Microsoft released patch Tuesday June 2025 as a monthly security update, addressing a total of 130 Microsoft Common Vulnerabilities and Exposures (CVEs) and republishing 10 non-Microsoft CVEs.
| Vulnerability Type | Count |
|---|---|
| Remote Code Execution (RCE) | 41 |
| Elevation of Privilege (EoP) | 53 |
| Information Disclosure (ID) | 18 |
| Denial of Service (DoS) | 5 |
| Spoofing | 4 |
| Data Tampering | 1 |
| Security Feature Bypass | 8 |
| Total | 130 |
The update covers a wide range of products and services, including Windows, Microsoft Office, SQL Server, Microsoft Edge (Chromium-based), and Visual Studio, among others.
This release includes critical and important vulnerabilities, with several allowing remote code execution (RCE). Notably, no zero-day vulnerabilities or actively exploited vulnerabilities were reported in this update.
Critical Vulnerabilities:
CVE-2025-47981 (Windows SPNEGO Extended Negotiation, CVSS 9.8): This vulnerability allows attackers to achieve high confidentiality, integrity, and availability impacts over a network without user interaction, making it a high-priority target for patching.
CVE-2025-49717 (SQL Server, CVSS 8.5): This vulnerability could allow attackers to execute code remotely with significant impact on affected systems.
Important Vulnerabilities:
These vulnerabilities span various Microsoft products and services, including Windows Kernel, Remote Desktop Client, Microsoft Office, Windows BitLocker, and Windows Routing and Remote Access Service (RRAS). Most have CVSS scores ranging from 5.5 to 8.8, indicating moderate to high severity.
A significant portion of the vulnerabilities 41 CVEs could potentially lead to remote code execution, allowing attackers to run arbitrary code on affected systems. Key examples include:
- CVE-2025-47981 (Windows SPNEGO Extended Negotiation, CVSS 9.8): A critical RCE vulnerability exploitable over a network without user interaction.
- CVE-2025-47998, CVE-2025-49657, CVE-2025-49663, CVE-2025-49668 CVE-2025–49674, CVE-2025-49676, CVE-2025-49729, CVE-2025-49753 (Windows RRAS, CVSS 8.8): These vulnerabilities require user interaction but pose significant risks due to their network-based attack vector.
- CVE-2025-49687 (Microsoft Input Method Editor, CVSS 8.8): This local RCE vulnerability affects systems with specific configurations.
- CVE-2025-49701, CVE-2025-49704 (Microsoft Office SharePoint, CVSS 8.8): These vulnerabilities could allow attackers with low privileges to execute code remotely.
Microsoft confirmed that none of the vulnerabilities in this update are actively exploited or classified as zero-day vulnerabilities.
The Exploitability column for all CVEs lists “Exploitation Unlikely” or “Exploitation Less Likely,” indicating no known active exploitation at the time of release.
