On this June 2025 Patch Tuesday, Microsoft has rolled out security updates addressing a total of 66 vulnerabilities. Among these, one vulnerability is actively being exploited, while another has been publicly disclosed. The updates include fixes for ten “Critical” vulnerabilities, with eight categorized as remote code execution vulnerabilities and two related to elevation of privileges.
The breakdown of vulnerabilities by category is as follows:
- 13 Elevation of Privilege Vulnerabilities
- 3 Security Feature Bypass Vulnerabilities
- 25 Remote Code Execution Vulnerabilities
- 17 Information Disclosure Vulnerabilities
- 6 Denial of Service Vulnerabilities
- 2 Spoofing Vulnerabilities
It is important to note that this count excludes vulnerabilities addressed earlier this month in Mariner, Microsoft Edge, and Power Automate.
For those interested in non-security updates, dedicated articles are available on the Windows 11 cumulative updates KB5060842 and KB5060999, as well as the Windows 10 cumulative update KB5060533.
Two zero-days
This month’s Patch Tuesday addresses one actively exploited zero-day vulnerability and another that has been publicly disclosed. Microsoft defines a zero-day flaw as one that is either publicly disclosed or actively exploited without an official fix available.
The actively exploited zero-day vulnerability included in today’s updates is:
CVE-2025-33053 – Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability
This vulnerability was identified by Check Point Research, which states, “A remote code execution vulnerability exists in Microsoft Windows Web Distributed Authoring and Versioning. Successful exploitation could allow a remote attacker to execute arbitrary code on the affected system.” Exploitation requires the user to click on a specially crafted WebDAV URL.
Check Point Research has reported that this vulnerability was exploited in zero-day attacks by an APT group known as “Stealth Falcon.” In March 2025, they identified an attempted cyberattack against a defense company in Turkey, where the attackers used a previously undisclosed technique to execute files hosted on a WebDAV server they controlled.
Following responsible disclosure, Microsoft assigned the vulnerability CVE-2025-33053 and released a patch on June 10, 2025, as part of their June Patch Tuesday updates. The discovery of this flaw is credited to Alexandra Gofman and David Driker from Check Point Research.
The publicly disclosed zero-day vulnerability is:
CVE-2025-33073 – Windows SMB Client Elevation of Privilege Vulnerability
This flaw allows attackers to gain SYSTEM privileges on vulnerable devices due to improper access control in Windows SMB. Microsoft explains, “To exploit this vulnerability, an attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate.” Although an update is now available, the flaw can be mitigated by enforcing server-side SMB signing via Group Policy.
The discovery of this vulnerability is attributed to multiple researchers, including Keisuke Hirata from CrowdStrike, Synacktiv research team, Stefan Walter from SySS GmbH, RedTeam Pentesting GmbH, and James Forshaw from Google Project Zero.
Recent updates from other companies
In addition to Microsoft, several other vendors have released updates or advisories in June 2025:
- Adobe issued security updates for InCopy, Experience Manager, Commerce, InDesign, Substance 3D Sampler, Acrobat Reader, and Substance 3D Painter.
- Cisco released patches for three vulnerabilities with public exploit code in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) products.
- Fortinet provided security updates for an OS command injection vulnerability in FortiManager, FortiAnalyzer, and FortiAnalyzer-BigData products.
- Google released June 2025 security updates for Android, addressing numerous vulnerabilities, including an actively exploited zero-day flaw in Google Chrome.
- Hewlett Packard Enterprise (HPE) issued security updates to fix eight vulnerabilities impacting StoreOnce.
- Ivanti released updates to address three high-severity hardcoded key vulnerabilities in Workspace Control (IWC).
- Qualcomm released security updates for three zero-day vulnerabilities in the Adreno Graphics Processing Unit (GPU) driver, which are being exploited in targeted attacks.
- Roundcube provided security updates for a critical remote code execution flaw that is currently being exploited in attacks.
- SAP released security updates for multiple products, including a critical missing authorization check in SAP NetWeaver Application Server for ABAP.
