Cyber Security

June Patch Tuesday digs into 67 bugs – Sophos Information

June 20, 2025

.Microsoft on Tuesday launched 67 patches affecting 12 product households. Ten of the addressed points, 5 involving 365 and Workplace and one involving SharePoint, are thought of by Microsoft to be of Essential severity, and 17 have a CVSS base rating of 8.0 or larger. One, an Essential-severity RCE in Home windows associated to WEBDAV (CVE-2025-33053), is thought to be underneath lively exploitation within the wild. An extra Essential-severity SMB challenge has been publicly disclosed, however is just not at present identified to be underneath exploit.
At patch time, 9 further CVEs usually tend to be exploited within the subsequent 30 days by the corporate’s estimation, not together with the WEBDAV challenge talked about above. Numerous of this month’s points are amenable to direct detection by Sophos protections, and we embrace info on these in a desk under. This most definitely consists of CVE-2025-33053, wherein Sophos itself has taken a specific curiosity – and, apparently, vice versa.
Along with these patches, ten Adobe Reader fixes, 4 of them thought of to be of Essential severity, are included within the launch. These are listed in Appendix D under. That appendix additionally comprises info on two Edge-related vulnerabilities and a Essential-severity Energy Automate challenge that was addressed earlier this month, in addition to restricted info on a Essential-severity bug in Copilot for which an advisory was launched the next day (Wednesday). The periodically launched Servicing Stack updates are additionally obtainable.
We’re as at all times together with on the finish of this put up further appendices itemizing all Microsoft’s patches sorted by severity, by predicted exploitability timeline and CVSS Base rating, and by product household; an appendix protecting the advisory-style updates; and a breakout of the patches affecting the varied Home windows Server platforms nonetheless in assist.
By the numbers

Complete CVEs: 67
Publicly disclosed: 1
Exploit detected: 1
Severity

Essential: 10
Essential: 57

Influence

Distant Code Execution: 26
Info Disclosure: 17
Elevation of Privilege: 13
Denial of Service: 6
Safety Function Bypass: 3
Spoofing: 2

CVSS base rating 9.0 or larger: 0*
CVSS base rating 8.0 or later: 18

* One challenge, affecting Energy Automate for Desktop however patched by Microsoft on June 5, has been assigned a 9.8 CVSS base rating. Because it was mitigated previous to launch, we’re treating that info as advisory-only and don’t embrace it on this month’s statistics. Likewise, the Copilot advisory launched on June 11 has a CVSS base rating of 9.3, however doesn’t determine into these tallies or charts.

Determine 1: A proportionally heavier-than-usual ten Essential-severity patches had been launched in June, although unusually six of these happen in 365, Workplace, or SharePoint somewhat than the extra customary Home windows. (Two Edge updates lined this month are usually not launched with full influence info and thus don’t seem on this chart; we’re additionally excluding the Energy Automate patch as mentioned above)
Merchandise

Home windows: 45*
365: 15
Workplace: 14
SharePoint: 5
Visible Studio: 2
Phrase: 2
.NET: 1
Excel: 1
Microsoft AutoUpdate for Macintosh: 1
Nuance Digital Engagement Platform: 1
Outlook: 1
PowerPoint: 1

* One Home windows SDK patch (CVE-2025-47962) and one patch affecting the Home windows Safety App part (CVE-2025-47956) are included within the Home windows counts for reader comfort, although neither impacts particular variations of the shopper or server platforms.
As is our customized for this listing, CVEs that apply to multiple product household are counted as soon as for every household they have an effect on. We observe that CVE names don’t at all times replicate affected product households intently. Particularly, some CVEs names within the Workplace household might point out merchandise that don’t seem within the listing of merchandise affected by the CVE, and vice versa.

