Microsoft’s May 2025 Patch Tuesday has addressed a total of 83 vulnerabilities across its product ecosystem, including 5 actively exploited zero-day vulnerabilities and 11 critical-rated bugs.
Breakdown of May 2025 Vulnerabilities
- 83 total vulnerabilities
- 29 Remote Code Execution (RCE)
- 20 Elevation of Privilege (EoP)
- 16 Information Disclosure
- 7 Denial of Service (DoS)
- 6 Chromium (Edge) Vulnerabilities
- 3 Spoofing
- 2 Security Feature Bypass
Severity Ratings:
- 11 Critical
- 66 Important
- 0 Moderate or Low
Zero-Days Actively Exploited
Microsoft defines a zero-day vulnerability as one that is either publicly known or under active attack and lacks an official patch. Microsoft confirmed 5 vulnerabilities are being exploited in the wild, making immediate patching a top priority.
- CVE-2025-30400 (CVSS 7.8) Microsoft DWM Core Library – Elevation of Privilege
Exploited to gain SYSTEM privileges. - CVE-2025-32701 & CVE-2025-32706 (CVSS 7.8 each) Windows Common Log File System Driver – Use After Free
Can be chained or individually leveraged for local privilege escalation. - CVE-2025-32709 (CVSS 7.8) Windows Ancillary Function Driver for WinSock – Elevation of Privilege
Allows attackers to escalate privileges to Administrator. - CVE-2025-30397 (CVSS 7.5) Microsoft Scripting Engine – Memory Corruption
Remote code execution triggered via a specially crafted URL; user interaction required. “This attack requires an authenticated client to click a link so that an unauthenticated attacker can initiate remote code execution,” Microsoft explained.
Other Zero-day CVEs
- CVE-2025-32702 – Visual Studio RCE via command injection (CVSS 7.8)
Executed locally but referred to as remote because of the attacker’s location. - CVE-2025-26685 – Microsoft Defender for Identity Spoofing (CVSS 6.5)
Enables spoofing over adjacent networks due to improper authentication. “Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network,” the bulletin states.
Recommendations for Users
- Prioritize patching exploited zero-days immediately
- Apply IE Cumulative Updates, even for deprecated components
- Enable automatic updates where feasible
- Harden browser security policies, especially for enterprise users using IE Mode