The June 2025 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities in the June 2025 Patch Tuesday updates. For a full description of each vulnerability and the systems it affects, please refer to the complete report.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET and Visual Studio | CVE-2025-30399 | .NET and Visual Studio Remote Code Execution Vulnerability | Important |
| App Control for Business (WDAC) | CVE-2025-33069 | Windows App Control for Business Security Feature Bypass Vulnerability | Important |
| Microsoft AutoUpdate (MAU) | CVE-2025-47968 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Important |
| Microsoft Local Security Authority Server (lsasrv) | CVE-2025-33056 | Windows Local Security Authority (LSA) Denial of Service Vulnerability | Important |
| Microsoft Office | CVE-2025-47164 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-47167 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-47162 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-47173 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-47953 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office Excel | CVE-2025-47165 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-47174 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Outlook | CVE-2025-47171 | Microsoft Outlook Remote Code Execution Vulnerability | Important |
| Microsoft Office Outlook | CVE-2025-47176 | Microsoft Outlook Remote Code Execution Vulnerability | Important |
| Microsoft Office PowerPoint | CVE-2025-47175 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-47172 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2025-47166 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-47163 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-47170 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-47957 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-47169 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-47168 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Nuance Digital Engagement Platform | CVE-2025-47977 | Nuance Digital Engagement Platform Spoofing Vulnerability | Important |
| Remote Desktop Client | CVE-2025-32715 | Remote Desktop Protocol Client Information Disclosure Vulnerability | Important |
| Visual Studio | CVE-2025-47959 | Visual Studio Remote Code Execution Vulnerability | Important |
| WebDAV | CVE-2025-33053 | Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2025-32713 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Cryptographic Services | CVE-2025-29828 | Windows Schannel Remote Code Execution Vulnerability | Critical |
| Windows DHCP Server | CVE-2025-33050 | DHCP Server Service Denial of Service Vulnerability | Important |
| Windows DHCP Server | CVE-2025-32725 | DHCP Server Service Denial of Service Vulnerability | Important |
| Windows DWM Core Library | CVE-2025-33052 | Windows DWM Core Library Information Disclosure Vulnerability | Important |
| Windows Hello | CVE-2025-47969 | Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability | Important |
| Windows Installer | CVE-2025-33075 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Installer | CVE-2025-32714 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows KDC Proxy Service (KPSSVC) | CVE-2025-33071 | Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability | Critical |
| Windows Kernel | CVE-2025-33067 | Windows Task Scheduler Elevation of Privilege Vulnerability | Important |
| Windows Local Security Authority (LSA) | CVE-2025-33057 | Windows Local Security Authority (LSA) Denial of Service Vulnerability | Important |
| Windows Local Security Authority Subsystem Service (LSASS) | CVE-2025-32724 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | Important |
| Windows Media | CVE-2025-32716 | Windows Media Elevation of Privilege Vulnerability | Important |
| Windows Netlogon | CVE-2025-33070 | Windows Netlogon Elevation of Privilege Vulnerability | Critical |
| Windows Recovery Driver | CVE-2025-32721 | Windows Recovery Driver Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2025-47955 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
| Windows Remote Desktop Services | CVE-2025-32710 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-33064 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-33066 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows SDK | CVE-2025-47962 | Windows SDK Elevation of Privilege Vulnerability | Important |
| Windows Secure Boot | CVE-2025-3052 | Cert CC: CVE-2025-3052 InsydeH2O Secure Boot Bypass | Important |
| Windows Security App | CVE-2025-47956 | Windows Security App Spoofing Vulnerability | Important |
| Windows Shell | CVE-2025-47160 | Windows Shortcut Files Security Feature Bypass Vulnerability | Important |
| Windows SMB | CVE-2025-33073 | Windows SMB Client Elevation of Privilege Vulnerability | Important |
| Windows SMB | CVE-2025-32718 | Windows SMB Client Elevation of Privilege Vulnerability | Important |
| Windows Standards-Based Storage Management Service | CVE-2025-33068 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-32719 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-24065 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-24068 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33055 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-24069 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33060 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33059 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33062 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33061 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33058 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-32720 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33065 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33063 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Port Driver | CVE-2025-32722 | Windows Storage Port Driver Information Disclosure Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2025-32712 | Win32k Elevation of Privilege Vulnerability | Important |