August 2025 Patch Tuesday: 107 Vulnerabilities, 1 Zero-Day

Microsoft’s August 2025 Patch Tuesday includes fixes for 107 vulnerabilities across Windows, Office, SQL Server, Exchange, Azure, and more. This month’s release features:

• 1 publicly disclosed zero-day

  • CVE-2025-53779 – a Windows Kerberos vulnerability that could allow an attacker to escalate privileges to a domain admin.

• 13 Critical vulnerabilities:

  • 9 Remote Code Execution flaws

  • 3 Information Disclosure issues

  • 1 Elevation of Privilege vulnerability

• Breakdown by vulnerability type:

  • 44 Elevation of Privilege

  • 35 Remote Code Execution

  • 18 Information Disclosure

  • 9 Spoofing

  • 4 Denial of Service

Microsoft Patch Highlights

This release focuses heavily on privilege escalation and RCE flaws, especially in core Windows infrastructure and cloud-connected services. Microsoft has also flagged several vulnerabilities as more likely to be exploited, increasing the urgency for fast patching.

This month's Patch Tuesday fixes one publicly disclosed zero-day in Microsoft SQL Server. The publicly disclosed zero-day is:

• CVE-2025-53779 - Windows Kerberos Elevation of Privilege Vulnerability

Microsoft fixes a flaw in Windows Kerberos that allows an authenticated attacker to gain domain administrator privileges.

"Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network," explains Microsoft.

Microsoft says that an attacker would need to have elevated access to the following dMSA attributes to exploit the flaw:

• msds-groupMSAMembership: This attribute allows the user to utilize the dMSA.

• msds-ManagedAccountPrecededByLink: The attacker needs write access to this attribute, which allows them to specify a user that the dMSA can act on behalf of.

Third-Party Security Updates Worth Noting

Several non-Microsoft vendors released important updates around this Patch Tuesday cycle. These patches address actively exploited flaws and should be included in your response plan. Vendors who released patches include:

• 7-Zip released a security update for a path traversal flaw that could lead to RCE.

• Adobe released emergency updates for AEM Forms zero-days after PoCs were released.

• Cisco released patches for WebEx and Identity Services Engine.

• Fortinet released security updates today for multiple products, including FortiOS, FortiManager, FortiSandbox, and FortiProxy.

• Google released security updates for Android that fix two actively exploited Qualcomm vulnerabilities.

• Microsoft warned about a Microsoft Exchange flaw tracked as CVE-2025-53786 that could be used to hijack cloud environments.

• Proton fixed a bug in its new Authenticator app for iOS that logged users' sensitive TOTP secrets in plaintext.

• SAP released the July security updates for multiple products, including numerous vulnerabilities with a 9.9 rating.

• Trend Micro released a "fix tool" for an actively exploited remote code execution vulnerability in Apex One. Full security updates will come at a later date.

• WinRAR released a security update at the end of July for an actively exploited path traversal bug that could lead to remote code execution.

Splashtop AEM supports real-time patching for many third-party applications. Updates like those from Adobe, WinRAR, and 7-Zip can be deployed automatically using Splashtop AEM policies, reducing exposure time without manual effort.

Which Patches to Prioritize First

With 107 vulnerabilities this month, it’s important to focus your patching efforts on those with the highest risk of exploitation. Microsoft’s guidance and CVSS ratings help identify what needs urgent attention.

Based on CVSS scores, public disclosure, and likelihood of exploitation, organizations should prioritize the following:

Patch Immediately (Highest Priority)

• CVE-2025-53779

  • Type: Elevation of Privilege

  • CVSS: 7.2

  • Why it matters: Publicly disclosed zero-day in Windows Kerberos. Can be used to gain domain admin privileges. Patch all domain controllers without delay.

• CVE-2025-50165 – Microsoft Graphics Component (CVSS 9.8, RCE)

• CVE-2025-53766 – Windows GDI+ (CVSS 9.8, RCE)

• CVE-2025-53792 – Azure Portal (CVSS 9.1, privilege escalation)

• CVE-2025-50171 – Remote Desktop Server (CVSS 9.1, network-based RCE)

• CVE-2025-53778 – Windows NTLM (CVSS 8.8, exploitation more likely)

These vulnerabilities affect internet-facing or core services like RDP, Azure, and Windows authentication systems. Exploiting any of them could allow attackers to gain privileged access or move laterally across your environment.

Patch Within 72 Hours (High Priority)

• SQL Server vulnerabilities – e.g., CVE-2025-24999, CVE-2025-49758, CVE-2025-53727 (CVSS 8.8)

• Microsoft Message Queuing – CVE-2025-53143 through CVE-2025-53145 (CVSS 8.8, RCE)

• CVE-2025-53786 – Exchange Server (CVSS 8.0, exploitation more likely)

• Windows RRAS – Multiple CVEs rated CVSS 8.0+

These affect high-value services often targeted in initial access or lateral movement scenarios.

Patch Within 1–2 Weeks (Medium Priority)

• Win32K, Hyper-V, LSASS, DirectX – CVSS 7.x

• Office macros and document parsing vulnerabilities – exploitable through phishing

These are significant but typically require user interaction or existing access.

Patch in Regular Cycle (Lower Priority)

• Lower-severity flaws in Office, Visio, PowerPoint

• CVEs in Edge for Android with CVSS scores under 7.0

These present less immediate risk and can be handled as part of standard update workflows.

How Splashtop AEM Can Help

August’s update highlights how fast-moving vulnerabilities (like the Kerberos zero-day and high-risk flaws in RDP, NTLM, and Azure) demand more than just a monthly patching routine. Splashtop AEM gives IT teams the flexibility and speed to respond in real time, without disrupting operations.

Splashtop AEM delivers:

• Real-time OS and app patching across Windows, macOS, and major third-party software

• CVE-based insights so you can filter, prioritize, and patch based on real risk

• Automated patch policies to eliminate repetitive manual work

• Ring-based deployment control for safer rollouts

• Live dashboards to track patch status, failures, and compliance in one place

Works with Your Existing Stack

Whether you’re using Microsoft Intune, a traditional RMM, or no patching tool at all, Splashtop AEM fits in seamlessly:

• Using Intune? Splashtop AEM enhances Intune by adding real-time patching, broader third-party support, and deeper visibility.

• Using an RMM? Splashtop AEM offers faster patching, easier setup, and a lighter footprint.

• Still patching manually? Automate updates across your environment and free up valuable time.

Splashtop AEM helps you stay protected without adding complexity. It’s patching the way it should be: fast, reliable, and entirely in your control.

Start Your Free Trial of Splashtop AEM

Patch Tuesday doesn’t have to mean late nights, spreadsheets, and reactive scrambling.

With Splashtop AEM, you can:

• Patch vulnerabilities the moment they’re disclosed (including zero-days like CVE-2025-53779)

• Automate OS and third-party updates across your entire fleet

• Eliminate blind spots with real-time visibility and reporting

Get started today and take control of your patching!