July 2025 Patch Tuesday Overview: 130 Vulnerabilities & One Disclosed Zero-Day (CVE-2025-49719)

Microsoft’s July 2025 Patch Tuesday brings fixes for 130 security vulnerabilities across its product ecosystem. This release addresses a wide range of threats, including:

• 53 Elevation of Privilege (EoP) Vulnerabilities
• 42 Remote Code Execution (RCE) Vulnerabilities
• 17 Information Disclosure Vulnerabilities
• 8 Security Feature Bypass Vulnerabilities
• 5 Denial of Service (DoS) Vulnerabilities
• 4 Spoofing Vulnerabilities
• 1 Tampering Vulnerability

Among these vulnerabilities, there is one zero-day, CVE-2025-49719, which was designated as such because it was publicly disclosed prior to the release of patches. The update also includes 12 critical flaws affecting widely used products like Microsoft Office, SharePoint, and other core Windows components.

What Is CVE-2025-49719?

CVE-2025-49719 (CVSS 7.5) is an information disclosure vulnerability in Microsoft SQL Server. This flaw allows an unauthenticated attacker to potentially access uninitialized memory, which may expose sensitive information. The official advisory currently rates the risk of exploitation as low.

CVE-2025-49719 (SOCRadar Vulnerability Intelligence)

Microsoft credits Vladimir Aleksic for discovering the vulnerability but has not provided details on how it was disclosed. It is tagged as a zero-day because it was “publicly disclosed” before a patch was available.

To protect systems, users should update SQL Server to the latest version, which includes necessary driver fixes. Additionally, those using applications built on SQL Server should update to Microsoft OLE DB Driver version 18 or 19, after confirming compatibility.

Key Critical Vulnerabilities in Microsoft’s July 2025 Patch Tuesday

Beyond CVE-2025-49719, Microsoft’s July 2025 Patch Tuesday addresses multiple critical vulnerabilities impacting core products such as Windows Hyper-V, Microsoft Office, SharePoint, SQL Server, and AMD processors. These security flaws carry high risks and can lead to severe breaches if not patched promptly.

• CVE-2025-47981 (CVSS 9.8) – SPNEGO Extended Negotiation (NEGOEX) Remote Code Execution
• CVE-2025-48822(CVSS 8.6) – Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution
• CVE-2025-49717(CVSS 8.5) – Microsoft SQL Server Remote Code Execution
• CVE-2025-49704 (CVSS 8.8) – Microsoft SharePoint Remote Code Execution
• CVE-2025-49695, CVE-2025-49696, CVE-2025-49697 (CVSS 8.4) – Microsoft Office Remote Code Execution
• CVE-2025-49702 (CVSS 7.8) – Microsoft Office Remote Code Execution
• CVE-2025-49735(CVSS 8.1) – Windows KDC Proxy Service Remote Code Execution
• CVE-2025-47980(CVSS 6.2) – Windows Imaging Component Information Disclosure
• CVE-2025-36350, CVE-2025-36357(CVSS 5.6) – AMD Transient Scheduler Attacks (Store Queue and L1 Data Queue)

Most of these critical flaws involve Remote Code Execution (RCE), information disclosure, or privilege escalation vectors. Successful exploitation could allow attackers to execute arbitrary code, access sensitive information, or disrupt critical services – potentially leading to full system compromise.

Given the severity and widespread impact of these vulnerabilities, organizations should prioritize applying these patches promptly to reduce their exposure to potential cyberattacks.

Minimize your organization’s vulnerability risk with SOCRadar’s Cyber Threat Intelligence module. With Vulnerability Intelligence, it provides timely insights and prioritization, helping your team stay informed on critical security flaws, emerging exploits, and patch deadlines, so you can act before threats escalate.

SOCRadar’s Vulnerability Intelligence: Latest CVEs and exploitation updates

Must-Patch Microsoft Vulnerabilities From the July 2025 Security Update

Among the 130 vulnerabilities addressed in Microsoft’s July 2025 Patch Tuesday, 17 stand out as having a higher potential for exploitation. These flaws demand immediate attention from security teams due to their critical impact, exploitability, and absence of effective workarounds.

This list includes previously highlighted critical vulnerabilities like CVE-2025-47981, CVE-2025-49695, CVE-2025-49696, CVE-2025-49704, and CVE-2025-49735, alongside the following notable issues ranked by severity:

• CVE-2025-49701 (CVSS 8.8) – Remote Code Execution in Microsoft Office SharePoint
• CVE-2025-49724 (CVSS 8.8) – Remote Code Execution in Windows Connected Devices Platform Service
• CVE-2025-47987 (CVSS 7.8) – Elevation of Privilege via Windows CredSSP Protocol
• CVE-2025-48799 (CVSS 7.8) – Elevation of Privilege in Windows Update Service
• CVE-2025-49718 (CVSS 7.5) – Information Disclosure in SQL Server
• CVE-2025-49727 (CVSS 7.0) – Elevation of Privilege in Windows Win32K – GRFX
• CVE-2025-49744 (CVSS 7.0) – Elevation of Privilege in Microsoft Graphics Component
• CVE-2025-47978 (CVSS 6.5) – Denial of Service in Windows Kerberos
• Multiple BitLocker Security Feature Bypass vulnerabilities (CVE-2025-48001, CVE-2025-48800, CVE-2025-48804, CVE-2025-48818) with CVSS scores of 6.8

Given the severity and ease with which these vulnerabilities could be exploited, organizations should prioritize patching them promptly to minimize exposure to digital risks and protect critical systems.

For the full list of vulnerabilities and detailed technical guidance, refer to Microsoft’s official July 2025 Patch Tuesday release notes.

SOCRadar Attack Surface Management, Company Vulnerabilities

Get full clarity on your risks with SOCRadar Attack Surface Management (ASM). It continuously scans your external environment to uncover vulnerable systems, misconfigurations, and shadow IT. Combined with SOCRadar’s Vulnerability Intelligence, you receive real-time alerts on new CVEs and exploit trends, plus context to prioritize patching.