Microsoft June 2025 Patch Tuesday – 67 Vulnerabilities Fixed Including 2 Zero-Days
Summary : Microsoft’s June 2025 Patch Tuesday addresses a total of 67 vulnerabilities across its product ecosystem. Critical flaws in WebDAV, SMB, SharePoint and Remote Desktop Services highlight the urgency of installing this month’s updates.
| OEM | Microsoft |
| Severity | Critical |
| Date of Announcement | 2025-06-10 |
| No. of Vulnerabilities Patched | 67 |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
These include multiple high-risk flaws and two zero-day vulnerabilities one actively exploited and one publicly disclosed affecting core components like Windows WebDAV and the SMB Client.
- 67 Microsoft CVEs addressed
- 3 non-Microsoft CVEs addressed
Breakdown of May 2025 Vulnerabilities
- 25 Remote Code Execution (RCE)
- 17 Information Disclosure
- 14 Elevation of Privilege (EoP)
- 6 Denial of Service (DoS)
- 3 Security Feature Bypass
- 2 Spoofing
- 2 Chromium (Edge) Vulnerabilities
- 1 Windows Secure Boot
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| WebDAV Remote Code Execution (Exploited in the wild) | CVE-2025-33053 | Windows | High | 8.8 |
| SMB Client Elevation of Privilege (Publicly disclosed) | CVE-2025-33073 | Windows | High | 8.8 |
Technical Summary
Two zero-day vulnerabilities in Microsoft’s ecosystem were addressed in June 2025. One of these, CVE-2025-33053, has been exploited in the wild and affects the deprecated but still present WebDAV component in Windows. The other, CVE-2025-33073, was publicly disclosed and affects the Windows SMB client, enabling attackers to elevate privileges.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-33053 | Windows 10,11 and Windows Server | WebDAV RCE triggered when a user clicks a malicious link. Exploited by APT group “Stealth Falcon.” Exploitation complexity is low. | Remote Code Execution |
| CVE-2025-33073 | Windows 10,11 and Windows Server | EoP flaw in SMB Client. Exploitation may occur by connecting to a malicious SMB server. Privilege elevation to SYSTEM is possible. | Elevation of Privilege |
Source: Microsoft and NVD
In addition to the zero-day vulnerabilities, several other critical and high-severity issues were addressed:
- CVE-2025-47162, CVE-2025-47164, CVE-2025-47167: Microsoft Office, Preview Pane-based RCE vulnerabilities, exploitation more likely (CVSS 8.4)
- CVE-2025-47172: Microsoft SharePoint Server, SQL injection-based RCE (CVSS 8.8)
- CVE-2025-29828: Windows Cryptographic Services, memory release issue (CVSS 8.1)
- CVE-2025-32710: Windows Remote Desktop Services, use-after-free vulnerability (CVSS 8.1)
- CVE-2025-29976: Microsoft SharePoint, Local privilege escalation (CVSS 7.8)
- CVE-2025-30393: Microsoft Excel, RCE via malicious Excel file (CVSS 7.8)
- CVE-2025-24063: Windows Kernel, Local privilege escalation, marked “Exploitation More Likely” (CVSS 7.8)
- CVE-2025-32702: Visual Studio, Command injection RCE via malicious project file (CVSS 7.8)
- CVE-2025-26685: Microsoft Defender for Identity, Spoofing via NTLM fallback, exploitable in adjacent networks (CVSS 6.5)
Remediation:
- Apply Patches Promptly: Install the June 2025 security updates immediately to mitigate risks.
General Recommendations:
- Prioritize Zero-Days: Focus on patching the two confirmed zero-day vulnerabilities, especially those allowing Elevation of Privilege and remote code execution.
- Disable Deprecated Services: If not required, disable WebDAV (WebClient service) and SMBv1 to reduce exposure.
- Enforce SMB Signing: Use Group Policy to mandate SMB signing, reducing the risk from CVE-2025-33073.
- Monitor for Exploitation Attempts: Watch for suspicious SMB or WebDAV traffic in logs and endpoint detection systems.
- Enable Auto Updates Where Feasible: For individual endpoints and less tightly controlled systems, enable automatic updates to maintain regular patch schedule.
Conclusion:
Microsoft’s June 2025 Patch Tuesday addresses two important zero-day vulnerabilities, including an actively exploited RCE in WebDAV tracked as CVE-2025-33053.
Organizations should prioritize these patches to mitigate risk from real-world threats. The CVE-2025-33053 vulnerability has also been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, emphasizing its urgency.
References: