May 2025 Monthly Patch

14 May 2025

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

The vulnerabilities that have been classified as Critical in severity are listed in the table below.

For the full list of security patches released by Microsoft, please refer to https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2025-May

Critical Vulnerabilities

CVE Number	CVE Name	Base Score	Reference
CVE-2025-29813	Azure DevOps Server Elevation of Privilege Vulnerability	10.0	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-29813
CVE-2025-29972	Azure Storage Resource Provider Spoofing Vulnerability	9.9	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-29972
CVE-2025-29827	Azure Automation Elevation of Privilege Vulnerability	9.9	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-29827
CVE-2025-47733	Microsoft Power Apps Information Disclosure Vulnerability	9.1	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-47733
CVE-2025-29967	Remote Desktop Client Remote Code Execution Vulnerability	8.8	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-29967
CVE-2025-29966	Remote Desktop Client Remote Code Execution Vulnerability	8.8	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-29966
CVE-2025-47732	Microsoft Dataverse Remote Code Execution Vulnerability	8.7	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-47732
CVE-2025-30386	Microsoft Office Remote Code Execution Vulnerability	8.4	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-30386
CVE-2025-30377	Microsoft Office Remote Code Execution Vulnerability	8.4	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-30377
CVE-2025-33072	Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability	8.1	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-33072
CVE-2025-29833	Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability	7.1	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-29833

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

May 2025 Monthly Patch

Reach us