Microsoft August 2025 Security Updates

Security 10880 Published by

Microsoft has released the August 2025 security update, which fixes 111 Microsoft CVEs related to various products like Windows Hyper-V, Azure Virtual Machines, Microsoft Office SharePoint, Microsoft Edge for Android, Microsoft Graphics Component, Microsoft Dynamics 365 (on-premises), Windows Routing and Remote Access Service (RRAS), Windows NTFS, Remote Access Point-to-Point Protocol (PPP) EAP-TLS, Windows Win32K - GRFX, Windows Distributed Transaction Coordinator, and Windows Cloud Files Mini Filter Driver.

The update addresses vulnerabilities in the following components: Remote Desktop Server, Windows DirectX, Windows Installer, Graphics Kernel, Windows Message Queuing, Windows Media, Windows PrintWorkflow UserSvc, Windows NT OS Kernel, Windows Kernel, Windows Streaming WOW Thunk Service Driver, Desktop Windows Manager, Windows Local Security Authority Subsystem Service (LSASS), Windows Remote Desktop Services, Windows Push Notifications, SQL Server, Microsoft Dynamics 365 (on-premises), and Azure File Sync. 





August 2025 Security Updates

This release consists of the following 111 Microsoft CVEs:

TagCVEBase ScoreFAQs?Workarounds?Mitigations?
SQL Server CVE-2025-249998.8YesNoNo
Microsoft Exchange Server CVE-2025-250056.5NoNoNo
Microsoft Exchange Server CVE-2025-250065.3YesNoNo
Microsoft Exchange Server CVE-2025-250075.3YesNoNo
Microsoft Exchange Server CVE-2025-330517.5YesNoNo
SQL Server CVE-2025-479548.8YesNoNo
Role: Windows Hyper-V CVE-2025-488077.5YesNoNo
Azure Virtual Machines CVE-2025-497077.9YesNoNo
Microsoft Office SharePoint CVE-2025-497128.8YesNoNo
Microsoft Edge for Android CVE-2025-497364.3YesNoNo
Microsoft Graphics Component CVE-2025-497436.7YesNoNo
Microsoft Dynamics 365 (on-premises) CVE-2025-497455.4YesNoNo
Role: Windows Hyper-V CVE-2025-497516.8YesNoNo
Microsoft Edge for Android CVE-2025-497554.3YesNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2025-497578.8YesNoNo
SQL Server CVE-2025-497588.8YesNoNo
SQL Server CVE-2025-497598.8YesNoNo
Windows Kernel CVE-2025-497617.8YesNoNo
Windows Ancillary Function Driver for WinSock CVE-2025-497627.0YesNoNo
Desktop Windows Manager CVE-2025-501537.8YesNoNo
Windows File Explorer CVE-2025-501547.5YesNoNo
Windows Push Notifications CVE-2025-501557.8YesNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2025-501565.7YesNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2025-501575.7YesNoNo
Windows NTFS CVE-2025-501587.0YesNoNo
Remote Access Point-to-Point Protocol (PPP) EAP-TLS CVE-2025-501597.3YesNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2025-501608.0YesNoNo
Windows Win32K - GRFX CVE-2025-501617.3YesNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2025-501628.0YesNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2025-501638.8YesNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2025-501648.0YesNoNo
Microsoft Graphics Component CVE-2025-501659.8YesNoNo
Windows Distributed Transaction Coordinator CVE-2025-501666.5YesNoNo
Role: Windows Hyper-V CVE-2025-501677.0YesNoNo
Windows Win32K - ICOMP CVE-2025-501687.8YesNoNo
Windows SMB CVE-2025-501697.5YesNoNo
Windows Cloud Files Mini Filter Driver CVE-2025-501707.8YesNoNo
Remote Desktop Server CVE-2025-501719.1NoNoNo
Windows DirectX CVE-2025-501726.5NoNoNo
Windows Installer CVE-2025-501737.8YesNoNo
Graphics Kernel CVE-2025-501767.8YesNoNo
Windows Message Queuing CVE-2025-501778.1YesNoNo
Windows Media CVE-2025-531318.8YesNoNo
Windows Win32K - GRFX CVE-2025-531328.0YesNoNo
Windows PrintWorkflowUserSvc CVE-2025-531337.8YesNoNo
Windows Ancillary Function Driver for WinSock CVE-2025-531347.0YesNoNo
Windows DirectX CVE-2025-531357.0YesNoNo
Windows NT OS Kernel CVE-2025-531365.5YesNoNo
Windows Ancillary Function Driver for WinSock CVE-2025-531377.0YesNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2025-531385.7YesNoNo
Kernel Transaction Manager CVE-2025-531407.0YesNoNo
Windows Ancillary Function Driver for WinSock CVE-2025-531417.8YesNoNo
Microsoft Brokering File System CVE-2025-531427.0YesNoNo
Windows Message Queuing CVE-2025-531438.8YesNoNo
Windows Message Queuing CVE-2025-531448.8YesNoNo
Windows Message Queuing CVE-2025-531458.8YesNoNo
Windows Ancillary Function Driver for WinSock CVE-2025-531477.0YesNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2025-531485.7YesNoNo
Kernel Streaming WOW Thunk Service Driver CVE-2025-531497.8YesNoNo
Windows Kernel CVE-2025-531517.8YesNoNo
Desktop Windows Manager CVE-2025-531527.8YesNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2025-531535.7YesNoNo
Windows Ancillary Function Driver for WinSock CVE-2025-531547.8YesNoNo
Role: Windows Hyper-V CVE-2025-531557.8YesNoNo
Storage Port Driver CVE-2025-531565.5YesNoNo
Windows Local Security Authority Subsystem Service (LSASS) CVE-2025-537166.5NoNoNo
Windows Ancillary Function Driver for WinSock CVE-2025-537187.0YesNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2025-537195.7YesNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2025-537208.0YesNoNo
Windows Connected Devices Platform Service CVE-2025-537217.0YesNoNo
Windows Remote Desktop Services CVE-2025-537227.5NoNoNo
Role: Windows Hyper-V CVE-2025-537237.8YesNoNo
Windows Push Notifications CVE-2025-537247.8YesNoNo
Windows Push Notifications CVE-2025-537257.8YesNoNo
Windows Push Notifications CVE-2025-537267.8YesNoNo
SQL Server CVE-2025-537278.8YesNoNo
Microsoft Dynamics 365 (on-premises) CVE-2025-537286.5YesNoNo
Azure File Sync CVE-2025-537297.8YesNoNo
Microsoft Office Visio CVE-2025-537307.8YesNoNo
Microsoft Office CVE-2025-537318.4YesNoNo
Microsoft Office CVE-2025-537327.8YesNoNo
Microsoft Office Word CVE-2025-537338.4YesNoNo
Microsoft Office Visio CVE-2025-537347.8YesNoNo
Microsoft Office Excel CVE-2025-537357.8YesNoNo
Microsoft Office Word CVE-2025-537366.8YesNoNo
Microsoft Office Excel CVE-2025-537377.8YesNoNo
Microsoft Office Word CVE-2025-537387.8YesNoNo
Microsoft Office Excel CVE-2025-537397.8YesNoNo
Microsoft Office CVE-2025-537408.4YesNoNo
Microsoft Office Excel CVE-2025-537417.8YesNoNo
Microsoft Office Excel CVE-2025-537597.8YesNoNo
Microsoft Office SharePoint CVE-2025-537607.1YesNoNo
Microsoft Office PowerPoint CVE-2025-537617.8YesNoNo
Azure Stack CVE-2025-537654.4YesNoNo
Windows GDI+ CVE-2025-537669.8YesNoNo
Azure OpenAI CVE-2025-5376710.0YesNoNo
Windows Security App CVE-2025-537695.5NoNoNo
Web Deploy CVE-2025-537728.8YesNoNo
GitHub Copilot and Visual Studio CVE-2025-537737.8YesNoNo
Microsoft 365 Copilot's Business Chat CVE-2025-537746.5YesNoNo
Windows NTLM CVE-2025-537788.8YesNoNo
Windows Kerberos CVE-2025-537797.2YesNoNo
Azure Virtual Machines CVE-2025-537817.7YesNoNo
Microsoft Teams CVE-2025-537837.5YesNoNo
Microsoft Office Word CVE-2025-537848.4YesNoNo
Microsoft Exchange Server CVE-2025-537868.0YesNoNo
Microsoft 365 Copilot's Business Chat CVE-2025-537878.2YesNoNo
Windows Subsystem for Linux CVE-2025-537887.0YesNoNo
Windows StateRepository API CVE-2025-537897.8YesNoNo
Azure Portal CVE-2025-537929.1YesNoNo
Azure Stack CVE-2025-537937.5YesNoNo

