Microsoft August 2025 Patch Tuesday fixes one zero-day, 107 flaws

Today is Microsoft’s August 2025 Patch Tuesday, which includes security updates for 107 flaws, including one publicly disclosed zero-day vulnerability in Windows Kerberos. Of the 107 vulnerabilities fixed in today’s update, 8 are classified as ‘Critical’ as they allow remote code execution, the most severe vulnerability type.

The number of bugs in each vulnerability category is listed below:

• 26 Elevation of Privilege vulnerabilities
• 8 Security Feature Bypass vulnerabilities
• 44 Remote Code Execution vulnerabilities
• 16 Information Disclosure vulnerabilities
• 12 Denial of Service vulnerabilities
• 1 Spoofing vulnerability.

Other vendors who released updates or advisories in July 2025 include:

• 7-Zip released a security update for a path traversal flaw that could lead to RCE.
• Adobe released emergency updates for AEM Forms zero-days after PoCs were released.
• Cisco released patches for WebEx and Identity Services Engine.
• Fortinet released security updates today for multiple products, including FortiOS, FortiManager, FortiSandbox, and FortiProxy.
• Google released security updates for Android that fix two actively exploited Qualcomm vulnerabilities.
• Microsoft warned about a Microsoft Exchange flaw tracked as CVE-2025-53786 that could be used to hijack cloud environments.
• Proton fixed a bug in its new Authenticator app for iOS that logged users’ sensitive TOTP secrets in plaintext.
• SAP released the July security updates for multiple products, including numerous vulnerabilities with a 9.9 rating.
• Trend Micro released a “fix tool” for an actively exploited remote code execution vulnerability in Apex One. Full security updates will come at a later date.
• WinRAR released a security update at the end of July for an actively exploited path traversal bug that could lead to remote code execution.

To read the complete article see: BleepingComputer.