Today marks Microsoft’s Patch Tuesday for May 2025, addressing a total of 78 vulnerabilities. Among these, a few are actively being exploited. Most require the attacker to have local access, but one can be executed remotely if the attacker tricks a user into clicking a malicious link.

Notable Patch Tuesday vulnerabilities for May

• CVE-2025-30397: This type confusion vulnerability in the Microsoft Scripting Engine could let an unauthorized remote attacker execute arbitrary code. The attack requires Microsoft Edge to run in Internet Explorer and involves tricking the victim into clicking a link.
• CVE-2025-30400: A use-after-free vulnerability in Windows DWM could allow a local attacker with authorization to escalate their privileges to the SYSTEM level.
• CVE-2025-32701: This use-after-free vulnerability in the Windows Common Log File System Driver could enable a local authorized attacker to escalate their privileges to SYSTEM level.
• CVE-2025-32706: Due to improper input validation to the Windows Common Log File System Driver, an authorized local attacker could escalate their privileges to SYSTEM level.
• CVE-2025-32709: A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock could allow an authorized local attacker to escalate their privileges to administrator level.

For more detailed information on these and other vulnerabilities, please refer to the release notes.

Need help addressing the above in your own organization? Speak to an Outpost24 expert.