We are republishing 8 non-Microsoft CVEs:

CNATagCVEFAQs?Workarounds?Mitigations?
ChromeMicrosoft Edge (Chromium-based) CVE-2025-8576YesNoNo
ChromeMicrosoft Edge (Chromium-based) CVE-2025-8577YesNoNo
ChromeMicrosoft Edge (Chromium-based) CVE-2025-8578YesNoNo
ChromeMicrosoft Edge (Chromium-based) CVE-2025-8579YesNoNo
ChromeMicrosoft Edge (Chromium-based) CVE-2025-8580YesNoNo
ChromeMicrosoft Edge (Chromium-based) CVE-2025-8581YesNoNo
ChromeMicrosoft Edge (Chromium-based) CVE-2025-8582YesNoNo
ChromeMicrosoft Edge (Chromium-based) CVE-2025-8583YesNoNo

Security Update Guide Blog Posts

DateBlog Post
November 12, 2024 Toward greater transparency: Publishing machine-readable CSAF files
June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs
April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs
January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Resources

  • The new Hotpatching feature is now generally available. Please see  Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
  • Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the  Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see  Windows Lifecycle Facts Sheet.
  • Microsoft is improving Windows Release Notes. For more information, please see  What's next for Windows release notes.
  • A list of the latest servicing stack updates for each operating system can be found in  ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  • Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See  4522133 for more information.

Known Issues

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see  Windows message center (links to currently-supported versions of Windows are in the left pane).

KB ArticleApplies To
5063888Windows Server 2008 (Monthly Rollup)
5063948Windows Server 2008 (Security-only update)
5002769SharePoint Server 2019
5050672Exchange Server 2019 CU15
5050673Exchange Server 2019 CU14
5050674Exchange Server 2016 CU23

Win10

Security Update Guide - Microsoft Security Response Center

OpenSnitch 1.7.2 released

Linux Mint 22.2 Beta released

Windows

Linux

macOS

Community

  • Artsyl
    April 2, 2025 – Ontario, Canada — As compliance requirem ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...