Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Monthly Patch

May 2025 Monthly Patch

14 May 2025

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

The vulnerabilities that have been classified as Critical in severity are listed in the table below.

For the full list of security patches released by Microsoft, please refer to https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2025-May

Critical Vulnerabilities

CVE Number

CVE Name

Base Score

Reference

CVE-2025-29813

Azure DevOps Server Elevation of Privilege Vulnerability

10.0

https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-29813

CVE-2025-29972

Azure Storage Resource Provider Spoofing Vulnerability

9.9

https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-29972

CVE-2025-29827

Azure Automation Elevation of Privilege Vulnerability

9.9

https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-29827

CVE-2025-47733

Microsoft Power Apps Information Disclosure Vulnerability

9.1

https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-47733

CVE-2025-29967

Remote Desktop Client Remote Code Execution Vulnerability

8.8

https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-29967

CVE-2025-29966

Remote Desktop Client Remote Code Execution Vulnerability

8.8

https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-29966

CVE-2025-47732

Microsoft Dataverse Remote Code Execution Vulnerability

8.7

https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-47732

CVE-2025-30386

Microsoft Office Remote Code Execution Vulnerability

8.4

https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-30386

CVE-2025-30377

Microsoft Office Remote Code Execution Vulnerability

8.4

https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-30377

CVE-2025-33072

Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability

8.1

https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-33072

CVE-2025-29833

Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability

7.1

https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-29833

Back to top