Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws
Today is Microsoft’s July 2025 Patch Tuesday, which includes security updates for 137 flaws, including one publicly disclosed zero-day vulnerability in Microsoft SQL Server.
This Patch Tuesday also fixes fourteen “Critical” vulnerabilities, ten of which are remote code execution vulnerabilities, one is an information disclosure, and two are AMD side channel attack flaws.
The number of bugs in each vulnerability category is listed below:
- 53 Elevation of Privilege Vulnerabilities
- 8 Security Feature Bypass Vulnerabilities
- 41 Remote Code Execution Vulnerabilities
- 18 Information Disclosure Vulnerabilities
- 6 Denial of Service Vulnerabilities
- 4 Spoofing Vulnerabilities
These counts do not include four Mariner and three Microsoft Edge issues fixed earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5062553 & KB5062552 cumulative updates and the Windows 10 KB5062554 cumulative update.
One zero-day and critical Microsoft office flaws
This month’s Patch Tuesday fixes one publicly disclosed zero-day in Microsoft SQL Server. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available.
The publicly disclosed zero-day is:
CVE-2025-49719 – Microsoft SQL Server Information Disclosure Vulnerability
Microsoft fixes a flaw in Microsoft SQL Server that could allow a remote, unauthenticated attacker to access data from uninitialized memory.
“Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network,” explains Microsoft.
Admins can fix the flaw by installing the latest version of Microsoft SQL Server and by installing the Microsoft OLE DB Driver 18 or 19.
Microsoft attributes the discovery of this flaw to Vladimir Aleksic with Microsoft and does not provide details regarding how it was publicly disclosed.
While there was only one zero-day in this Patch Tuesday, Microsoft fixed numerous, critical remote code execution flaws in Microsoft Office that can be exploited simply by opening a specially crafted document or when viewed through the preview pane.
Microsoft states that the security updates for these flaws are not yet available for Microsoft Office LTSC for Mac 2021 and 2024 and will be released shortly.
The company also fixed another critical RCE in Microsoft SharePoint tracked as CVE-2025-49704 that can be exploited remotely over the Internet as long as they have an account on the platform.
Recent updates from other companies
Other vendors who released updates or advisories in July 2025 include:
- AMD disclosed new Transient Scheduler Attacks based on a Microsoft report titled “Enter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks.”
- Cisco released numerous patches this month, including one for hardcoded root SSH credentials in Unified CM.
- Fortinet released security updates today for multiple products, including FortiOS, FortiManager, FortiSandbox, FortiIsolator, and FortiProxy.
- Google’s released security updates for Google Chrome to fix an actively exploited zero-day tracked as CVE-2025-6554. Google has not released any Android security patches in its July 2025 Android Security Bulletin.
- Grafana has released security fixes for four Chromium vulnerabilities in Grafana Image Renderer plugin and Synthetic Monitoring Agent.
- Ivanti released security updates for flaws in Ivanti Connect Secure and Policy Secure, Ivanti EPMM, and Ivanti EPM. None of these vulnerabilities has been reported as actively exploited.
- SAP released the July security updates for multiple products, including upgrading a previous flaw (CVE-2025-30012) in SAP Supplier Relationship Management to a rating of 10/10.
The July 2025 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities in the July 2025 Patch Tuesday updates.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| AMD L1 Data Queue | CVE-2025-36357 | AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data Queue | Critical |
| AMD Store Queue | CVE-2025-36350 | AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue | Critical |
| Azure Monitor Agent | CVE-2025-47988 | Azure Monitor Agent Remote Code Execution Vulnerability | Important |
| Capability Access Management Service (camsvc) | CVE-2025-49690 | Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability | Important |
| HID class driver | CVE-2025-48816 | HID Class Driver Elevation of Privilege Vulnerability | Important |
| Kernel Streaming WOW Thunk Service Driver | CVE-2025-49675 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2025-49677 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2025-49694 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2025-49693 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Configuration Manager | CVE-2025-47178 | Microsoft Configuration Manager Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2025-49732 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2025-49742 | Windows Graphics Component Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2025-49744 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Input Method Editor (IME) | CVE-2025-49687 | Windows Input Method Editor (IME) Elevation of Privilege Vulnerability | Important |
| Microsoft Input Method Editor (IME) | CVE-2025-47991 | Windows Input Method Editor (IME) Elevation of Privilege Vulnerability | Important |
| Microsoft Input Method Editor (IME) | CVE-2025-47972 | Windows Input Method Editor (IME) Elevation of Privilege Vulnerability | Important |
| Microsoft MPEG-2 Video Extension | CVE-2025-48806 | Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability | Important |
| Microsoft MPEG-2 Video Extension | CVE-2025-48805 | Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-47994 | Microsoft Office Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2025-49697 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-49695 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-49696 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-49699 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-49702 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office Excel | CVE-2025-48812 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-49711 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office PowerPoint | CVE-2025-49705 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-49701 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-49704 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2025-49706 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office Word | CVE-2025-49703 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft Office Word | CVE-2025-49698 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft Office Word | CVE-2025-49700 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft PC Manager | CVE-2025-47993 | Microsoft PC Manager Elevation of Privilege Vulnerability | Important |
| Microsoft PC Manager | CVE-2025-49738 | Microsoft PC Manager Elevation of Privilege Vulnerability | Important |
| Microsoft Teams | CVE-2025-49731 | Microsoft Teams Elevation of Privilege Vulnerability | Important |
| Microsoft Teams | CVE-2025-49737 | Microsoft Teams Elevation of Privilege Vulnerability | Important |
| Microsoft Windows QoS scheduler | CVE-2025-49730 | Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Windows Search Component | CVE-2025-49685 | Windows Search Service Elevation of Privilege Vulnerability | Important |
| Office Developer Platform | CVE-2025-49756 | Office Developer Platform Security Feature Bypass Vulnerability | Important |
| Remote Desktop Client | CVE-2025-48817 | Remote Desktop Client Remote Code Execution Vulnerability | Important |
| Remote Desktop Client | CVE-2025-33054 | Remote Desktop Spoofing Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-48822 | Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability | Critical |
| Role: Windows Hyper-V | CVE-2025-47999 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-48002 | Windows Hyper-V Information Disclosure Vulnerability | Important |
| Service Fabric | CVE-2025-21195 | Azure Service Fabric Runtime Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2025-49719 | Microsoft SQL Server Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2025-49718 | Microsoft SQL Server Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2025-49717 | Microsoft SQL Server Remote Code Execution Vulnerability | Critical |
| Storage Port Driver | CVE-2025-49684 | Windows Storage Port Driver Information Disclosure Vulnerability | Important |
| Universal Print Management Service | CVE-2025-47986 | Universal Print Management Service Elevation of Privilege Vulnerability | Important |
| Virtual Hard Disk (VHDX) | CVE-2025-47971 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | Important |
| Virtual Hard Disk (VHDX) | CVE-2025-49689 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | Important |
| Virtual Hard Disk (VHDX) | CVE-2025-49683 | Microsoft Virtual Hard Disk Remote Code Execution Vulnerability | Low |
| Virtual Hard Disk (VHDX) | CVE-2025-47973 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2025-49739 | Visual Studio Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2025-27614 | MITRE: CVE-2025-27614 Gitk Arbitrary Code Execution Vulnerability | Unknown |
| Visual Studio | CVE-2025-27613 | MITRE: CVE-2025-27613 Gitk Arguments Vulnerability | Unknown |
| Visual Studio | CVE-2025-46334 | MITRE: CVE-2025-46334 Git Malicious Shell Vulnerability | Unknown |
| Visual Studio | CVE-2025-46835 | MITRE: CVE-2025-46835 Git File Overwrite Vulnerability | Unknown |
| Visual Studio | CVE-2025-48384 | MITRE: CVE-2025-48384 Git Symlink Vulnerability | Unknown |
| Visual Studio | CVE-2025-48386 | MITRE: CVE-2025-48386 Git Credential Helper Vulnerability | Unknown |
| Visual Studio | CVE-2025-48385 | MITRE: CVE-2025-48385 Git Protocol Injection Vulnerability | Unknown |
| Visual Studio Code – Python extension | CVE-2025-49714 | Visual Studio Code Python Extension Remote Code Execution Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-49661 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows AppX Deployment Service | CVE-2025-48820 | Windows AppX Deployment Service Elevation of Privilege Vulnerability | Important |
| Windows BitLocker | CVE-2025-48818 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows BitLocker | CVE-2025-48001 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows BitLocker | CVE-2025-48804 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows BitLocker | CVE-2025-48003 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows BitLocker | CVE-2025-48800 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows Connected Devices Platform Service | CVE-2025-48000 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
| Windows Connected Devices Platform Service | CVE-2025-49724 | Windows Connected Devices Platform Service Remote Code Execution Vulnerability | Important |
| Windows Cred SSProvider Protocol | CVE-2025-47987 | Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability | Important |
| Windows Cryptographic Services | CVE-2025-48823 | Windows Cryptographic Services Information Disclosure Vulnerability | Important |
| Windows Event Tracing | CVE-2025-47985 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows Event Tracing | CVE-2025-49660 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows Fast FAT Driver | CVE-2025-49721 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | Important |