Determine 2: Twelve product households determine in Could’s Patch Tuesday launch; the Nuance medical-product household returns to the charts for a second month, this time addressing a spoofing challenge in its Digital Engagement Platform
Notable June updates
Along with the problems mentioned above, a number of particular gadgets benefit consideration.
CVE-2025-33053 — Net Distributed Authoring and Versioning (WebDAV) Distant Code Execution Vulnerability
The one patched challenge at present identified to be underneath exploit within the wild is an Essential-severity flaw in Net Distributed Authoring and Versioning code, which has been underpinning a lot of the web because the IE period. That’s the issue; this patch touches the MSHTML, EdgeHTML, and scripting platforms, that are all nonetheless supported. Which means that these Microsoft clients at present taking Safety Solely updates want to put in the IE Cumulative updates to correctly guard towards this vulnerability – one thing right here for everybody, in different phrases.
The adversaries exploiting that vulnerability apparently discovered Sophos protections vexing. Endpoint safety scans new applications earlier than they run—however after launch, scanning drops off. Attackers exploit this by delivering applications with encrypted our bodies that evade static scanning and AI fashions. As soon as working, the code decrypts itself, hundreds implants, and executes totally in reminiscence—by no means touching disk.
Sophos counters this with Dynamic Shellcode Safety, which limits how a lot executable reminiscence a course of can allocate. That restriction breaks stealthy in-memory assaults, forcing adversaries to revert to noisier, extra detectable strategies like distant injection—the place they’re a lot simpler to catch.
After that the attackers would have run into a number of extra Sophos layers of blacklist, antimalware signatures, and different defenses — however it’s fascinating to us to see ourselves mirrored in an adversary’s code as a very robust nut to crack. In any case, we advocate as at all times that defenders prioritize higher-profile patches reminiscent of this one.
CVE-2025-33073 – Home windows SMB Shopper Elevation of Privilege Vulnerability
It’s not identified to be underneath lively exploitation but, and Microsoft signifies that they suppose it’s much less prone to be exploited inside the subsequent 30 days, however this Essential-severity EoP is the one June CVE identified to have been publicly disclosed thus far. The difficulty comes all the way down to improper entry controls, and it impacts all supported Home windows shopper and server variations.
CVE-2025-47166 — Microsoft SharePoint Server Distant Code Execution Vulnerability
After debuting in Could, “zcgonvh’s cat Vanilla” makes a right away return look on the finder roster – that’s proper, the cat got here again the very subsequent Patch Tuesday.
CVE-2025-32711 — M365 Copilot Info Disclosure Vulnerability
Lastly, one CVE that was not launched within the Tuesday assortment, however merited the discharge of an advisory the next day: a Essential-severity, CVSS-base 9.3, information-disclosure error that made it attainable for an unauthorized attacker to make use of command injection to reveal info from the AI instrument. The vulnerability was responsibly disclosed to Microsoft and the corporate acknowledged early Wednesday that the patch is already pushed to clients.

Determine 3: As we wrap up the primary half of the yr, the proportion of Essential-severity RCEs over the previous six months is eye-catching

Determine 4: Evaluating first-half totals for 2024 and 2025, we see that the excessive variety of Essential-severity RCEs stands out much more strongly when in comparison with the yr earlier than – 40, in contrast with simply 9 for the primary half of the yr earlier than. Just a few different traits stand out as nicely, together with massive year-over-year will increase in info disclosure CVEs (44 in 1H24, 77 thus far in 2025) and denial of service points (34 in 1H24, 57 thus far in 2025)
Sophos protections

CVE
Sophos Intercept X/Endpoint IPS
Sophos XGS Firewall

CVE-2025-32713
Exp/2532713-A
Exp/2532713-A

CVE-2025-32714
Exp/2532714-A
Exp/2532714-A

CVE-2025-33053
sid:2311111
sid:2311111

CVE-2025-33070
sid:2311128
sid:2311128

CVE-2025-47162
sid:2311145
sid:2311145

CVE-2025-47164
sid:2311146
sid:2311146

CVE-2025-47167
sid:231113
sid:231113

CVE-2025-33053 additionally has an relevant detection of observe, Troj/UrlRun-B, along with the XSG signature famous above.
As you possibly can each month, for those who don’t wish to wait to your system to tug down Microsoft’s updates itself, you possibly can obtain them manually from the Home windows Replace Catalog web site. Run the winver.exe instrument to find out which construct of Home windows 10 or 11 you’re working, then obtain the Cumulative Replace package deal to your particular system’s structure and construct quantity.
Appendix A: Vulnerability Influence and Severity
This can be a listing of June patches sorted by influence, then sub-sorted by severity. Every listing is additional organized by CVE.
Distant Code Execution (25 CVEs)

Essential severity

CVE-2025-29828
Home windows Schannel Distant Code Execution Vulnerability

CVE-2025-32710
Home windows Distant Desktop Companies Distant Code Execution Vulnerability

CVE-2025-32717
Microsoft Phrase Distant Code Execution Vulnerability

CVE-2025-33071
Home windows KDC Proxy Service (KPSSVC) Distant Code Execution Vulnerability

CVE-2025-47162
Microsoft Workplace Distant Code Execution Vulnerability

CVE-2025-47164
Microsoft Workplace Distant Code Execution Vulnerability

CVE-2025-47167
Microsoft Workplace Distant Code Execution Vulnerability

CVE-2025-47172
Microsoft SharePoint Server Distant Code Execution Vulnerability

CVE-2025-47953
Microsoft Workplace Distant Code Execution Vulnerability

Essential severity

CVE-2025-30399
.NET and Visible Studio Distant Code Execution Vulnerability

CVE-2025-33053
Net Distributed Authoring and Versioning (WEBDAV) Distant Code Execution Vulnerability

CVE-2025-33064
Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability

CVE-2025-33066
Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability

CVE-2025-47163
Microsoft SharePoint Server Distant Code Execution Vulnerability

CVE-2025-47165
Microsoft Excel Distant Code Execution Vulnerability

CVE-2025-47166
Microsoft SharePoint Server Distant Code Execution Vulnerability

CVE-2025-47168
Microsoft Phrase Distant Code Execution Vulnerability

CVE-2025-47169
Microsoft Phrase Distant Code Execution Vulnerability

CVE-2025-47170
Microsoft Phrase Distant Code Execution Vulnerability

CVE-2025-47171
Microsoft Outlook Distant Code Execution Vulnerability

CVE-2025-47173
Microsoft Workplace Distant Code Execution Vulnerability

CVE-2025-47174
Microsoft Excel Distant Code Execution Vulnerability

CVE-2025-47175
Microsoft PowerPoint Distant Code Execution Vulnerability

CVE-2025-47176
Microsoft Outlook Distant Code Execution Vulnerability

CVE-2025-47957
Microsoft Phrase Distant Code Execution Vulnerability

CVE-2025-47959
Visible Studio Distant Code Execution Vulnerability

Info Disclosure (17 CVEs)

