Zero Day Initiative | Blog
Follow
The April 2025 Security Update Review
Adobe has released 12 security bulletins addressing 54 CVEs in various products, including Cold Fusion, After Effects, and Photoshop. None of the bugs fixed by Adobe this month are listed as publicly known or under active attack. Microsoft has released patches for 134 CVEs, including 11 Critical and 2 Low-severity vulnerabilities. One of the bugs, CVE-2025-29824, is currently being exploited in the wild and allows a threat actor to execute code with SYSTEM privileges. Other notable vulnerabilities include CVE-2025-26663 and CVE-2025-26670, which allow remote code execution through LDAP, and CVE-2025-27480 and CVE-2025-27482, which allow code execution through Remote Desktop Services. Microsoft has also released patches for various other products, including Office, Azure, and .NET. The patches address a range of vulnerabilities, including elevation of privilege, remote code execution, and information disclosure. Only one of the bugs fixed by Microsoft this month is listed as publicly known or under active attack. It is recommended to test and deploy the patches quickly to prevent potential attacks.