Cyber Security

August Patch Tuesday contains blasts from the (current) previous – Sophos Information

August 15, 2025

Microsoft on Tuesday introduced 109 patches affecting 16 product households. Eighteen of the addressed points are thought-about by Microsoft to be of Important severity, and 31 have a CVSS base rating of 8.0 or greater, together with a “excellent” 10.0 affecting Azure. None are identified to be beneath energetic exploit within the wild, although two Home windows points (CVE-2025-53786 and CVE-2025-53779) are already publicly disclosed.
At patch time, 9 CVEs are judged extra prone to be exploited within the subsequent 30 days by the corporate’s estimation. Varied of this month’s points are amenable to direct detection by Sophos protections, and we embody info on these in a desk beneath. As well as, eight CVEs included on this month’s set, principally involving cloud-centric product households comparable to Azure and 365, are already patched – together with the CVSS-10 merchandise talked about above. We now have included info on all eight in Appendix D. Curiously, two of these have been really patched a full month in the past, within the July cycle, however a clerical mix-up left that info out of Microsoft’s July launch supplies. We embody these two in our August rely. Advisory info on ten Edge fixes was additionally included on this month’s launch, and will be seen in Appendix D.
We’re as at all times together with on the finish of this publish further appendices itemizing all Microsoft’s patches sorted by severity, by predicted exploitability timeline and CVSS Base rating, and by product household. One other appendix covers advisory-style updates and the checklist of points mentioned on this month’s launch supplies however mitigated previous to the discharge, and one other supplies breakout of the patches affecting the varied Home windows Server platforms nonetheless in help.
By the numbers

Complete CVEs: 109
Publicly disclosed: 2*
Exploit detected: 0
Severity

Important: 18
Essential: 90
Average: 1

Impression

Elevation of Privilege: 44
Distant Code Execution: 35
Data Disclosure: 18
Spoofing: 7
Denial of Service: 4
Tampering: 1

CVSS Base rating 10.0: 1
CVSS Base rating 9.0 or higher: 5
CVSS Base rating 8.0 or higher: 31

* Microsoft’s official launch materials states that only one vulnerability, CVE-2025-53779, is publicly disclosed by their requirements. Nevertheless, CVE-2025-53786 was publicly demonstrated at Black Hat final week and has been very extensively mentioned since then, with a CISA Emergency Directive issued. We embody it in our tally for completeness.

Determine 1: Elevation of Privilege vulnerabilities outpace Distant Code Execution flaws for the second month in a row, however RCE points account for extra Important-severity patches
Merchandise

Home windows: 65*
365: 16**
Workplace: 16
Azure: 7***
SQL: 6
Trade: 5
Excel: 4
SharePoint: 4
Phrase: 3
Dynamics 365: 2
PowerPoint: 1
Groups: 1
Visible Studio: 1
Net Deploy: 1
Home windows Safety App: 1
Home windows Subsystem for Linux (WSL2): 1

* As talked about, the discharge info states that two of those have been patched with the July launch; we embody these two within the August counts right here and all through this publish.
** Consists of two Important-severity patches for Microsoft 365 Copilot’s Enterprise Chat.
*** The discharge info notes that 4 of the Azure vulnerabilities have already been mitigated.
As is our customized for this checklist, CVEs that apply to multiple product household are counted as soon as for every household they have an effect on. We word, by the best way, that CVE names don’t at all times replicate affected product households carefully. Particularly, some CVEs names within the Workplace household might point out merchandise that don’t seem within the checklist of merchandise affected by the CVE, and vice versa.

