Zero Day Initiative | Blog
Follow
The May 2025 Security Update Review
Adobe released 13 security bulletins for May 2025, addressing 40 CVEs in products like Cold Fusion, Lightroom, and Photoshop. None of the bugs are publicly known or under active attack. Microsoft released 75 new CVEs, with 12 rated Critical and the rest Important in severity. Five bugs are currently being exploited in the wild, including a Scripting Engine Memory Corruption Vulnerability and a Windows Common Log File System Driver Elevation of Privilege Vulnerability. Other notable patches include a Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability and a Microsoft DWM Core Library Elevation of Privilege Vulnerability. Microsoft also patched several Office-related bugs, which could be a sign of attacks to come. The patches include fixes for Azure, .NET, and other products. None of the bugs fixed by Adobe this month are listed as publicly known or under active attack. Microsoft lists five bugs as being under active attack at the time of release, with two others being publicly known.