CVE-2025-30400

5Critical66Important0Moderate0LowMicrosoft addresses 71 CVEs including seven zero-days, five of which were exploited in the wild.Microsoft patched 71 CVEs in its May 2025 Patch Tuesday release, with five rated critical and 66 rated as important.This month’s update includes patches for:.NET, Visual Studio, and Build Tools for Visual StudioActive Directory Certificate Services (AD CS)AzureAzure AutomationAzure DevOpsAzure File SyncAzure Storage Resource ProviderMicrosoft Brokering File SystemMicrosoft DataverseMicrosoft Defender for EndpointMicrosoft Defender for IdentityMicrosoft Edge (Chromium-based)Microsoft OfficeMicrosoft Office ExcelMicrosoft Office OutlookMicrosoft Office PowerPointMicrosoft Office SharePointMicrosoft PC ManagerMicrosoft Power AppsMicrosoft Scripting EngineRemote Desktop Gateway ServiceRole: Windows Hyper-VUniversal Print Management ServiceUrlMonVisual StudioVisual Studio CodeWeb Threat Defense (WTD.sys)Windows Ancillary Function Driver for WinSockWindows Common Log File System DriverWindows Deployment ServicesWindows DriversWindows DWMWindows File ServerWindows FundamentalsWindows Hardware Lab KitWindows InstallerWindows KernelWindows LDAP - Lightweight Directory Access ProtocolWindows MediaWindows NTFSWindows Remote DesktopWindows Routing and Remote Access Service (RRAS)Windows Secure Kernel ModeWindows SMBWindows Trusted Runtime Interface DriverWindows Virtual Machine BusWindows Win32K - GRFXRemote code execution (RCE) vulnerabilities accounted for 39.4% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 25.4%.ImportantCVE-2025-30385, CVE-2025-32701 and CVE-2025-32706 | Windows Common Log File System Driver Elevation of Privilege VulnerabilitiesCVE-2025-30385, CVE-2025-32701 and CVE-2025-32706 are EoP vulnerabilities in the Windows Common Log File System (CLFS) Driver. Each was assigned a CVSSv3 score of 7.8 and are rated as important. Both CVE-2025-32701 and CVE-2025-32706 were...

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-30400 Microsoft Windows DWM Core Library Use-After-Free Vulnerability CVE-2025-32701 Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability CVE-2025-32706 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability CVE-2025-30397 Microsoft Windows Scripting Engine Type Confusion Vulnerability CVE-2025-32709 Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.