Determine 2: Home windows patches 5 Important-severity patches in August, however so do Azure and Workplace – and 365 has all of them beat with six
Notable August updates
Along with the problems mentioned above, quite a lot of particular gadgets benefit consideration.
CVE-2025-50165 — Home windows Graphics Part Distant Code Execution VulnerabilityCVE-2025-53766 — GDI+ Distant Code Execution Vulnerability
It’s a tricky month for Home windows graphics-related componentry, as these two vulnerabilities weigh in with 9.8 CVSS Base scores. CVE-2025-50165 requires no consumer interplay, and will be exploited by an uninitialized operate pointer being known as when decoding a malicious JPEG, which might be embedded in a doc, a Net web page, or what you’ll. It impacts strictly the latest variations of Home windows (Win 11 2H24, Server 2025). Equally, CVE-2025-53766 might be triggered with out consumer interplay, ought to an attacker handle to add paperwork containing a specifically crafted metafile to an internet service. (Alternately, they might craft a doc containing the metafile, ship it to an unwary consumer, and get them to open it.) Unusually, this CVE impacts each Home windows and Workplace.
CVE-2025-49712 — Microsoft SharePoint Distant Code Execution Vulnerability
As most Microsoft observers know effectively, there was lots to say between the July and August Patch Tuesday releases about SharePoint. This subject, nevertheless, appears unrelated to ToolShell, although it’s pretty disagreeable all by itself, permitting any authenticated attacker to execute code over the community with little prior information of the community required.
CVE-2025-53731, CVE-2025-53733, CVE-2025-53740, CVE-2025-53784 – 4 365/Workplace points
Preview Pane is a vector for all 4 of those vulnerabilities.
CVE-2025-53774, CVE-2025-53787 — Microsoft 365 Copilot BizChat Data Disclosure Vulnerability
These identically titled information-disclosure vulnerabilities, each Important-severity, are talked about in Microsoft’s abstract info for August, however the firm notes that each have already been mitigated. Nevertheless, CVE-2025-53787 particularly didn’t go quietly, and web commenters had issues to say in regards to the future implications of bugs of this nature. (It’s attention-grabbing to notice that earlier info from Microsoft, as per the WindowsForum publish, thought-about the difficulty to be Essential in severity; the discharge on Tuesday categorised it as Important.)
CVE-2025-53786 — Microsoft Trade Server Hybrid Deployment Elevation of Privilege Vulnerability
As famous above, this Essential-severity EoP subject bought loads of consideration at Black Hat and from CISA earlier this month. It’s a bug to be taken critically, and Microsoft states that they imagine it’s one of many vulnerabilities extra prone to be exploited inside the first 30 days post-release. However the story of how this patch arrived at launch is an attention-grabbing one from a disclosure standpoint. The finder, Dirk-jan Mollema with Outsider Safety, labored with Microsoft to type out the difficulty previous to his Black Hat presentation. In flip, Microsoft credit his discover of their launch supplies, an indication that the disclosure was well-coordinated. The problem itself pertains to an April hotfix for hybrid Trade deployments.
CVE-2024-53772 — Net Deploy Distant Code Execution Vulnerability
Net Deploy, for these not acquainted with the device, is used to deploy Net functions and Websites to IIS servers. It is going to seemingly be acquainted to customers of Visible Studio.

Determine 3: Distant Code Execution points proceed to guide all different varieties in 2025’s Patch Tuesday releases, however Elevation of Privilege points are shut behind – 266 to 257, by our rely. In the meantime, Spoofing picks up its first Important-severity case in August, and the primary non-advisory Average-severity patch of the 12 months is famous
Sophos protections

CVE
Sophos Intercept X/Endpoint IPS
Sophos XGS Firewall

CVE-2025-49743
Exp/2549743-A
Exp/2549743-A

CVE-2025-50167
Exp/2550167-A
Exp/2550167-A

CVE-2025-50168
Exp/2550168-A
Exp/2550168-A

CVE-2025-50177
SID:2311472,2311473
SID:2311472,2311473

CVE-2025-53132
Exp/2553132-A
Exp/2553132-A

CVE-2025-53147
Exp/2553147-A
Exp/2553147-A

CVE-2025-53778
SID:2311491
SID:2311491

As you’ll be able to each month, in the event you don’t need to wait to your system to drag down Microsoft’s updates itself, you’ll be able to obtain them manually from the Home windows Replace Catalog web site. Run the winver.exe device to find out which construct of Home windows 10 or 11 you’re working, then obtain the Cumulative Replace bundle to your particular system’s structure and construct quantity.
Appendix A: Vulnerability Impression and Severity
It is a checklist of August patches sorted by influence, then sub-sorted by severity. Every checklist is additional organized by CVE.
Elevation of Privilege (44 CVEs)

Important severity

CVE-2025-24999
Microsoft SQL Server Elevation of Privilege Vulnerability

CVE-2025-53767
Azure OpenAI Elevation of Privilege Vulnerability

CVE-2025-53778
Home windows NTLM Elevation of Privilege Vulnerability

CVE-2025-53792
Azure Portal Elevation of Privilege Vulnerability

Essential severity

CVE-2025-47954
Microsoft SQL Server Elevation of Privilege Vulnerability

CVE-2025-49743
Home windows Graphics Part Elevation of Privilege Vulnerability

CVE-2025-49758
Microsoft SQL Server Elevation of Privilege Vulnerability

CVE-2025-49759
Microsoft SQL Server Elevation of Privilege Vulnerability

CVE-2025-49761
Home windows Kernel Elevation of Privilege Vulnerability

CVE-2025-49762
Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability

CVE-2025-50153
Desktop Home windows Supervisor Elevation of Privilege Vulnerability

