Microsoft Monthly Security Update (May 2025)
Microsoft has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes |
| Browser |  Low Risk | Spoofing | |
| Developer Tools |  Medium Risk | Spoofing Information Disclosure Security Restriction Bypass Remote Code Execution Elevation of Privilege | |
| System Center | Medium Risk | Elevation of Privilege Spoofing | |
| Windows |  Extremely High Risk | Information Disclosure Remote Code Execution Denial of Service Elevation of Privilege Security Restriction Bypass | CVE-2025-30397 is being exploited in the wild. An attacker who successfully exploited this vulnerability can initiate remote code execution. CVE-2025-30400 is being exploited in the wild. This vulnerability allows local attackers to gain SYSTEM privileges on the device/system. CVE-2025-32701 is being exploited in the wild. This vulnerability allows local attackers to gain SYSTEM privileges on the device/system. CVE-2025-32706 is being exploited in the wild. This vulnerability allows local attackers to gain SYSTEM privileges on the device/system. CVE-2025-32709 is being exploited in the wild. This vulnerability allows local attackers to gain administrator privileges on the device/system. |
| Extended Security Updates (ESU) | Extremely High Risk | Information Disclosure Remote Code Execution Denial of Service Elevation of Privilege | CVE-2025-30397 is being exploited in the wild. An attacker who successfully exploited this vulnerability can initiate remote code execution. CVE-2025-32701 is being exploited in the wild. This vulnerability allows local attackers to gain SYSTEM privileges on the device/system. CVE-2025-32706 is being exploited in the wild. This vulnerability allows local attackers to gain SYSTEM privileges on the device/system. CVE-2025-32709 is being exploited in the wild. This vulnerability allows local attackers to gain administrator privileges on the device/system. |
| Azure | Medium Risk | Elevation of Privilege Information Disclosure Spoofing | |
| Apps | Medium Risk | Elevation of Privilege | |
| Microsoft Office | Medium Risk | Elevation of Privilege Remote Code Execution | |
| Microsoft Dynamics | Medium Risk | Elevation of Privilege Remote Code Execution |
Number of ‘Extremely High Risk’ product(s): 2
Number of ‘High Risk’ product(s): 0
Number of ‘Medium Risk’ product(s): 6
Number of ‘Low Risk’ product(s): 1
Evaluation of overall ‘Risk Level’: Extremely High Risk
RISK: Extremely High Risk
TYPE: Operating Systems – Windows OS
Impact
- Remote Code Execution
- Denial of Service
- Elevation of Privilege
- Information Disclosure
- Security Restriction Bypass
- Spoofing
System / Technologies affected
- Windows
- System Center
- Microsoft Office
- Microsoft Dynamics
- Extended Security Updates (ESU)
- Developer Tools
- Browser
- Azure
- Apps
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor.
Vulnerability Identifier
Source
Related Link
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