| Windows GDI | CVE-2025-47984 | Windows GDI Information Disclosure Vulnerability | Important |
| Windows Imaging Component | CVE-2025-47980 | Windows Imaging Component Information Disclosure Vulnerability | Critical |
| Windows KDC Proxy Service (KPSSVC) | CVE-2025-49735 | Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability | Critical |
| Windows Kerberos | CVE-2025-47978 | Windows Kerberos Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2025-49666 | Windows Server Setup and Boot Event Collection Remote Code Execution Vulnerability | Important |
| Windows Kernel | CVE-2025-26636 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2025-48809 | Windows Secure Kernel Mode Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2025-48808 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows MBT Transport driver | CVE-2025-47996 | Windows MBT Transport Driver Elevation of Privilege Vulnerability | Important |
| Windows Media | CVE-2025-49682 | Windows Media Elevation of Privilege Vulnerability | Important |
| Windows Media | CVE-2025-49691 | Windows Miracast Wireless Display Remote Code Execution Vulnerability | Important |
| Windows Netlogon | CVE-2025-49716 | Windows Netlogon Denial of Service Vulnerability | Important |
| Windows Notification | CVE-2025-49726 | Windows Notification Elevation of Privilege Vulnerability | Important |
| Windows Notification | CVE-2025-49725 | Windows Notification Elevation of Privilege Vulnerability | Important |
| Windows NTFS | CVE-2025-49678 | NTFS Elevation of Privilege Vulnerability | Important |
| Windows Performance Recorder | CVE-2025-49680 | Windows Performance Recorder (WPR) Denial of Service Vulnerability | Important |
| Windows Print Spooler Components | CVE-2025-49722 | Windows Print Spooler Denial of Service Vulnerability | Important |
| Windows Remote Desktop Licensing Service | CVE-2025-48814 | Remote Desktop Licensing Service Security Feature Bypass Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49688 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49676 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49672 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49670 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49671 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49753 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49729 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49673 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49674 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49669 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49663 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49668 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49681 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49657 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-47998 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-48824 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Secure Kernel Mode | CVE-2025-48810 | Windows Secure Kernel Mode Information Disclosure Vulnerability | Important |
| Windows Shell | CVE-2025-49679 | Windows Shell Elevation of Privilege Vulnerability | Important |
| Windows SmartScreen | CVE-2025-49740 | Windows SmartScreen Security Feature Bypass Vulnerability | Important |
| Windows SMB | CVE-2025-48802 | Windows SMB Server Spoofing Vulnerability | Important |
| Windows SPNEGO Extended Negotiation | CVE-2025-47981 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability | Critical |
| Windows SSDP Service | CVE-2025-47976 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | Important |
| Windows SSDP Service | CVE-2025-47975 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | Important |
| Windows SSDP Service | CVE-2025-48815 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | Important |
| Windows StateRepository API | CVE-2025-49723 | Windows StateRepository API Server file Tampering Vulnerability | Important |
| Windows Storage | CVE-2025-49760 | Windows Storage Spoofing Vulnerability | Moderate |
| Windows Storage VSP Driver | CVE-2025-47982 | Windows Storage VSP Driver Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2025-49686 | Windows TCP/IP Driver Elevation of Privilege Vulnerability | Important |
| Windows TDX.sys | CVE-2025-49658 | Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure Vulnerability | Important |
| Windows TDX.sys | CVE-2025-49659 | Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability | Important |
| Windows Universal Plug and Play (UPnP) Device Host | CVE-2025-48821 | Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability | Important |
| Windows Universal Plug and Play (UPnP) Device Host | CVE-2025-48819 | Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability | Important |
| Windows Update Service | CVE-2025-48799 | Windows Update Service Elevation of Privilege Vulnerability | Important |
| Windows User-Mode Driver Framework Host | CVE-2025-49664 | Windows User-Mode Driver Framework Host Information Disclosure Vulnerability | Important |
| Windows Virtualization-Based Security (VBS) Enclave | CVE-2025-47159 | Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability | Important |
| Windows Virtualization-Based Security (VBS) Enclave | CVE-2025-48811 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | Important |
| Windows Virtualization-Based Security (VBS) Enclave | CVE-2025-48803 | Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2025-49727 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K – ICOMP | CVE-2025-49733 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K – ICOMP | CVE-2025-49667 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
| Workspace Broker | CVE-2025-49665 | Workspace Broker Elevation of Privilege Vulnerability | Important |
