In July 2025, Microsoft’s Patch Tuesday marked a notable increase in security updates, making it the most active day for the company since January. A total of 130 Microsoft Common Vulnerabilities and Exposures (CVEs) were addressed, which is twice the quantity from June. This month was particularly significant, not just for the volume of patches, but also for the severity of several vulnerabilities, including 17 categorized as high risk for exploitation.
Overview of High-Risk Vulnerabilities in July 2025 Patch Update
The most critical vulnerability identified this month is CVE-2025-47981, a remote code execution (RCE) flaw with a severity rating of 9.8. This issue affects Windows 10 versions 1607 and later, specifically impacting the SPNEGO Extended Negotiation (NEGOEX) Security Mechanism. The vulnerability arises from a heap-based buffer overflow due to a default-enabled Group Policy Object that permits online identity authentication requests. An attacker could potentially exploit this flaw by sending a crafted message to the server, which could lead to remote execution of malicious code.
Several vulnerabilities in Microsoft Office and SharePoint were also classified as high-risk, with two significant RCE vulnerabilities in each. For Microsoft Office, CVE-2025-49695 is categorized as a Use After Free vulnerability and CVE-2025-49696 as an Out-of-bounds Read/Heap-based Buffer Overflow. Both vulnerabilities have a severity rating of 8.4 and allow attackers to execute code remotely without requiring user interaction. Notably, security updates for Microsoft Office LTSC for Mac 2021 and 2024 are still in development and will be issued as soon as feasible.
In SharePoint, CVE-2025-49701 poses an 8.8 severity risk related to improper authorization, while CVE-2025-49704 also rates 8.8 due to a code injection issue.
Additional Vulnerabilities to Watch
Beyond the high-profile issues, other notable vulnerabilities warrant attention. CVE-2025-49724 presents an 8.8-rated remote code execution vulnerability linked to the Windows Connected Devices Platform Service. Furthermore, CVE-2025-49735, related to the Windows KDC Proxy Service, has an 8.1 severity rating for remote code execution risk.
Variants of security vulnerabilities also include:
- CVE-2025-47978, with a severity rating of 6.5, linked to Windows Kerberos denial of service issues.
- CVE-2025-47987 and CVE-2025-48799, both rated at 7.8; the former pertains to the Credential Security Support Provider Protocol (CredSSP) elevation of privilege, while the latter is related to the Windows Update Service.
- A series of BitLocker security feature bypass vulnerabilities (CVE-2025-48800, CVE-2025-48001, CVE-2025-48804, and CVE-2025-48818), all scoring 6.8.
- CVE-2025-49718 concerning Microsoft SQL Server carries a severity rating of 7.5 due to information disclosure risks.
- Elevations of privilege linked to graphical components, specifically CVE-2025-49727 and CVE-2025-49744, both rated at 7.0.
Other Vendors’ Updates on Patch Tuesday
Microsoft wasn’t alone in announcing updates, as other IT vendors followed suit on the second Tuesday of the month. The industry consistently highlights the importance of keeping software up to date, emphasizing how regular patching can significantly reduce the risk of cyber threats.
As businesses continue to rely on technology for everyday operations, prioritizing cybersecurity through timely updates is critical.
