Full Report
Microsoft’s Patch Tuesday updates for June 2025 include fixes for an actively exploited zero-day vulnerability and nine additional flaws at high risk of exploitation. In all, the Microsoft Patch Tuesday June 2025 release note included fixes for 68 vulnerabilities, plus three non-Microsoft CVEs affecting Windows Secure Boot and Chromium-based Edge. The highest-rated vulnerability included in the update – a 9.8-severity Power Automate Elevation of Privilege vulnerability (CVE-2025-47966) – was fixed earlier this month. Microsoft Patch Tuesday June 2025: Zero-Day, High-risk Flaws The exploited zero-day – CVE-2025-33053, an 8.8-rated Web Distributed Authoring and Versioning (WebDAV) Remote Code Execution vulnerability – was reported by Check Point researchers, who discovered the flaw being used in an attempted cyberattack against a defense company in Turkey. In the attack, the advanced persistent threat (APT) group Stealth Falcon used a .url file that exploited the zero-day vulnerability to execute malware from a threat actor-controlled WebDAV server, the researchers said. The nine vulnerabilities designated “Exploitation More Likely” by Microsoft include: CVE-2025-32713, a 7.8-rated Windows Common Log File System Driver Elevation of Privilege vulnerability. It’s the third straight Patch Tuesday with at least one high-risk CLFS vulnerability, following the April and May updates. CVE-2025-32714, a 7.8-rated Windows Installer Elevation of Privilege vulnerability CVE-2025-32717, an 8.4-severity Microsoft Word Remote Code Execution vulnerability CVE-2025-33070, an 8.1-rated Windows Netlogon Elevation of Privilege vulnerability CVE-2025-33071, an 8.1-severity Windows Kerberos Key Distribution Center Proxy Service (KPSSVC) Remote Code Execution vulnerability CVE-2025-47162, an 8.4-rated Microsoft Office Remote Code Execution vulnerability (Heap-based Buffer Overflow) CVE-2025-47164, which is also an 8.4-rated Microsoft Office Remote Code Execution vulnerability (Use After Free) CVE-2025-47167, another 8.4-severity Microsoft Office Remote Code Execution vulnerability (Type Confusion) CVE-2025-47962, a 7.8-rated Windows SDK Elevation of Privilege vulnerability Other Vendors Issuing Patch Tuesday Fixes Microsoft isn’t the only vendor issuing fixes on the second Tuesday of each month, as many others have taken up the practice too. Other noteworthy patch announcements were issued by: Ivanti, which patched three Ivanti Workspace Control flaws SAP, which included a 9.6-severity NetWeaver Application Server for ABAP Missing Authorization Check vulnerability (CVE-2025-42989) Fortinet, which fixed an OS Command Injection vulnerability
Analysis Summary
# Vulnerability: June 2025 Microsoft Patch Tuesday Summary (Selected High-Risk Flaws)
## CVE Details
This summary focuses on the specific Microsoft CVEs detailed in the article. Note that the article lists multiple flaws, but does not specify which one is the "Zero-Day" mentioned in the headline.
| CVE ID | CVSS Score | Severity | CWE (Implied) |
| :--- | :--- | :--- | :--- |
| CVE-2025-33070 | 8.1 | High | Elevation of Privilege |
| CVE-2025-33071 | 8.1 | High | Remote Code Execution |
| CVE-2025-47162 | 8.4 | High | Remote Code Execution (Heap-based Buffer Overflow) |
| CVE-2025-47164 | 8.4 | High | Remote Code Execution (Use After Free) |
| CVE-2025-47167 | 8.4 | High | Remote Code Execution (Type Confusion) |
| CVE-2025-47962 | 7.8 | High | Elevation of Privilege |
## Affected Systems
- **Products (Microsoft):** Windows (Netlogon, KPPSVC), Microsoft Office, Windows SDK.
- **Versions:** Specific vulnerable versions are not detailed in the summary text, but coverage implies a broad range of affected Windows and Office installations prior to patching.
- **Configurations:**
- CVE-2025-33070: Affects Windows Netlogon component.
- CVE-2025-33071: Affects Windows Kerberos Key Distribution Center Proxy Service (KPSSVC).
## Vulnerability Description
The June 2025 Microsoft Patch Tuesday addressed numerous high-risk flaws, including one zero-day actively being addressed. Key categories of flaws include:
1. **Elevation of Privilege (EoP):** Vulnerabilities in Windows Netlogon (CVE-2025-33070) and the Windows SDK (CVE-2025-47962).
2. **Remote Code Execution (RCE):** Critical flaws found in Microsoft Office, specifically detailed as Heap-based Buffer Overflow (CVE-2025-47162), Use After Free (CVE-2025-47164), and Type Confusion (CVE-2025-47167). RCE was also found in the Windows Kerberos Proxy Service (CVE-2025-33071).
## Exploitation
- **Status:** The article explicitly mentions **One Zero-Day** was fixed, indicating that at least one vulnerability (which is unspecified in the provided text) was likely being actively exploited in the wild prior to patching.
- **Complexity:** Several flaws are RCE/EoP with high CVSS scores (8.1 - 8.4), suggesting **Medium to High** complexity for reliable exploitation, though the zero-day status implies weaponization.
- **Attack Vector:** Likely Network (RCE via Office/KPSSVC) and Local/Network (EoP flaws).
## Impact
For the documented high-severity RCE and EoP flaws:
- **Confidentiality:** High (Potential for unauthorized access to data via RCE).
- **Integrity:** High (Potential for modification of system state or files via RCE/EoP).
- **Availability:** Medium to High (System alteration or service disruption possible via EoP or successful RCE).
## Remediation
### Patches
Organizations must apply the relevant updates released during the June 2025 Microsoft Patch Tuesday cycle. Specific patch identifiers or installation instructions require consulting the linked MSRC advisories.
The following Microsoft CVEs should be prioritized for patching:
- CVE-2025-33070 (Patch available)
- CVE-2025-33071 (Patch available)
- CVE-2025-47162 (Patch available)
- CVE-2025-47164 (Patch available)
- CVE-2025-47167 (Patch available)
- CVE-2025-47962 (Patch available)
### Workarounds
No specific workarounds for the individual Microsoft CVEs are mentioned in this summary text. Immediate patching is strongly recommended, especially for the suspected zero-day.
## Detection
- **Indicators of Compromise:** Dependent on the specific exploited vulnerability. For the Netlogon/Kerberos flaws, monitoring unexpected Kerberos traffic or privilege escalation attempts would be relevant. For Office RCEs, monitoring macro execution or external file processing attempts is key.
- **Detection Methods and Tools:** Standard endpoint detection and response (EDR) solutions should be updated to recognize signatures associated with the June updates. Prioritize vulnerability scanning to confirm patch application status.
## References
- Microsoft Security Response Center (MSRC) advisories for June 2025 (Referenced via CVE links in the source text).
- [Microsoft Patch Tuesday June 2025: One Zero-Day, Nine High-risk Flaws Fixed](https://thecyberexpress com/microsoft-patch-tuesday-june-2025/)
- [Ivanti Security Advisory for CVE-2025-5353, CVE-2025-22463, CVE-2025-22455](https://forums ivanti com/s/article/Security-Advisory-Ivanti-Workspace-Control-CVE-2025-5353-CVE-CVE-2025-22463-CVE-2025-22455)
- [SAP Security Notes News - June 2025 (Including CVE-2025-42989)](https://support sap com/en/my-support/knowledge-base/security-notes-news/june-2025 html)
- [Fortinet PSIRT Advisory FG-IR-23-167](https://www fortiguard com/psirt/FG-IR-23-167)