Threat intelligence
Microsoft Security Bulletin Coverage for August 2025
Overview
Microsoft’s August 2025 Patch Tuesday has 109 vulnerabilities, of which 44 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of August 2025 and has produced coverage for seven of the reported vulnerabilities
Vulnerabilities with Detections
| CVE | CVE Title | Signature |
| CVE-2025-49743 | Windows Graphics Component Elevation of Privilege Vulnerability | ASPY 7108 Exploit-exe exe.MP_458 |
| CVE-2025-50167 | Windows Hyper-V Elevation of Privilege Vulnerability | ASPY 7109 Exploit-exe exe.MP_459 |
| CVE-2025-50168 | Win32k Elevation of Privilege Vulnerability | ASPY 7110 Exploit-exe exe.MP_460 |
| CVE-2025-50177 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | IPS 4592 Microsoft Message Queuing RCE (CVE-2025-50177) |
| CVE-2025-53132 | Win32k Elevation of Privilege Vulnerability | ASPY 648 Exploit-exe exe.MP_462 |
| CVE-2025-53147 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | ASPY 647 Exploit-exe exe.MP_461 |
| CVE-2025-53778 | Windows NTLM Elevation of Privilege Vulnerability | IPS 4596 Windows NTLM Privilege Escalation (CVE-2025-53778) |
Release Breakdown
The vulnerabilities can be classified into the following categories:
For August there are 18 critical and 90 important vulnerabilities.
Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month. The above chart displays these metrics as seen each month.
Release Detailed Breakdown
Denial of Service Vulnerabilities
| CVE | CVE Title |
| CVE-2025-49751 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2025-50172 | DirectX Graphics Kernel Denial of Service Vulnerability |
| CVE-2025-53716 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability |
| CVE-2025-53722 | Windows Remote Desktop Services Denial of Service Vulnerability |
Elevation of Privilege Vulnerabilities
| CVE | CVE Title |
| CVE-2025-24999 | Microsoft SQL Server Elevation of Privilege Vulnerability |
| CVE-2025-47954 | Microsoft SQL Server Elevation of Privilege Vulnerability |
| CVE-2025-49743 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2025-49758 | Microsoft SQL Server Elevation of Privilege Vulnerability |
| CVE-2025-49759 | Microsoft SQL Server Elevation of Privilege Vulnerability |
| CVE-2025-49761 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2025-49762 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2025-50153 | Desktop Windows Manager Elevation of Privilege Vulnerability |
| CVE-2025-50155 | Windows Push Notifications Apps Elevation of Privilege Vulnerability |
| CVE-2025-50159 | Remote Access Point-to-Point Protocol (PPP) EAP-TLS Elevation of Privilege Vulnerability |
| CVE-2025-50161 | Win32k Elevation of Privilege Vulnerability |
| CVE-2025-50167 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2025-50168 | Win32k Elevation of Privilege Vulnerability |
| CVE-2025-50170 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2025-50173 | Windows Installer Elevation of Privilege Vulnerability |
| CVE-2025-53132 | Win32k Elevation of Privilege Vulnerability |
| CVE-2025-53133 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-53134 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2025-53135 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
| CVE-2025-53137 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2025-53140 | Windows Kernel Transaction Manager Elevation of Privilege Vulnerability |
| CVE-2025-53141 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2025-53142 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-53147 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2025-53149 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-53151 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2025-53154 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2025-53155 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2025-53718 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2025-53721 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability |
| CVE-2025-53723 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2025-53724 | Windows Push Notifications Apps Elevation of Privilege Vulnerability |
| CVE-2025-53725 | Windows Push Notifications Apps Elevation of Privilege Vulnerability |
| CVE-2025-53726 | Windows Push Notifications Apps Elevation of Privilege Vulnerability |
| CVE-2025-53727 | Microsoft SQL Server Elevation of Privilege Vulnerability |
| CVE-2025-53729 | Microsoft Azure File Sync Elevation of Privilege Vulnerability |
| CVE-2025-53760 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| CVE-2025-53767 | Azure OpenAI Elevation of Privilege Vulnerability |
| CVE-2025-53778 | Windows NTLM Elevation of Privilege Vulnerability |
| CVE-2025-53779 | Windows Kerberos Elevation of Privilege Vulnerability |
| CVE-2025-53786 | Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability |
| CVE-2025-53788 | Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability |
| CVE-2025-53789 | Windows StateRepository API Server file Elevation of Privilege Vulnerability |
| CVE-2025-53792 | Azure Portal Elevation of Privilege Vulnerability |
Information Disclosure Vulnerabilities
| CVE | CVE Title |
| CVE-2025-33051 | Microsoft Exchange Server Information Disclosure Vulnerability |
| CVE-2025-50156 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-50157 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-50158 | Windows NTFS Information Disclosure Vulnerability |
| CVE-2025-50166 | Windows Distributed Transaction Coordinator (MSDTC) Information Disclosure Vulnerability |
| CVE-2025-53136 | NT OS Kernel Information Disclosure Vulnerability |
| CVE-2025-53138 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-53148 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-53153 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-53156 | Windows Storage Port Driver Information Disclosure Vulnerability |
| CVE-2025-53719 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-53728 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability |
| CVE-2025-53736 | Microsoft Word Information Disclosure Vulnerability |
| CVE-2025-53765 | Azure Stack Hub Information Disclosure Vulnerability |
| CVE-2025-53774 | Microsoft 365 Copilot BizChat Information Disclosure Vulnerability |
| CVE-2025-53781 | Azure Virtual Machines Information Disclosure Vulnerability |
| CVE-2025-53787 | Microsoft 365 Copilot BizChat Information Disclosure Vulnerability |
| CVE-2025-53793 | Azure Stack Hub Information Disclosure Vulnerability |
Remote Code Execution Vulnerabilities
| CVE | CVE Title |
| CVE-2025-48807 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2025-49712 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2025-49757 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-50160 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-50162 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-50163 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-50164 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-50165 | Windows Graphics Component Remote Code Execution Vulnerability |
| CVE-2025-50169 | Windows SMB Remote Code Execution Vulnerability |
| CVE-2025-50176 | DirectX Graphics Kernel Remote Code Execution Vulnerability |
| CVE-2025-50177 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| CVE-2025-53131 | Windows Media Remote Code Execution Vulnerability |
| CVE-2025-53143 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| CVE-2025-53144 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| CVE-2025-53145 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| CVE-2025-53152 | Desktop Windows Manager Remote Code Execution Vulnerability |
| CVE-2025-53720 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-53730 | Microsoft Office Visio Remote Code Execution Vulnerability |
| CVE-2025-53731 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-53732 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-53733 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-53734 | Microsoft Office Visio Remote Code Execution Vulnerability |
| CVE-2025-53735 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-53737 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-53738 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-53739 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-53740 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-53741 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-53759 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-53761 | Microsoft PowerPoint Remote Code Execution Vulnerability |
| CVE-2025-53766 | GDI+ Remote Code Execution Vulnerability |
| CVE-2025-53772 | Web Deploy Remote Code Execution Vulnerability |
| CVE-2025-53773 | GitHub Copilot and Visual Studio Remote Code Execution Vulnerability |
| CVE-2025-53783 | Microsoft Teams Remote Code Execution Vulnerability |
| CVE-2025-53784 | Microsoft Word Remote Code Execution Vulnerability |
Spoofing Vulnerabilities
| CVE | CVE Title |
| CVE-2025-25006 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2025-25007 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2025-49707 | Azure Virtual Machines Spoofing Vulnerability |
| CVE-2025-49745 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2025-50154 | Microsoft Windows File Explorer Spoofing Vulnerability |
| CVE-2025-50171 | Remote Desktop Spoofing Vulnerability |
| CVE-2025-53769 | Windows Security App Spoofing Vulnerability |
Tampering Vulnerability
| CVE | CVE Title |
| CVE-2025-25005 | Microsoft Exchange Server Tampering Vulnerability |
Share This Article
An Article By
An Article By
Security News
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