CVE-2025-50155
Home windows Push Notifications Apps Elevation of Privilege Vulnerability

CVE-2025-50159
Distant Entry Level-to-Level Protocol (PPP) EAP-TLS Elevation of Privilege Vulnerability

CVE-2025-50161
Win32k Elevation of Privilege Vulnerability

CVE-2025-50167
Home windows Hyper-V Elevation of Privilege Vulnerability

CVE-2025-50168
Win32k Elevation of Privilege Vulnerability

CVE-2025-50170
Home windows Cloud Information Mini Filter Driver Elevation of Privilege Vulnerability

CVE-2025-50173
Home windows Installer Elevation of Privilege Vulnerability

CVE-2025-53132
Win32k Elevation of Privilege Vulnerability

CVE-2025-53133
Home windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

CVE-2025-53134
Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability

CVE-2025-53135
DirectX Graphics Kernel Elevation of Privilege Vulnerability

CVE-2025-53137
Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability

CVE-2025-53140
Home windows Kernel Transaction Supervisor Elevation of Privilege Vulnerability

CVE-2025-53141
Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability

CVE-2025-53142
Microsoft Brokering File System Elevation of Privilege Vulnerability

CVE-2025-53147
Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability

CVE-2025-53149
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

CVE-2025-53151
Home windows Kernel Elevation of Privilege Vulnerability

CVE-2025-53154
Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability

CVE-2025-53155
Home windows Hyper-V Elevation of Privilege Vulnerability

CVE-2025-53718
Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability

CVE-2025-53721
Home windows Linked Gadgets Platform Service Elevation of Privilege Vulnerability

CVE-2025-53723
Home windows Hyper-V Elevation of Privilege Vulnerability

CVE-2025-53724
Home windows Push Notifications Apps Elevation of Privilege Vulnerability

CVE-2025-53725
Home windows Push Notifications Apps Elevation of Privilege Vulnerability

CVE-2025-53726
Home windows Push Notifications Apps Elevation of Privilege Vulnerability

CVE-2025-53727
Microsoft SQL Server Elevation of Privilege Vulnerability

CVE-2025-53729
Microsoft Azure File Sync Elevation of Privilege Vulnerability

CVE-2025-53760
Microsoft SharePoint Elevation of Privilege Vulnerability

CVE-2025-53786
Microsoft Trade Server Hybrid Deployment Elevation of Privilege Vulnerability

CVE-2025-53788
Home windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability

CVE-2025-53789
Home windows StateRepository API Server file Elevation of Privilege Vulnerability

Average severity

CVE-2025-53779
Home windows Kerberos Elevation of Privilege Vulnerability

Distant Code Execution (35 CVEs)

Important severity

CVE-2025-48807
Microsoft SQL Server Distant Code Execution Vulnerability

CVE-2025-50165
Home windows Graphics Part Distant Code Execution Vulnerability

CVE-2025-50176
DirectX Graphics Kernel Distant Code Execution Vulnerability

CVE-2025-50177
Microsoft Message Queuing (MSMQ) Distant Code Execution Vulnerability

CVE-2025-53731
Microsoft Workplace Distant Code Execution Vulnerability

CVE-2025-53733
Microsoft Phrase Distant Code Execution Vulnerability

CVE-2025-53740
Microsoft Workplace Distant Code Execution Vulnerability

CVE-2025-53766
GDI+ Distant Code Execution Vulnerability

CVE-2025-53784
Microsoft Phrase Distant Code Execution Vulnerability

CVE-2025-48807
Microsoft SQL Server Distant Code Execution Vulnerability

Essential severity

CVE-2025-49712
Microsoft SharePoint Distant Code Execution Vulnerability

CVE-2025-49757
Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability

CVE-2025-50160
Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability

CVE-2025-50162
Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability

CVE-2025-50163
Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability

CVE-2025-50164
Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability

CVE-2025-50169
Home windows SMB Distant Code Execution Vulnerability

CVE-2025-53131
Home windows Media Distant Code Execution Vulnerability

CVE-2025-53143
Microsoft Message Queuing (MSMQ) Distant Code Execution Vulnerability

CVE-2025-53144
Microsoft Message Queuing (MSMQ) Distant Code Execution Vulnerability

