Fortra's July 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google.
Up first on the list are patches for Chromium and Microsoft Edge (Chromium-based) that resolve type confusion, information disclosure, and remote code execution vulnerabilities.
Next on the list are patches for Microsoft Office, Word, Excel, PowerPoint, and Teams. These patches resolve 14 issues, including remote code execution, elevation of privilege, and information disclosure vulnerabilities.
Up next are patches that affect components of the core Windows operating system. These patches resolve over 80 vulnerabilities, including elevation of privilege, denial of service, information disclosure, and remote code execution vulnerabilities. These vulnerabilities affect Kernel, Imaging, Remote Desktop Client, Media, SMB, Secure Kernel, Simple Search and Discover Protocol, Cryptographic Services, PC Manager Win32, Configuration Manager, and various others.
Next are patches for Visual Studio, Visual Studio Code, and Office Developer Platform that resolve 10 issues, including remote code execution, security feature bypass, and elevation of privilege vulnerabilities.
Lastly, administrators should focus on server-side patches for SQL Server, RRAS, SharePoint, Hyper-V, and Windows Remote Desktop Licensing Service that resolve 25 issues including remote code execution, denial of service, information disclosure, and spoofing vulnerabilities.
| BULLETIN | CVE |
|---|---|
| Chromium and Microsoft Edge (Chromium-based) | CVE-2025-6554, CVE-2025-49741, CVE-2025-49713 |
| Microsoft Office | CVE-2025-47994, CVE-2025-49702, CVE-2025-49696, CVE-2025-49699, CVE-2025-49697, CVE-2025-49695 |
| Microsoft Office Excel | CVE-2025-48812, CVE-2025-49711 |
| Microsoft Office PowerPoint | CVE-2025-49705 |
| Microsoft Teams | CVE-2025-49737, CVE-2025-49731 |
| Microsoft Office Word | CVE-2025-49703, CVE-2025-49700, CVE-2025-49698 |
| Windows I | CVE-2025-47980, CVE-2025-49760, CVE-2025-36357, CVE-2025-49677, CVE-2025-49694, CVE-2025-49693, CVE-2025-49684, CVE-2025-49682, CVE-2025-49691, CVE-2025-48823, CVE-2025-48817, CVE-2025-33054, CVE-2025-49661, CVE-2025-47975, CVE-2025-47976, CVE-2025-48815, CVE-2025-49675, CVE-2025-48820, CVE-2025-47982, CVE-2025-49727, CVE-2025-47981, CVE-2025-49732, CVE-2025-49744, CVE-2025-49742, CVE-2025-49660, CVE-2025-47985, CVE-2025-48808, CVE-2025-26636, CVE-2025-48809, CVE-2025-49666, CVE-2025-49685, CVE-2025-48810, CVE-2025-49679 |
| Windows II | CVE-2025-47993, CVE-2025-49738, CVE-2025-47996, CVE-2025-49733, CVE-2025-49667, CVE-2025-49735, CVE-2025-47178, CVE-2025-47972, CVE-2025-47991, CVE-2025-49687, CVE-2025-49740, CVE-2025-49664, CVE-2025-49716, CVE-2025-36350, CVE-2025-49680, CVE-2025-47159, CVE-2025-48803, CVE-2025-48811, CVE-2025-48799, CVE-2025-21195, CVE-2025-49690, CVE-2025-49730, CVE-2025-49723, CVE-2025-47978, CVE-2025-48000, CVE-2025-49724, CVE-2025-49686, CVE-2025-49721, CVE-2025-49659, CVE-2025-49658, CVE-2025-49722, CVE-2025-48805, CVE-2025-48806, CVE-2025-47987, CVE-2025-48818, CVE-2025-48804, CVE-2025-48800, CVE-2025-48001, CVE-2025-48003, CVE-2025-49726, CVE-2025-49725, CVE-2025-47984, CVE-2025-47986, CVE-2025-47971, CVE-2025-47973, CVE-2025-49689, CVE-2025-49683, CVE-2025-49665, CVE-2025-48802, CVE-2025-48816, CVE-2025-48821, CVE-2025-48819, CVE-2025-49678 |
| Visual Studio | CVE-2025-27613, CVE-2025-27614, CVE-2025-46334, CVE-2025-46835, CVE-2025-48384, CVE-2025-48385, CVE-2025-48386, CVE-2025-49739 |
| Visual Studio Code - Python extension | CVE-2025-49714 |
| Office Developer Platform | CVE-2025-49756 |
| SQL Server | CVE-2025-49718, CVE-2025-49719, CVE-2025-49717 |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49671, CVE-2025-49681, CVE-2025-49670, CVE-2025-49673, CVE-2025-49672, CVE-2025-49674, CVE-2025-48824, CVE-2025-49676, CVE-2025-49729, CVE-2025-47998, CVE-2025-49753, CVE-2025-49688, CVE-2025-49663, CVE-2025-49668, CVE-2025-49669, CVE-2025-49657 |
| Microsoft Office SharePoint | CVE-2025-49704, CVE-2025-49701, CVE-2025-49706 |
| Windows Hyper-V | CVE-2025-47999, CVE-2025-48822, CVE-2025-48002 |
| Windows Remote Desktop Licensing Service | CVE-2025-48814 |
Cybercrime Intelligence Shouldn't Be Siloed
Fortra® experts are dedicated to protecting organizations and the public by delivering the latest insights, data, and defenses to strengthen security against emerging cyber threats.
