Today marks Microsoft Patch Tuesday for July 2025, addressing 137 vulnerabilities.

Key issues include an information disclosure vulnerability in Microsoft SQL Server and local code execution vulnerabilities in Microsoft Office. More details are provided below.

Notable Patch Tuesday vulnerabilities for July

• CVE-2025-49719: An information disclosure vulnerability in Microsoft SQL Server could allow attackers to access sensitive memory data due to uninitialized memory. A Proof of Concept (PoC) exploit is available, which may lead to increased exploitation attempts as details become public.
• CVE-2025-49695: This vulnerability, caused by improper memory management, could let attackers reallocate objects into readable memory space, potentially allowing malicious data to be processed as legitimate

For all the CVEs and more detailed patch information, check the release notes.

Need help addressing vulnerabilities similar to these in your own organization? Speak to an Outpost24 expert.