Fortra's May 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google.
Up first on the list are patches for Microsoft Edge (Chromium-based) and Google Chromium that resolve 6 issues including spoofing, out of bounds memory access, insufficient data validation, inappropriate implementation, use after free, and heap buffer overflow vulnerabilities.
Next on the list are patches for Microsoft Office, Excel, PowerPoint, and Outlook. These patches resolve 12 remote code execution vulnerabilities.
Up next are two patches for Microsoft Defender that resolve elevation of privilege and spoofing vulnerabilities.
Next are patches that affect components of the core Windows operating system. These patches resolve over 35 vulnerabilities, including elevation of privilege, denial of service, information disclosure, and remote code execution vulnerabilities. These vulnerabilities affect Kernel, NTFS, DWM Core Library, Remote Desktop Client, Routing and Remote Access Service (RRAS), CLFS, Virtual Machine Bus, Installer, Media, PRC, SMB, and various others.
Next there is a patch for Microsoft Power Apps that resolves an information disclosure vulnerability.
Up next are patches for .NET, Visual Studio, Visual Studio Code, Visual Studio, and Visual Studio Tools that resolve remote code execution, information disclosure, spoofing, and security feature bypass vulnerabilities.
Lastly, administrators should focus on server-side patches for Active Directory Certificate Services (AD CS), SharePoint, Hyper-V, Azure DevOps, Remote Desktop Gateway Service, and LDAP. These patches resolve remote code execution, denial of service, and elevation of privilege vulnerabilities.
| BULLETIN | CVE |
|---|---|
| Microsoft Edge (Chromium-based) and Chromium | CVE-2025-4050, CVE-2025-4051, CVE-2025-4052, CVE-2025-4096, CVE-2025-4372, CVE-2025-29825 |
| Microsoft Office | CVE-2025-30377, CVE-2025-30386 |
| Microsoft Office PowerPoint | CVE-2025-29978 |
| Microsoft Office PowerPoint | CVE-2025-29978 |
| Microsoft Office Excel | CVE-2025-30393, CVE-2025-32704, CVE-2025-29979, CVE-2025-29977, CVE-2025-30383, CVE-2025-30375, CVE-2025-30376, CVE-2025-30379, CVE-2025-30381 |
| Microsoft Office Outlook | CVE-2025-32705 |
| Windows | CVE-2025-29957, CVE-2025-27488, CVE-2025-29970, CVE-2025-29963, CVE-2025-29962, CVE-2025-29840, CVE-2025-29964, CVE-2025-29833, CVE-2025-29837, CVE-2025-32701, CVE-2025-32706, CVE-2025-30385, CVE-2025-29839, CVE-2025-30397, CVE-2025-29842, CVE-2025-32709, CVE-2025-30388, CVE-2025-24063, CVE-2025-29974, CVE-2025-27468, CVE-2025-29841, CVE-2025-29975, CVE-2025-29966, CVE-2025-29969, CVE-2025-29838, CVE-2025-29971, CVE-2025-29835, CVE-2025-29832, CVE-2025-29836, CVE-2025-29958, CVE-2025-29959, CVE-2025-29961, CVE-2025-29830, CVE-2025-29960, CVE-2025-30400, CVE-2025-29826, CVE-2025-47732, CVE-2025-29829, CVE-2025-29956, CVE-2025-32707 |
| Microsoft Power Apps | CVE-2025-47733 |
| .NET, Visual Studio, and Build Tools for Visual Studio | CVE-2025-26646, CVE-2025-32703, CVE-2025-32702 |
| Visual Studio Code | CVE-2025-21264 |
| Remote Desktop Gateway Service | CVE-2025-29967, CVE-2025-30394, CVE-2025-26677, CVE-2025-29831 |
| Azure DevOps | CVE-2025-29813 |
| Windows LDAP | CVE-2025-29954 |
| Role: Windows Hyper-V | CVE-2025-29955 |
| Active Directory Certificate Services | CVE-2025-29968 |
| Microsoft Office SharePoint | CVE-2025-29976, CVE-2025-30378, CVE-2025-30382, CVE-2025-30384 |
