Keep attempting to improve your SEO for the August 2025 Patch Tuesday forecast.

July transformed into a surprisingly busy month in the realm of cybersecurity. It commenced slowly with a relatively ‘calm’ Patch Tuesday, as previously forecasted. Although 130 new Common Vulnerabilities and Exposures (CVEs) were addressed across all Microsoft releases, only one CVE was publicly disclosed, indicating a low risk. However, the situation escalated when two CVEs in SharePoint were reported as exploited, leading to a flurry of hotfixes towards the end of the month. The month also saw security configuration issues with Microsoft Exchange Server, alongside significant updates from Google and Apple, culminating in a period of heightened activity.

The process of completely fixing a vulnerability often requires multiple iterations, a lesson Microsoft learned with its recent SharePoint vulnerability fixes. Earlier in the year, during the Berlin Pwn2Own contest, a series of vulnerabilities known as the ‘ToolShell’ chain were exploited and subsequently addressed in the July 2025 Patch Tuesday updates. Key vulnerabilities included CVE-2025-49704, a SharePoint Remote Code Execution Vulnerability, and CVE-2025-49706, a SharePoint Server Spoofing Vulnerability. Shortly after these updates, it was reported that the fixes had been bypassed, resulting in compromises for numerous organisations. On July 19th, Microsoft released a more ‘hardened’ fix, associated with vulnerabilities CVE-2025-53770 and CVE-2025-53771. Separate releases were made for Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Server 2019, and Microsoft SharePoint Enterprise Server 2016. Microsoft also recommended rotating the associated machine keys on the impacted servers, as ransomware was reported to exploit the ToolShell attack chain. The Cybersecurity and Infrastructure Security Agency (CISA) included these vulnerabilities in its catalogue of exploited vulnerabilities, urging immediate fixes by federal agencies. Anticipation grew that these hotfixes would be included in the August Patch Tuesday releases as well.

In addition to Microsoft’s updates, significant developments occurred with other major platforms. Microsoft issued CVE-2025-53786 to address security issues related to Microsoft Exchange Server in hybrid environments. This CVE linked the April update and security hotfix with a series of instructions for securing on-premise Microsoft Exchange Server and Exchange Online. The sharing of credentials and data, such as calendars and email contact lists, posed a risk of compromise with minimal logging to indicate what transpired. An Exchange Server blog provided extensive details on the upcoming end-of-life for Exchange products and migration options to more secure configurations. Furthermore, Google continued its weekly updates to the Chromium browser, releasing a patch on July 16th to address several vulnerabilities, including the zero-day CVE-2025-6558, which allowed a remote attacker to potentially perform a sandbox escape. Apple also made significant updates during this period. 

Categories: Cybersecurity Vulnerabilities, Software Updates, Exploitation and Mitigation 

Tags: July, CVEs, Microsoft, SharePoint, Vulnerability, Hotfixes, Exchange Server, Ransomware, Chromium, Apple