Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. July 2025 Monthly Patch
Monthly Patch

July 2025 Monthly Patch

9 July 2025

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

The vulnerabilities that have been classified as Critical in severity are listed in the table below.

For the full list of security patches released by Microsoft, please refer to https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2025-Jul

CVE-2025-47981: Successful exploitation of the heap-based buffer overflow vulnerability could allow  an unauthorised attacker to perform remote code execution over a network by sending a malicious message to the server. This vulnerability affects versions of Windows client machines running Windows 10 version 1607 and later. Users of the affected products are advised to upgrade their Windows to the latest versions.

Critical Vulnerabilities

CVE Number

CVE Name

Base Score

Reference

CVE-2025-47981

SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

9.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-47981

CVE-2025-49704

Microsoft SharePoint Remote Code Execution Vulnerability

8.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-49704

CVE-2025-48822

Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability

8.6

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-48822

CVE-2025-49717

Microsoft SQL Server Remote Code Execution Vulnerability

8.5

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-49717

CVE-2025-49697

Microsoft Office Remote Code Execution Vulnerability

8.4

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-49697

CVE-2025-49696

Microsoft Office Remote Code Execution Vulnerability

8.4

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-49696

CVE-2025-49695

Microsoft Office Remote Code Execution Vulnerability

8.4

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-49695

CVE-2025-49735

Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability

8.1

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-49735

CVE-2025-49703

Microsoft Word Remote Code Execution Vulnerability

7.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-49703

CVE-2025-49698

Microsoft Word Remote Code Execution Vulnerability

7.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-49698

CVE-2025-49702

Microsoft Office Remote Code Execution Vulnerability

7.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-49702

CVE-2025-47980

Windows Imaging Component Information Disclosure Vulnerability

6.2

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-47980

CVE-2025-36357

AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data Queue

5.6

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-36357

CVE-2025-36350

AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue

5.6

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-36350

Back to top