Microsoft’s June 2025 Patch Tuesday Addresses 11 Critical Vulnerabilities and Two Zero-Days

Microsoft has released its June 2025 Patch Tuesday security updates, addressing a total of 67 vulnerabilities. This includes one actively exploited zero-day and one publicly disclosed vulnerability. Of the updates issued, 11 are rated “Critical” and 56 are rated “Important” in severity. This breakdown includes 26 remote code execution, 17 information disclosure, and 14 privilege escalation vulnerabilities.

Actively Exploited Zero-day:

• CVE-2025-33053 – A remote code execution (RCE) vulnerability in the Web Distributed Authoring and Versioning (WEBDAV) component of Windows. An attacker with local network access could trick a user into executing code which in turn exploits a file path-handling error in WEBDAV to give the attacker remote takeover capability.

Microsoft has not disclosed how long the exploit has been active or the number of confirmed attacks.

Security researchers have attributed the in-the-wild exploitation to an APT group called “Stealth Falcon” (aka FruityArmor) known for spear-phishing campaigns targeting organizations in the Middle East and Africa. High-profile victims have been observed in Turkey, Qatar, Egypt, and Yemen, particularly in the government and defense sectors.

Publicly Disclosed Zero-Day: 

• CVE-2025-33073 – An elevation of privilege condition in Windows SMB Client caused by an improper access control error.

Microsoft has not provided details on how the vulnerability was disclosed. However, open sources report that DFN-CERT (Computer Emergency Response Team of the German Research Network) began circulating warnings originating from RedTeam Pentesting.

The complete list of all the other vulnerabilities released for Microsoft’s June 2025 Patch Tuesday update can be found here.