Microsoft’s June 2025 Patch Tuesday includes security updates for 66 vulnerabilities, including one actively exploited zero-day and one publicly disclosed flaw. Of these, ten are classified as critical, with eight tied to remote code execution (RCE) vulnerabilities and two to elevation of privilege issues.
Breakdown of Vulnerabilities
This month’s patch cycle includes the following:
- 13 Elevation of Privilege (EoP) vulnerabilities
- 25 Remote Code Execution (RCE) vulnerabilities
- 17 Information Disclosure vulnerabilities
- 6 Denial of Service (DoS) vulnerabilities
- 3 Security Feature Bypass vulnerabilities
- 2 Spoofing vulnerabilities
This tally excludes earlier patches for Microsoft Edge, Mariner, and Power Automate. Non-security updates released include Windows 11 KB5060842 and KB5060999, and Windows 10 KB5060533.
Zero-Day Vulnerabilities
Two zero-days are addressed in this cycle—one actively exploited and one publicly disclosed.
CVE-2025-33053 | WEBDAV Remote Code Execution Vulnerability
Affects: Microsoft Web Distributed Authoring and Versioning (WEBDAV)
This actively exploited zero-day allows attackers to achieve remote code execution when a user clicks a specially crafted WebDAV URL. The flaw was used by the APT group “Stealth Falcon” in an attack targeting a defense company in Turkey. Attackers abused a legitimate Windows utility to run files hosted on a malicious WebDAV server.
CVE-2025-33073 | Windows SMB Client Elevation of Privilege Vulnerability
Affects: Windows SMB Client
This publicly disclosed flaw allows an attacker to gain SYSTEM privileges by coercing a victim’s device to authenticate to an attacker-controlled SMB server using a crafted script. Mitigation is possible through Group Policy by enforcing SMB signing on the server side.
Other Critical Vulnerabilities
This month’s update also includes eight other critical RCE flaws affecting various components, though Microsoft has not disclosed exploitation details. These vulnerabilities carry significant risk, especially in enterprise environments where legacy services or exposed protocols may still be in use.
Adobe and Other Vendor Updates
Major vendors also released important security patches this month:
- Adobe: Updates for InCopy, Acrobat Reader, Substance 3D Suite, InDesign, and Experience Manager
- Cisco: Fixes for vulnerabilities with public exploit code in Identity Services Engine (ISE) and Customer Collaboration Platform (CCP)
- Fortinet: Patched OS command injection flaws in FortiManager, FortiAnalyzer, and FortiAnalyzer-BigData
- Google: Addressed a Chrome zero-day and multiple Android vulnerabilities
- HPE: Issued updates for StoreOnce, addressing eight flaws
- Ivanti: Fixed three hardcoded key vulnerabilities in Workspace Control (IWC)
- Qualcomm: Patched three zero-days in Adreno GPU drivers exploited in targeted attacks
- Roundcube: Released a fix for an RCE flaw with a public exploit now used in active attacks
- SAP: Patched multiple flaws, including a critical authorization bypass in SAP NetWeaver Application Server for ABAP
Recommendations for Users and Administrators
The June 2025 update addresses high-impact vulnerabilities that affect Windows core services, remote access protocols, and built-in utilities. Organizations should prioritize patching for systems exposed to SMB and WebDAV traffic, particularly given the real-world exploitation of CVE-2025-33053.
Enforcing SMB signing, restricting outbound SMB connections, and auditing WebDAV usage in the environment are prudent steps alongside patch deployment. Security teams should also review updates from vendors such as Cisco, Fortinet, and Qualcomm, especially where known exploitation is occurring.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
