June 2025 Security Updates
This release consists of the following 70 Microsoft CVEs:
| Tag | CVE | Base Score | CVSS Vector | Exploitability | FAQs? | Workarounds? | Mitigations? |
|---|---|---|---|---|---|---|---|
| Windows Storage Management Provider | CVE-2025-24065 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Storage Management Provider | CVE-2025-24068 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Storage Management Provider | CVE-2025-24069 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Cryptographic Services | CVE-2025-29828 | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| .NET and Visual Studio | CVE-2025-30399 | 7.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Remote Desktop Services | CVE-2025-32710 | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| M365 Copilot | CVE-2025-32711 | 9.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Win32K - GRFX | CVE-2025-32712 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Common Log File System Driver | CVE-2025-32713 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
| Windows Installer | CVE-2025-32714 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
| Remote Desktop Client | CVE-2025-32715 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Media | CVE-2025-32716 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Microsoft Office Word | CVE-2025-32717 | 8.4 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
| Windows SMB | CVE-2025-32718 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Storage Management Provider | CVE-2025-32719 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Storage Management Provider | CVE-2025-32720 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Recovery Driver | CVE-2025-32721 | 7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Storage Port Driver | CVE-2025-32722 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Local Security Authority Subsystem Service (LSASS) | CVE-2025-32724 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | No | No | No |
| Windows DHCP Server | CVE-2025-32725 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows DHCP Server | CVE-2025-33050 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | No | No | No |
| Windows DWM Core Library | CVE-2025-33052 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Internet Shortcut Files | CVE-2025-33053 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C | Exploitation Detected | Yes | No | No |
| Windows Storage Management Provider | CVE-2025-33055 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Microsoft Local Security Authority Server (lsasrv) | CVE-2025-33056 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | No | No | No |
| Windows Local Security Authority (LSA) | CVE-2025-33057 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | No | No | No |
| Windows Storage Management Provider | CVE-2025-33058 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Storage Management Provider | CVE-2025-33059 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Storage Management Provider | CVE-2025-33060 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Storage Management Provider | CVE-2025-33061 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Storage Management Provider | CVE-2025-33062 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Storage Management Provider | CVE-2025-33063 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-33064 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Storage Management Provider | CVE-2025-33065 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-33066 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Kernel | CVE-2025-33067 | 8.4 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Standards-Based Storage Management Service | CVE-2025-33068 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | No | No | No |
| App Control for Business (WDAC) | CVE-2025-33069 | 5.1 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Netlogon | CVE-2025-33070 | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
| Windows KDC Proxy Service (KPSSVC) | CVE-2025-33071 | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
| Windows SMB | CVE-2025-33073 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Installer | CVE-2025-33075 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Shell | CVE-2025-47160 | 5.4 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Office | CVE-2025-47162 | 8.4 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
| Microsoft Office SharePoint | CVE-2025-47163 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Office | CVE-2025-47164 | 8.4 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
| Microsoft Office Excel | CVE-2025-47165 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Microsoft Office SharePoint | CVE-2025-47166 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Office | CVE-2025-47167 | 8.4 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
| Microsoft Office Word | CVE-2025-47168 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Office Word | CVE-2025-47169 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Office Word | CVE-2025-47170 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Office Outlook | CVE-2025-47171 | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Microsoft Office SharePoint | CVE-2025-47172 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Office | CVE-2025-47173 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Microsoft Office Excel | CVE-2025-47174 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Office PowerPoint | CVE-2025-47175 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Office Outlook | CVE-2025-47176 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Microsoft Office | CVE-2025-47953 | 8.4 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Remote Access Connection Manager | CVE-2025-47955 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Security App | CVE-2025-47956 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Office Word | CVE-2025-47957 | 8.4 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Visual Studio | CVE-2025-47959 | 7.1 | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows SDK | CVE-2025-47962 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
| Power Automate | CVE-2025-47966 | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | N/A | Yes | No | No |
| Microsoft AutoUpdate (MAU) | CVE-2025-47968 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Hello | CVE-2025-47969 | 4.4 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Nuance Digital Engagement Platform | CVE-2025-47977 | 8.2 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
We are republishing 7 non-Microsoft CVEs:
| CNA | Tag | CVE | FAQs? | Workarounds? | Mitigations? |
|---|---|---|---|---|---|
| CERT/CC | Windows Secure Boot | CVE-2025-3052 | Yes | No | No |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-5068 | Yes | No | No |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-5419 | Yes | No | No |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-5958 | Yes | No | No |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-5959 | Yes | No | No |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-6191 | Yes | No | No |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-6192 | Yes | No | No |
Security Update Guide Blog Posts
| Date | Blog Post |
|---|---|
| November 12, 2024 | Toward greater transparency: Publishing machine-readable CSAF files |
| June 27, 2024 | Toward greater transparency: Unveiling Cloud Service CVEs |
| April 9, 2024 | Toward greater transparency: Security Update Guide now shares CWEs for CVEs |
| January 6, 2023 | Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API |
| January 11, 2022 | Coming Soon: New Security Update Guide Notification System |
| February 9, 2021 | Continuing to Listen: Good News about the Security Update Guide API |
| January 13, 2021 | Security Update Guide Supports CVEs Assigned by Industry Partners |
| December 8, 2020 | Security Update Guide: Let’s keep the conversation going |
| November 9, 2020 | Vulnerability Descriptions in the New Version of the Security Update Guide |
Relevant Resources
- The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
- Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows Lifecycle Facts Sheet.
- Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
- In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
- Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.
For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).
| KB Article | Applies To | |
|---|---|---|
| 5002683 | Microsoft Office Outlook 2016 | |
| 5002735 | Excel 2016 | |
| 5002736 | SharePoint Server Subscription Edition | |
| 5058379 | Windows 10, version 21H2, Windows 10, version 22H2 | |
| 5058392 | Windows 10, version 1809, Windows Server 2019 | |
| 5058429 | Windows Server 2008 (Security-only update) | |
| 5058449 | Windows Server 2008 (Monthly Rollup) | |
| 5060533 | Windows 10, version 21H2, Windows 10, version 22H2 | |
| 5060842 | Windows 11, version 24H2 | |
| 5060999 | Windows 11, version 22H2, Windows 11, version 23H2 | |
| 5061026 | Windows Server 2008 (Monthly Rollup) | |
| 5061072 | Windows Server 2008 (Security-only update) |
Released: Jun 27, 2025
How satisfied are you with the MSRC Security Update Guide?