CVE-2025-53145
Microsoft Message Queuing (MSMQ) Distant Code Execution Vulnerability

CVE-2025-53152
Desktop Home windows Supervisor Distant Code Execution Vulnerability

CVE-2025-53720
Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability

CVE-2025-53730
Microsoft Workplace Visio Distant Code Execution Vulnerability

CVE-2025-53732
Microsoft Workplace Distant Code Execution Vulnerability

CVE-2025-53734
Microsoft Workplace Visio Distant Code Execution Vulnerability

CVE-2025-53735
Microsoft Excel Distant Code Execution Vulnerability

CVE-2025-53737
Microsoft Excel Distant Code Execution Vulnerability

CVE-2025-53738
Microsoft Phrase Distant Code Execution Vulnerability

CVE-2025-53739
Microsoft Excel Distant Code Execution Vulnerability

CVE-2025-53741
Microsoft Excel Distant Code Execution Vulnerability

CVE-2025-53759
Microsoft Excel Distant Code Execution Vulnerability

CVE-2025-53761
Microsoft PowerPoint Distant Code Execution Vulnerability

CVE-2025-53772
Net Deploy Distant Code Execution Vulnerability

CVE-2025-53773
GitHub Copilot and Visible Studio Distant Code Execution Vulnerability

CVE-2025-53783
Microsoft Groups Distant Code Execution Vulnerability

Data Disclosure (18 CVEs)

Important severity

CVE-2025-53774
Microsoft 365 Copilot BizChat Data Disclosure Vulnerability

CVE-2025-53781
Azure Digital Machines Data Disclosure Vulnerability

CVE-2025-53787
Microsoft 365 Copilot BizChat Data Disclosure Vulnerability

CVE-2025-53793
Azure Stack Hub Data Disclosure Vulnerability

Essential severity

CVE-2025-33051
Microsoft Trade Server Data Disclosure Vulnerability

CVE-2025-50156
Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability

CVE-2025-50157
Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability

CVE-2025-50158
Home windows NTFS Data Disclosure Vulnerability

CVE-2025-50166
Home windows Distributed Transaction Coordinator (MSDTC) Data Disclosure Vulnerability

CVE-2025-53136
NT OS Kernel Data Disclosure Vulnerability

CVE-2025-53138
Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability

CVE-2025-53148
Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability

CVE-2025-53153
Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability

CVE-2025-53156
Home windows Storage Port Driver Data Disclosure Vulnerability

CVE-2025-53719
Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability

CVE-2025-53728
Microsoft Dynamics 365 (On-Premises) Data Disclosure Vulnerability

CVE-2025-53736
Microsoft Phrase Data Disclosure Vulnerability

CVE-2025-53765
Azure Stack Hub Data Disclosure Vulnerability

Spoofing (7 CVEs)

Important severity

CVE-2025-49707
Azure Digital Machines Spoofing Vulnerability

Essential severity

CVE-2025-25006
Microsoft Trade Server Spoofing Vulnerability

CVE-2025-25007
Microsoft Trade Server Spoofing Vulnerability

CVE-2025-49745
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CVE-2025-50154
Microsoft Home windows File Explorer Spoofing Vulnerability

CVE-2025-50171
Distant Desktop Spoofing Vulnerability

CVE-2025-53769
Home windows Safety App Spoofing Vulnerability

Denial of Service (4 CVEs)

Essential severity

CVE-2025-49751
Home windows Hyper-V Denial of Service Vulnerability

CVE-2025-50172
DirectX Graphics Kernel Denial of Service Vulnerability

CVE-2025-53716
Native Safety Authority Subsystem Service (LSASS) Denial of Service Vulnerability

CVE-2025-53722
Home windows Distant Desktop Providers Denial of Service Vulnerability

Tampering (1 CVE)

Essential severity

CVE-2025-25005
Microsoft Trade Server Tampering Vulnerability

Appendix B: Exploitability and CVSS
It is a checklist of the August CVEs judged by Microsoft to be extra prone to be exploited within the wild inside the first 30 days post-release. (No CVE amongst this month’s patches is understood to be already exploited within the wild, in order that checklist doesn’t seem this month.) The checklist is additional organized by CVE.

