Microsoft Monthly Security Update (May 2025)

Release Date: 14 May 2025

RISK: Extremely High Risk

TYPE: Operating Systems - Windows OS

Microsoft has released monthly security update for their products:

 

Vulnerable Product	Risk Level	Impacts	Notes
Browser	Low Risk	Spoofing
Developer Tools	Medium Risk	Spoofing Information Disclosure Security Restriction Bypass Remote Code Execution Elevation of Privilege
System Center	Medium Risk	Elevation of Privilege Spoofing
Windows	Extremely High Risk	Information Disclosure Remote Code Execution Denial of Service Elevation of Privilege Security Restriction Bypass	CVE-2025-30397 is being exploited in the wild. An attacker who successfully exploited this vulnerability can initiate remote code execution. CVE-2025-30400 is being exploited in the wild. This vulnerability allows local attackers to gain SYSTEM privileges on the device/system. CVE-2025-32701 is being exploited in the wild. This vulnerability allows local attackers to gain SYSTEM privileges on the device/system. CVE-2025-32706 is being exploited in the wild. This vulnerability allows local attackers to gain SYSTEM privileges on the device/system. CVE-2025-32709 is being exploited in the wild. This vulnerability allows local attackers to gain administrator privileges on the device/system.
Extended Security Updates (ESU)	Extremely High Risk	Information Disclosure Remote Code Execution Denial of Service Elevation of Privilege	CVE-2025-30397 is being exploited in the wild. An attacker who successfully exploited this vulnerability can initiate remote code execution. CVE-2025-32701 is being exploited in the wild. This vulnerability allows local attackers to gain SYSTEM privileges on the device/system. CVE-2025-32706 is being exploited in the wild. This vulnerability allows local attackers to gain SYSTEM privileges on the device/system. CVE-2025-32709 is being exploited in the wild. This vulnerability allows local attackers to gain administrator privileges on the device/system.
Azure	Medium Risk	Elevation of Privilege Information Disclosure Spoofing
Apps	Medium Risk	Elevation of Privilege
Microsoft Office	Medium Risk	Elevation of Privilege Remote Code Execution
Microsoft Dynamics	Medium Risk	Elevation of Privilege Remote Code Execution

 

Number of 'Extremely High Risk' product(s): 2

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 6

Number of 'Low Risk' product(s): 1

Evaluation of overall 'Risk Level': Extremely High Risk

---

Impact

• Remote Code Execution
• Denial of Service
• Elevation of Privilege
• Information Disclosure
• Security Restriction Bypass
• Spoofing

---

System / Technologies affected

• Windows
• System Center
• Microsoft Office
• Microsoft Dynamics
• Extended Security Updates (ESU)
• Developer Tools
• Browser
• Azure
• Apps

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

•  Apply fixes issued by the vendor.

---

Vulnerability Identifier

• https://www.cvedetails.com/vulnerability-list.php?vendor_id=26&year=2025&month=05

---

Source

• Microsoft

---

Related Link

• https://msrc.microsoft.com/update-guide/releaseNote/2025-May