Zero Day Initiative | Blog
Follow
The June 2025 Security Update Review
Adobe released seven bulletins addressing 254 CVEs in various products, including Acrobat Reader, Experience Manager, and Substance 3D Sampler. None of the bugs fixed by Adobe are listed as publicly known or under active attack. Microsoft released 66 new CVEs, with 10 rated Critical and the rest Important in severity. One bug is listed as being under active attack, and one is publicly known. A Critical-rated bug in WEBDAV forces Windows to use the deprecated Internet Explorer, allowing code execution. Another Critical-rated bug in Netlogon allows threat actors to execute code on domain controllers. A bug in Office allows code execution without user interaction, and four other Office-related bugs are also Critical-rated. Microsoft lists one bug as being under active attack, with one other being publicly known. The patches released by both companies should be applied as soon as possible to prevent potential attacks.