Microsoft’s June Patch Tuesday: 66 Fixes, Including Critical and Weaponized Threats
The release consists of:
- 10 Critical and 56 Important fixes.
- Coverage across Windows, Microsoft Office, SharePoint, Power Automate, WebDAV, Windows Routing and Remote Access Service (RRAS), and more.
- A combined CVSS score of 476.4, with an average severity of 7.2.
Robert Brown, Senior Director of Professional Services at Absolute, emphasizes the importance of prioritization in vulnerability management.
Watch now: Patch Tuesday June 2025 Webinar
Patch Tuesday Review: Top 5 Vulnerabilities You Need to Know
As always, Patch Tuesday brings critical updates and security fixes to keep your systems protected. Here’s a breakdown of the most significant issues and why you should prioritize addressing them immediately.
CVE-2025-47966: Power Automate Elevation of Privilege Vulnerability
Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network.
Not Weaponized, Not Publicly Known
- Severity: Critical | CVSS Score: 9.8
- Attack Vector: Network | Privileges Required: None
- User Interaction: None | Complexity: Low
The Power Automate Elevation of Privilege Vulnerability is a security flaw that allows an attacker with network access and no privileges to elevate their access rights on the target system. Exploiting this vulnerability could allow a malicious actor to gain administrative or system-level control, potentially compromising sensitive data and critical processes. Timely patching is strongly recommended.
CVE-2025-33053: Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability
External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network.
Weaponized, Not Publicly Known
- Severity: Important | CVSS Score: 8.8
- Attack Vector: Network | Privileges Required: None
- User Interaction: Required | Complexity: Low
The Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability is a critical vulnerability that allows an attacker to remotely execute malicious code on vulnerable systems. By exploiting this issue, attackers could install malware, steal data, or take control of affected systems over the network.
CVE-2025-33073: Windows SMB Client Elevation of Privilege Vulnerability
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
Not Weaponized, Publicly Known
- Severity: Important | CVSS Score: 8.8
- Attack Vector: Network | Privileges Required: Low
- User Interaction: None | Complexity: Low
The Windows SMB Client Elevation of Privilege Vulnerability is a security flaw that allows an attacker with network access and low privileges to elevate their access rights on the target system. Exploiting this vulnerability could allow a malicious actor to gain administrative or system-level control, potentially compromising sensitive data and critical processes.
CVE-2025-47172: Microsoft SharePoint Server Remote Code Execution Vulnerability
Improper neutralization of special elements used in an SQL command ('SQL Injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Not Weaponized, Not Publicly Known
- Severity: Critical | CVSS Score: 8.8
- Attack Vector: Network | Privileges Required: Low
- User Interaction: None | Complexity: Low
The Microsoft SharePoint Server Remote Code Execution Vulnerability is a critical vulnerability that allows an attacker to remotely execute malicious code on vulnerable systems. By exploiting this issue, attackers could install malware, steal data, or take control of affected systems over the network.
CVE-2025-33064: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Not Weaponized, Not Publicly Known
- Severity: Important | CVSS Score: 8.8
- Attack Vector: Network | Privileges Required: Low
- User Interaction: None | Complexity: Low
The Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability is a critical vulnerability that allows an attacker to remotely execute malicious code on vulnerable systems. By exploiting this issue, attackers could install malware, steal data, or take control of affected systems over the network.
Final Thoughts
This month’s updates underscore the importance of a resilient patching strategy. With multiple critical vulnerabilities affecting widely deployed services like Power Automate, SharePoint, and RRAS, rapid identification and remediation should be your top priority. As always, weaponized threats demand immediate attention but don’t overlook high-severity flaws that can be chained in real-world attacks.
This month also includes a Scope = Changed vulnerability (CVE-2025-47977), which can enable privilege escalation across trust boundaries making it a priority for CISO attention.
Stay vigilant, patch smart, and ensure your endpoints are protected without overwhelming your IT teams.
See the June, 2025 Patch Tuesday Chart (PDF).
