Microsoft’s August 2025 Patch Tuesday delivers fixes for 107 vulnerabilities. The update includes 13 critical, 91 important, one moderate and one low severity CVE.
A key highlight is CVE-2025-53779, a moderate Windows Kerberos elevation of privilege flaw known as BadSuccessor. Publicly disclosed in May, it allows an authenticated attacker with specific Active Directory permissions to escalate privileges and compromise the domain and forest.
Other notable fixes include:
- CVE-2025-49712: Important Microsoft SharePoint remote code execution flaw requiring Site Owner privileges. CVSSv3 score 8.8.
- CVE-2025-53778: Critical NTLM elevation of privilege bug with a CVSSv3 score of 8.8, rated “Exploitation More Likely.”
- CVE-2025-50177, CVE-2025-53143, CVE-2025-53144, CVE-2025-53145: Microsoft Message Queuing remote code execution flaws. CVE-2025-50177 is critical with exploitation more likely.
Elevation of privilege vulnerabilities accounted for 39.3% of patches, followed by remote code execution at 32.7%. Microsoft advises immediate patching and regular scans to identify unpatched systems.