Essential severity

CVE-2025-24065
Home windows Storage Administration Supplier Info Disclosure Vulnerability

CVE-2025-24068
Home windows Storage Administration Supplier Info Disclosure Vulnerability

CVE-2025-24069
Home windows Storage Administration Supplier Info Disclosure Vulnerability

CVE-2025-32715
Distant Desktop Protocol Shopper Info Disclosure Vulnerability

CVE-2025-32719
Home windows Storage Administration Supplier Info Disclosure Vulnerability

CVE-2025-32720
Home windows Storage Administration Supplier Info Disclosure Vulnerability

CVE-2025-32722
Home windows Storage Port Driver Info Disclosure Vulnerability

CVE-2025-33052
Home windows DWM Core Library Info Disclosure Vulnerability

CVE-2025-33055
Home windows Storage Administration Supplier Info Disclosure Vulnerability

CVE-2025-33058
Home windows Storage Administration Supplier Info Disclosure Vulnerability

CVE-2025-33059
Home windows Storage Administration Supplier Info Disclosure Vulnerability

CVE-2025-33060
Home windows Storage Administration Supplier Info Disclosure Vulnerability

CVE-2025-33061
Home windows Storage Administration Supplier Info Disclosure Vulnerability

CVE-2025-33062
Home windows Storage Administration Supplier Info Disclosure Vulnerability

CVE-2025-33063
Home windows Storage Administration Supplier Info Disclosure Vulnerability

CVE-2025-33065
Home windows Storage Administration Supplier Info Disclosure Vulnerability

CVE-2025-47969
Home windows Virtualization-Primarily based Safety (VBS) Info Disclosure Vulnerability

Elevation of Privilege (13 CVEs)

Essential severity

CVE-2025-33070
Home windows Netlogon Elevation of Privilege Vulnerability

Essential severity

CVE-2025-32712
Win32k Elevation of Privilege Vulnerability

CVE-2025-32713
Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability

CVE-2025-32714
Home windows Installer Elevation of Privilege Vulnerability

CVE-2025-32716
Home windows Media Elevation of Privilege Vulnerability

CVE-2025-32718
Home windows SMB Shopper Elevation of Privilege Vulnerability

CVE-2025-32721
Home windows Restoration Driver Elevation of Privilege Vulnerability

CVE-2025-33067
Home windows Job Scheduler Elevation of Privilege Vulnerability

CVE-2025-33073
Home windows SMB Shopper Elevation of Privilege Vulnerability

CVE-2025-33075
Home windows Installer Elevation of Privilege Vulnerability

CVE-2025-47955
Home windows Distant Entry Connection Supervisor Elevation of Privilege Vulnerability

CVE-2025-47962
Home windows SDK Elevation of Privilege Vulnerability

CVE-2025-47968
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Denial of Service (6 CVEs)

Essential severity

CVE-2025-32724
Native Safety Authority Subsystem Service (LSASS) Denial of Service Vulnerability

CVE-2025-32725
DHCP Server Service Denial of Service Vulnerability

CVE-2025-33050
DHCP Server Service Denial of Service Vulnerability

CVE-2025-33056
Home windows Native Safety Authority (LSA) Denial of Service Vulnerability

CVE-2025-33057
Home windows Native Safety Authority (LSA) Denial of Service Vulnerability

CVE-2025-33068
Home windows Requirements-Primarily based Storage Administration Service Denial of Service Vulnerability

CVE-2025-32724
Native Safety Authority Subsystem Service (LSASS) Denial of Service Vulnerability

Safety Function Bypass (3 CVEs)

Essential severity

CVE-2025-3052
Cert CC: CVE-2025-3052 InsydeH2O Safe Boot Bypass

CVE-2025-33069
Home windows App Management for Enterprise Safety Function Bypass Vulnerability

CVE-2025-47160
Home windows Shortcut Information Safety Function Bypass Vulnerability

Spoofing (2 CVEs)

Essential severity

CVE-2025-47956
Home windows Safety App Spoofing Vulnerability

CVE-2025-47977
Nuance Digital Engagement Platform Spoofing Vulnerability

Appendix B: Exploitability and CVSS
This can be a listing of the June CVEs judged by Microsoft to be both underneath exploitation within the wild or extra prone to be exploited within the wild inside the first 30 days post-release. The listing is additional organized by CVE. The three Workplace gadgets extra prone to be exploited within the subsequent 30 days (CVE-2025-47162, CVE-2025-47164, and CVE-2025-47167) are all exploitable through Preview Pane.

Exploitation detected

CVE-2025-33053
Net Distributed Authoring and Versioning (WEBDAV) Distant Code Execution Vulnerability

Exploitation extra doubtless inside the subsequent 30 days