Exploitation extra seemingly inside the subsequent 30 days

CVE-2025-49743
Home windows Graphics Part Elevation of Privilege Vulnerability

CVE-2025-50167
Home windows Hyper-V Elevation of Privilege Vulnerability

CVE-2025-50168
Win32k Elevation of Privilege Vulnerability

CVE-2025-50177
Microsoft Message Queuing (MSMQ) Distant Code Execution Vulnerability

CVE-2025-53132
Win32k Elevation of Privilege Vulnerability

CVE-2025-53147
Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability

CVE-2025-53156
Home windows Storage Port Driver Data Disclosure Vulnerability

CVE-2025-53778
Home windows NTLM Elevation of Privilege Vulnerability

CVE-2025-53786
Microsoft Trade Server Hybrid Deployment Elevation of Privilege Vulnerability

It is a checklist of August’s CVEs with a Microsoft-assessed CVSS Base rating of 8.0 or greater. They’re organized by rating and additional sorted by CVE. For extra info on how CVSS works, please see our collection on patch prioritization schema.

CVSS Base
CVSS Temporal
CVE
Title

10.0
8.7
CVE-2025-53767
Azure OpenAI Elevation of Privilege Vulnerability

9.8
8.5
CVE-2025-50165
Home windows Graphics Part Distant Code Execution Vulnerability

9.8
8.5
CVE-2025-53766
GDI+ Distant Code Execution Vulnerability

9.1
7.9
CVE-2025-50171
Distant Desktop Spoofing Vulnerability

9.1
7.9
CVE-2025-53792
Azure Portal Elevation of Privilege Vulnerability

8.8
7.7
CVE-2025-24999
Microsoft SQL Server Elevation of Privilege Vulnerability

8.8
7.7
CVE-2025-47954
Microsoft SQL Server Elevation of Privilege Vulnerability

8.8
7.7
CVE-2025-49712
Microsoft SharePoint Distant Code Execution Vulnerability

8.8
7.7
CVE-2025-49757
Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability

8.8
7.7
CVE-2025-49758
Microsoft SQL Server Elevation of Privilege Vulnerability

8.8
7.7
CVE-2025-49759
Microsoft SQL Server Elevation of Privilege Vulnerability

8.8
7.7
CVE-2025-50163
Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability

8.8
7.7
CVE-2025-53131
Home windows Media Distant Code Execution Vulnerability

8.8
7.7
CVE-2025-53143
Microsoft Message Queuing (MSMQ) Distant Code Execution Vulnerability

8.8
7.7
CVE-2025-53144
Microsoft Message Queuing (MSMQ) Distant Code Execution Vulnerability

8.8
7.7
CVE-2025-53145
Microsoft Message Queuing (MSMQ) Distant Code Execution Vulnerability

8.8
7.7
CVE-2025-53727
Microsoft SQL Server Elevation of Privilege Vulnerability

8.8
7.7
CVE-2025-53772
Net Deploy Distant Code Execution Vulnerability

8.8
7.7
CVE-2025-53778
Home windows NTLM Elevation of Privilege Vulnerability

8.4
7.3
CVE-2025-53731
Microsoft Workplace Distant Code Execution Vulnerability

8.4
7.3
CVE-2025-53733
Microsoft Phrase Distant Code Execution Vulnerability

8.4
7.3
CVE-2025-53740
Microsoft Workplace Distant Code Execution Vulnerability

8.4
7.3
CVE-2025-53784
Microsoft Phrase Distant Code Execution Vulnerability

8.2
7.1
CVE-2025-53787
Microsoft 365 Copilot BizChat Data Disclosure Vulnerability

8.1
7.1
CVE-2025-50177
Microsoft Message Queuing (MSMQ) Distant Code Execution Vulnerability

8.0
7.0
CVE-2025-50160
Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability

8.0
7.0
CVE-2025-50162
Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability

8.0
7.0
CVE-2025-50164
Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability

8.0
7.0
CVE-2025-53132
Win32k Elevation of Privilege Vulnerability

8.0
7.0
CVE-2025-53720
Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability

8.0
7.0
CVE-2025-53786
Microsoft Trade Server Hybrid Deployment Elevation of Privilege Vulnerability

Appendix C: Merchandise Affected
It is a checklist of August’s patches sorted by product household, then sub-sorted by severity. Every checklist is additional organized by CVE. Patches which are shared amongst a number of product households are listed a number of occasions, as soon as for every product household. Sure vital points for which advisories have been issued are lined in Appendix D, and points affecting Home windows Server are additional sorted in Appendix E. All CVE titles are correct as made obtainable by Microsoft; for additional info on why sure merchandise might seem in titles and never product households (or vice versa), please seek the advice of Microsoft.
Home windows (65 CVEs)