| CVE-2025-26684 | No | No | - | - | Important | 6.7 | 5.8 |
| Microsoft Defender for Identity Spoofing Vulnerability | |||||||
| CVE-2025-26685 | Yes | No | - | - | Important | 6.5 | 5.7 |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||||
| CVE-2025-29825 | No | No | Less Likely | Less Likely | Low | 6.5 | 5.7 |
| Microsoft Excel Remote Code Execution Vulnerability | |||||||
| CVE-2025-29977 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-29979 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-30375 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-30376 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-30379 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-30381 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-30383 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-30393 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-32704 | No | No | - | - | Important | 8.4 | 7.3 |
| Microsoft Office Remote Code Execution Vulnerability | |||||||
| CVE-2025-30377 | No | No | - | - | Critical | 8.4 | 7.3 |
| CVE-2025-30386 | No | No | - | - | Critical | 8.4 | 7.3 |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||||
| CVE-2025-32705 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft PC Manager Elevation of Privilege Vulnerability | |||||||
| CVE-2025-29975 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft Power Apps Information Disclosure Vulnerability | |||||||
| CVE-2025-47733 | No | No | - | - | Critical | 9.1 | 7.9 |
| Microsoft PowerPoint Remote Code Execution Vulnerability | |||||||
| CVE-2025-29978 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft SharePoint Server Elevation of Privilege Vulnerability | |||||||
| CVE-2025-29976 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||||
| CVE-2025-30378 | No | No | - | - | Important | 7.0 | 6.1 |
| CVE-2025-30382 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-30384 | No | No | - | - | Important | 7.4 | 6.4 |
| Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability | |||||||
| CVE-2025-29833 | No | No | - | - | Critical | 7.1 | 6.2 |
| Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability | |||||||
| CVE-2025-27488 | No | No | - | - | Important | 6.7 | 5.8 |
| Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability | |||||||
| CVE-2025-33072 | No | No | - | - | Critical | 8.1 | 7.1 |
| NTFS Elevation of Privilege Vulnerability | |||||||
| CVE-2025-32707 | No | No | - | - | Important | 7.8 | 6.8 |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||||
| CVE-2025-29966 | No | No | - | - | Critical | 8.8 | 7.7 |
| CVE-2025-29967 | No | No | - | - | Critical | 8.8 | 7.7 |
| Scripting Engine Memory Corruption Vulnerability | |||||||
| CVE-2025-30397 | No | Yes | - | - | Important | 7.5 | 7.0 |
| Universal Print Management Service Elevation of Privilege Vulnerability | |||||||
| CVE-2025-29841 | No | No | - | - | Important | 7.0 | 6.1 |
| UrlMon Security Feature Bypass Vulnerability | |||||||
| CVE-2025-29842 | No | No | - | - | Important | 7.5 | 6.5 |
| Visual Studio Code Security Feature Bypass Vulnerability | |||||||
| CVE-2025-21264 | No | No | - | - | Important | 7.1 | 6.2 |
| Visual Studio Information Disclosure Vulnerability | |||||||
| CVE-2025-32703 | No | No | - | - | Important | 5.5 | 4.8 |
| Visual Studio Remote Code Execution Vulnerability | |||||||
| CVE-2025-32702 | Yes | No | - | - | Important | 7.8 | 6.8 |
| Web Threat Defense (WTD.sys) Denial of Service Vulnerability | |||||||
| CVE-2025-29971 | No | No | - | - | Important | 7.5 | 6.5 |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||||||
| CVE-2025-32709 | No | Yes | - | - | Important | 7.8 | 6.8 |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-32701 | No | Yes | - | - | Important | 7.8 | 7.2 |
| CVE-2025-32706 | No | Yes | - | - | Important | 7.8 | 7.2 |
| CVE-2025-30385 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows Deployment Services Denial of Service Vulnerability | |||||||
| CVE-2025-29957 | No | No | - | - | Important | 6.2 | 5.4 |
| Windows ExecutionContext Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-29838 | No | No | - | - | Important | 7.4 | 6.4 |
| Windows Graphics Component Remote Code Execution Vulnerability | |||||||
| CVE-2025-30388 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows Hyper-V Denial of Service Vulnerability | |||||||
| CVE-2025-29955 | No | No | - | - | Important | 6.2 | 5.4 |
| Windows Installer Information Disclosure Vulnerability | |||||||
| CVE-2025-29837 | No | No | - | - | Important | 5.5 | 4.8 |
| Windows Kernel Information Disclosure Vulnerability | |||||||
| CVE-2025-29974 | No | No | - | - | Important | 5.7 | 5.0 |
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-27468 | No | No | - | - | Important | 7.0 | 6.1 |
| Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | |||||||
| CVE-2025-29954 | No | No | - | - | Important | 5.9 | 5.2 |
| Windows Media Remote Code Execution Vulnerability | |||||||
| CVE-2025-29964 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2025-29840 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2025-29962 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2025-29963 | No | No | - | - | Important | 8.8 | 7.7 |
| Windows Multiple UNC Provider Driver Information Disclosure Vulnerability | |||||||
| CVE-2025-29839 | No | No | - | - | Important | 4.0 | 3.5 |
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | |||||||
| CVE-2025-29835 | No | No | - | - | Important | 6.5 | 5.7 |
| Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | |||||||
| CVE-2025-30394 | No | No | - | - | Important | 5.9 | 5.2 |
| CVE-2025-26677 | No | No | - | - | Important | 7.5 | 6.5 |
| Windows Remote Desktop Services Remote Code Execution Vulnerability | |||||||
| CVE-2025-29831 | No | No | - | - | Important | 7.5 | 6.5 |
| Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | |||||||
| CVE-2025-29959 | No | No | - | - | Important | 6.5 | 5.7 |
| CVE-2025-29960 | No | No | - | - | Important | 6.5 | 5.7 |
| CVE-2025-29830 | No | No | - | - | Important | 6.5 | 5.7 |
| CVE-2025-29832 | No | No | - | - | Important | 6.5 | 5.7 |
| CVE-2025-29836 | No | No | - | - | Important | 6.5 | 5.7 |
| CVE-2025-29958 | No | No | - | - | Important | 6.5 | 5.7 |
| CVE-2025-29961 | No | No | - | - | Important | 6.5 | 5.7 |
| Windows SMB Information Disclosure Vulnerability | |||||||
| CVE-2025-29956 | No | No | - | - | Important | 5.4 | 4.7 |
| Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability | |||||||
| CVE-2025-29829 | No | No | - | - | Important | 5.5 | 4.8 |