Microsoft has published the security updates for May 2025, which encompass Azure DevOps, Microsoft Edge (Chromium-based), Azure Automation, Azure Storage Resource Provider, Microsoft Dataverse, and Microsoft Power Apps. Microsoft has republished five non-Microsoft CVEs. The blog posts on the Security Update Guide have been revised to enhance transparency and support regarding CVEs assigned by industry partners. Updates for Windows 10 and Windows 11 are cumulative, incorporating all security fixes and non-security updates accessible through the Microsoft Update Catalog. The Windows Lifecycle Facts Sheet offers detailed information regarding the lifecycle and support dates for these operating systems. Organizations utilizing Windows Server 2008 R2 or 2008 are required to acquire the Extended Security Update to maintain access to security updates.
May 2025 Security Updates
This release consists of the following 7 Microsoft CVEs:
Tag CVE Base Score Exploitability FAQs? Azure DevOps CVE-2025-29813 10.0 N/A Yes Microsoft Edge (Chromium-based) CVE-2025-29825 6.5 Exploitation Less Likely Yes Azure Automation CVE-2025-29827 9.9 N/A Yes Azure Storage Resource Provider CVE-2025-29972 9.9 N/A Yes Azure CVE-2025-33072 8.1 Exploitation Less Likely Yes Microsoft Dataverse CVE-2025-47732 8.7 N/A Yes Microsoft Power Apps CVE-2025-47733 9.1 N/A Yes We are republishing 5 non-Microsoft CVEs:
CNA Tag CVE FAQs? Workarounds? Mitigations? Chrome Microsoft Edge (Chromium-based) CVE-2025-4050 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2025-4051 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2025-4052 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2025-4096 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2025-4372 Yes No No Security Update Guide Blog Posts
Date Blog Post June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API January 11, 2022 Coming Soon: New Security Update Guide Notification System February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners December 8, 2020 Security Update Guide: Let’s keep the conversation going November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide Relevant Resources
- The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
- Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows Lifecycle Facts Sheet.
- Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
- In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
- Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
