Microsoft Security Bulletin Coverage for April 2025
Overview
Microsoft’s April 2025 Patch Tuesday has 123 vulnerabilities, of which 49 are Elevation of Privilege. SonicWall Capture Labs' threat research team has analyzed and addressed Microsoft’s security advisories for the month of April 2025 and has produced coverage for ten of the reported vulnerabilities
CVE | CVE Title | Signature |
CVE-2025-26670 | Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability | ASPY 7064 Exploit-dll dll.MP_13 |
CVE-2025-27472 | Windows Mark of the Web Security Feature Bypass Vulnerability | ASPY 7062 Malformed-lnk lnk.MP_6 |
CVE-2025-27480 | Windows Remote Desktop Services Remote Code Execution Vulnerability | IPS 20894 Windows Remote Desktop Services RCE (CVE-2025-27480) |
CVE-2025-27482 | Windows Remote Desktop Services Remote Code Execution Vulnerability | IPS 20895 Windows Remote Desktop Services RCE (CVE-2025-27482) |
CVE-2025-27727 | Windows Installer Elevation of Privilege Vulnerability | ASPY 7063 Exploit-exe exe.MP_439 |
CVE-2025-29792 | Microsoft Office Elevation of Privilege Vulnerability | ASPY 631 Exploit-exe exe.MP_440 |
CVE-2025-29793 | Microsoft SharePoint Remote Code Execution Vulnerability | ASPY 632 Exploit-exe exe.MP_441 |
CVE-2025-29794 | Microsoft SharePoint Remote Code Execution Vulnerability | ASPY 633 Exploit-exe exe.MP_442 |
CVE-2025-29809 | Windows Kerberos Security Feature Bypass Vulnerability | ASPY 634 Exploit-exe exe.MP_443 |
CVE-2025-29812 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | ASPY 635 Exploit-exe exe.MP_444 |
Release Breakdown
The vulnerabilities can be classified into following categories:
For April there are 7 critical and 116 important vulnerabilities.
Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month. The above chart displays these metrics as seen each month.
Release Detailed Breakdown
Denial of Service Vulnerabilities
CVE | CVE Title |
CVE-2025-21174 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
CVE-2025-26641 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
CVE-2025-26651 | Windows Local Session Manager (LSM) Denial of Service Vulnerability |
CVE-2025-26652 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
CVE-2025-26673 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
CVE-2025-26680 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
CVE-2025-26682 | ASP.NET Core Denial of Service Vulnerability |
CVE-2025-27469 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
CVE-2025-27470 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
CVE-2025-27471 | Microsoft Streaming Service Denial of Service Vulnerability |
CVE-2025-27473 | HTTP.sys Denial of Service Vulnerability |
CVE-2025-27479 | Windows Kerberos Denial of Service Vulnerability |
CVE-2025-27485 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
CVE-2025-27486 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
Elevation of Privilege Vulnerabilities
CVE | CVE Title |
CVE-2025-21191 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability |
CVE-2025-21197 | Windows FileSystemWatcher Information Disclosure Vulnerability. |
CVE-2025-21204 | Windows Process Activation Elevation of Privilege Vulnerability |
CVE-2025-24058 | Windows Core Messaging Elevation of Privileges Vulnerability |
CVE-2025-24060 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability |
CVE-2025-24062 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
CVE-2025-24073 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
CVE-2025-24074 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
CVE-2025-26639 | Windows USB Print Driver Elevation of Privilege Vulnerability |
CVE-2025-26640 | Windows Digital Media Receiver Elevation of Privilege Vulnerability |
CVE-2025-26648 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2025-26649 | Windows Secure Channel Elevation of Privilege Vulnerability |
CVE-2025-26665 | Windows upnphost.dll Elevation of Privilege Vulnerability |
CVE-2025-26675 | Windows Subsystem for Linux (WSL2) Driver Elevation of Privilege Vulnerability |
CVE-2025-26679 | RPC Endpoint Mapper Service Elevation of Privilege Vulnerability |
CVE-2025-26681 | Win32k Elevation of Privilege Vulnerability |
CVE-2025-26687 | GDI Elevation of Privilege Vulnerability |
CVE-2025-26688 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability |
CVE-2025-27467 | Windows Digital Media Receiver Elevation of Privilege Vulnerability |
CVE-2025-27475 | Windows Update Stack Elevation of Privilege Vulnerability |
CVE-2025-27476 | Windows Digital Media Receiver Elevation of Privilege Vulnerability |
CVE-2025-27478 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability |
CVE-2025-27483 | NTFS Elevation of Privilege Vulnerability |
CVE-2025-27484 | Windows upnphost.dll Elevation of Privilege Vulnerability |
CVE-2025-27489 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability |
CVE-2025-27490 | Windows Bluetooth Service Elevation of Privilege Vulnerability |
CVE-2025-27492 | Windows Secure Channel Elevation of Privilege Vulnerability |
CVE-2025-27727 | Windows Installer Elevation of Privilege Vulnerability |
CVE-2025-27728 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
CVE-2025-27730 | Windows Digital Media Receiver Elevation of Privilege Vulnerability |
CVE-2025-27731 | Microsoft OpenSSH for Windows Elevation of Privilege Vulnerability |
CVE-2025-27732 | Windows Graphics Component Elevation of Privilege Vulnerability |
CVE-2025-27733 | NTFS Elevation of Privilege Vulnerability |
CVE-2025-27739 | Missing ProbeForRead Elevation of Privilege Vulnerability |