| CVE ID | Description | Severity | Impact | Exploitation Status |
| CVE-2025-36357 | AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data Queue | Critical | Information Disclosure | No |
| CVE-2025-36350 | AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue | Critical | Information Disclosure | No |
| CVE-2025-49717 | Microsoft SQL Server Remote Code Execution Vulnerability | Critical | Remote Code Execution | No |
| CVE-2025-49735 | Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability | Critical | Remote Code Execution | No |
| CVE-2025-47980 | Windows Imaging Component Information Disclosure Vulnerability | Critical | Information Disclosure | No |
| CVE-2025-47981 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability | Critical | Remote Code Execution | No |
| CVE-2025-48822 | Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability | Critical | Remote Code Execution | No |
| CVE-2025-49695 | Microsoft Office Remote Code Execution Vulnerability | Critical | Remote Code Execution | No |
| CVE-2025-49696 | Microsoft Office Remote Code Execution Vulnerability | Critical | Remote Code Execution | No |
| CVE-2025-49697 | Microsoft Office Remote Code Execution Vulnerability | Critical | Remote Code Execution | No |
| CVE-2025-49698 | Microsoft Word Remote Code Execution Vulnerability | Critical | Remote Code Execution | No |
| CVE-2025-49702 | Microsoft Office Remote Code Execution Vulnerability | Critical | Remote Code Execution | No |
| CVE-2025-49703 | Microsoft Word Remote Code Execution Vulnerability | Critical | Remote Code Execution | No |
| CVE-2025-49704 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical | Remote Code Execution | No |
| CVE-2025-26636 | Windows Kernel Information Disclosure Vulnerability | Important | Information Disclosure | No |
| CVE-2025-33054 | Remote Desktop Spoofing Vulnerability | Important | Spoofing | No |
| CVE-2025-47159 | Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-21195 | Azure Service Fabric Runtime Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-47971 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-47972 | Windows Input Method Editor (IME) Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-47976 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-47984 | Windows GDI Information Disclosure Vulnerability | Important | Information Disclosure | No |
| CVE-2025-47985 | Windows Event Tracing Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-47986 | Universal Print Management Service Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-47987 | Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-48824 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49657 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49658 | Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure Vulnerability | Important | Information Disclosure | No |
| CVE-2025-49661 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49670 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49671 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important | Information Disclosure | No |
| CVE-2025-49672 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49674 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49676 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49677 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49686 | Windows TCP/IP Driver Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49687 | Windows Input Method Editor (IME) Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49688 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49689 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49690 | Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49691 | Windows Miracast Wireless Display Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49694 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-47991 | Windows Input Method Editor (IME) Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-47993 | Microsoft PC Manager Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-47994 | Microsoft Office Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-48812 | Microsoft Excel Information Disclosure Vulnerability | Important | Information Disclosure | No |
| CVE-2025-49711 | Microsoft Excel Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49716 | Windows Netlogon Denial of Service Vulnerability | Important | Denial of Service | No |
| CVE-2025-49719 | Microsoft SQL Server Information Disclosure Vulnerability | Important | Information Disclosure | No |
| CVE-2025-49721 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49723 | Windows StateRepository API Server file Tampering Vulnerability | Important | Tampering | No |
| CVE-2025-49726 | Windows Notification Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49731 | Microsoft Teams Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-47178 | Microsoft Configuration Manager Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49753 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49756 | Office Developer Platform Security Feature Bypass Vulnerability | Important | Security Feature Bypass | No |
| CVE-2025-47973 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-47975 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-1980-0000 | Windows Kerberos Denial of Service Vulnerability | Important | Denial of Service | No |
| CVE-2025-47982 | Windows Storage VSP Driver Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-47996 | Windows MBT Transport Driver Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-47998 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-48000 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-48001 | BitLocker Security Feature Bypass Vulnerability | Important | Security Feature Bypass | No |
| CVE-2025-48002 | Windows Hyper-V Information Disclosure Vulnerability | Important | Information Disclosure | No |
| CVE-2025-48003 | BitLocker Security Feature Bypass Vulnerability | Important | Security Feature Bypass | No |
| CVE-2025-48799 | Windows Update Service Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-48800 | BitLocker Security Feature Bypass Vulnerability | Important | Security Feature Bypass | No |
| CVE-2025-48802 | Windows SMB Server Spoofing Vulnerability | Important | Spoofing | No |