CVE-2025-27740 | Active Directory Certificate Services Elevation of Privilege Vulnerability |
CVE-2025-27741 | NTFS Elevation of Privilege Vulnerability |
CVE-2025-27743 | Azure Compute Gallery Elevation of Privilege Vulnerability |
CVE-2025-27744 | Microsoft Office Elevation of Privilege Vulnerability |
CVE-2025-29792 | Microsoft Office Elevation of Privilege Vulnerability |
CVE-2025-29800 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
CVE-2025-29801 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
CVE-2025-29802 | Visual Studio Elevation of Privilege Vulnerability |
CVE-2025-29803 | Visual Studio Elevation of Privilege Vulnerability |
CVE-2025-29804 | Visual Studio Elevation of Privilege Vulnerability |
CVE-2025-29810 | Active Directory Domain Services Elevation of Privilege Vulnerability |
CVE-2025-29811 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
CVE-2025-29812 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
CVE-2025-29824 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2025-29827 | Azure Automation Elevation of Privilege Vulnerability |
Information Disclosure Vulnerabilities
CVE | CVE Title |
CVE-2025-21203 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
CVE-2025-25002 | Azure Arc VM Storage Account Information Disclosure Vulnerability |
CVE-2025-26628 | Azure Local Cluster Information Disclosure Vulnerability |
CVE-2025-26664 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
CVE-2025-26669 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
CVE-2025-26672 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
CVE-2025-26676 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
CVE-2025-27474 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
CVE-2025-27736 | Windows Power Dependency Coordinator Information Disclosure Vulnerability |
CVE-2025-27738 | Windows FileSystemWatcher Information Disclosure Vulnerability. |
CVE-2025-27742 | NTFS Information Disclosure Vulnerability |
CVE-2025-29805 | Outlook for Android Information Disclosure Vulnerability |
CVE-2025-29808 | Windows Cryptographic Services Information Disclosure Vulnerability |
CVE-2025-29817 | Microsoft Power Automate Desktop Information Disclosure Vulnerability |
CVE-2025-29819 | Azure Portal Windows Admin Center Information Disclosure Vulnerability |
CVE-2025-29821 | Microsoft Dynamics Business Central Information Disclosure Vulnerability |
Remote Code Execution Vulnerabilities
CVE | CVE Title |
CVE-2025-21205 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21221 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21222 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-26642 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2025-26663 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
CVE-2025-26666 | Windows Media Remote Code Execution Vulnerability |
CVE-2025-26667 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2025-26668 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2025-26670 | Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability |
CVE-2025-26671 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
CVE-2025-26674 | Windows Media Remote Code Execution Vulnerability |
CVE-2025-26686 | Windows TCP/IP Remote Code Execution Vulnerability |
CVE-2025-27477 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-27480 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
CVE-2025-27481 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-27482 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
CVE-2025-27487 | Remote Desktop Client Remote Code Execution Vulnerability |
CVE-2025-27491 | vhdmp.sys Remote Code Execution Vulnerability |
CVE-2025-27729 | Windows Shell Remote Code Execution Vulnerability |
CVE-2025-27745 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2025-27746 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2025-27747 | Microsoft Word Remote Code Execution Vulnerability |
CVE-2025-27748 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2025-27749 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2025-27750 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2025-27751 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2025-27752 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2025-29791 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2025-29793 | Microsoft SharePoint Remote Code Execution Vulnerability |
CVE-2025-29794 | Microsoft SharePoint Remote Code Execution Vulnerability |
CVE-2025-29820 | Microsoft Word Remote Code Execution Vulnerability |
CVE-2025-29823 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2025-29815 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
Security Feature Bypass Vulnerabilities
CVE | CVE Title |
CVE-2025-26635 | Windows Hello Security Feature Bypass Vulnerability |
CVE-2025-26637 | BitLocker Security Feature Bypass Vulnerability |
CVE-2025-26678 | Windows Defender Application Control Security Feature Bypass Vulnerability |
CVE-2025-27472 | Windows Mark of the Web Security Feature Bypass Vulnerability |
CVE-2025-27735 | Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability |
CVE-2025-27737 | Windows Security Zone Mapping Security Feature Bypass Vulnerability |
CVE-2025-29809 | Windows Kerberos Security Feature Bypass Vulnerability |
CVE-2025-29816 | Microsoft Word Security Feature Bypass Vulnerability |
CVE-2025-29822 | Microsoft OneNote Security Feature Bypass Vulnerability |
Spoofing Vulnerabilities
CVE | CVE Title |
CVE-2025-26644 | Windows Hello Spoofing Vulnerability |
CVE-2025-26647 | Active Directory Certificate Services Spoofing Vulnerability |
Share This Article
An Article By
An Article By
Security News
Security News