| CVE-2025-48803 | Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-48804 | BitLocker Security Feature Bypass Vulnerability | Important | Security Feature Bypass | No |
| CVE-2025-48805 | Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-48806 | Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-48808 | Windows Kernel Information Disclosure Vulnerability | Important | Information Disclosure | No |
| CVE-2025-48809 | Windows Secure Kernel Mode Information Disclosure Vulnerability | Important | Information Disclosure | No |
| CVE-2025-48810 | Windows Secure Kernel Mode Information Disclosure Vulnerability | Important | Information Disclosure | No |
| CVE-2025-48811 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-48814 | Remote Desktop Licensing Service Security Feature Bypass Vulnerability | Important | Security Feature Bypass | No |
| CVE-2025-48815 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-48816 | HID Class Driver Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-48817 | Remote Desktop Client Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-48818 | BitLocker Security Feature Bypass Vulnerability | Important | Security Feature Bypass | No |
| CVE-2025-48819 | Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-48820 | Windows AppX Deployment Service Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-48821 | Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-48823 | Windows Cryptographic Services Information Disclosure Vulnerability | Important | Information Disclosure | No |
| CVE-2025-49659 | Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49660 | Windows Event Tracing Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49663 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49664 | Windows User-Mode Driver Framework Host Information Disclosure Vulnerability | Important | Information Disclosure | No |
| CVE-2025-49665 | Workspace Broker Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49666 | Windows Server Setup and Boot Event Collection Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49667 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49668 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49669 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49673 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49675 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49678 | NTFS Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49679 | Windows Shell Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49680 | Windows Performance Recorder (WPR) Denial of Service Vulnerability | Important | Denial of Service | No |
| CVE-2025-49681 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important | Information Disclosure | No |
| CVE-2025-49682 | Windows Media Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49683 | Microsoft Virtual Hard Disk Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49684 | Windows Storage Port Driver Information Disclosure Vulnerability | Important | Information Disclosure | No |
| CVE-2025-49685 | Windows Search Service Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49693 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49699 | Microsoft Office Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49700 | Microsoft Word Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49701 | Microsoft SharePoint Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49705 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49706 | Microsoft SharePoint Server Spoofing Vulnerability | Important | Spoofing | No |
| CVE-2025-49714 | Visual Studio Code Python Extension Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49718 | Microsoft SQL Server Information Disclosure Vulnerability | Important | Information Disclosure | No |
| CVE-2025-49722 | Windows Print Spooler Denial of Service Vulnerability | Important | Denial of Service | No |
| CVE-2025-49724 | Windows Connected Devices Platform Service Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49725 | Windows Notification Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49727 | Win32k Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49729 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49730 | Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49732 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49733 | Win32k Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-47999 | Windows Hyper-V Denial of Service Vulnerability | Important | Denial of Service | No |
| CVE-2025-49737 | Microsoft Teams Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49738 | Microsoft PC Manager Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49739 | Visual Studio Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-49740 | Windows SmartScreen Security Feature Bypass Vulnerability | Important | Security Feature Bypass | No |
| CVE-2025-49742 | Windows Graphics Component Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49744 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | Elevation of Privilege | No |
| CVE-2025-47988 | Azure Monitor Agent Remote Code Execution Vulnerability | Important | Remote Code Execution | No |
| CVE-2025-49760 | Windows Storage Spoofing Vulnerability | Moderate | Spoofing | No |
Key Affected Products and Services
The vulnerabilities impact a broad array of Microsoft products, including:
- Windows Components: Windows Kernel, Windows BitLocker, Windows SSDP Service, Windows Hyper-V, and Windows Routing and Remote Access Service (RRAS).
- Microsoft Office Suite: Vulnerabilities in Excel, Word, PowerPoint, and SharePoint, with several allowing RCE or privilege escalation.
- Cloud and Enterprise Services: Azure Monitor Agent, Microsoft Intune, and SQL Server.
- Development Tools: Visual Studio and Visual Studio Code Python extension.
- Browsers: Microsoft Edge (Chromium-based).
For 120 of the 130 Microsoft CVEs, Microsoft has provided FAQs to guide users on patching and mitigation strategies.
No workarounds are listed for any of the vulnerabilities, indicating that applying the security updates is the primary mitigation strategy.
Only two CVEs (CVE-2025-47981 and CVE-2025-49724) have specific mitigations listed, suggesting that most vulnerabilities require patching to address risks fully.
MSSP Pricing Guide: How to Cut Through the Noise and the Hidden Costs -> Get Your Free Guide