Post-Patch Tuesday Roundup: June 2025
Skip to main content

Login to eCAT

Customer Support
Contact Sales
Blog

Post-Patch Tuesday Roundup: June 2025

Welcome to the June 2025 edition of the Softcat Patch Tuesday Roundup, where we provide insights into the most significant security updates released this month. This issue highlights key patches from Microsoft, Adobe, Cisco, Citrix, Fortinet, Ivanti, and SAP.

Post patch tuesday image 1

Andrew Pearch

Cyber Assurance Lead

Microsoft

In their June Patch Tuesday release, Microsoft has addressed 66 vulnerabilities, including one actively exploited zero-day vulnerability and another zero-day that was publicly disclosed.

The actively exploited zero-day vulnerability in today's updates is:

CVE-2025-33053 - Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability. This critical zero-day vulnerability (CVE-2025-33053) in Microsoft Windows WebDAV has been exploited in targeted attacks, according to new research from Check Point. The flaw allows remote code execution if a user clicks on a specially crafted WebDAV link. In March 2025, Check Point detected an attempted attack on a Turkish defence firm by the APT group "Stealth Falcon", who used a novel technique involving a legitimate Windows tool to execute files from a malicious WebDAV server.

The publicly disclosed zero-day is:

CVE-2025-33073 - Windows SMB Client Elevation of Privilege Vulnerability.

Microsoft has patched a critical vulnerability in Windows SMB that could allow attackers to gain SYSTEM-level privileges. The flaw, caused by improper access control, enables an attacker to elevate privileges by coercing a targeted machine to authenticate to a malicious SMB server using a crafted script. Though Microsoft has not detailed how the flaw was disclosed, reports suggest DFN-CERT and RedTeam Pentesting raised early warnings. A security update is now available, and the issue can also be mitigated by enforcing SMB signing through Group Policy.

This Patch Tuesday also fixes ten critical vulnerabilities, eight being remote code execution vulnerabilities and two being elevation of privileges bugs. Those 10 critical vulnerabilities affect Microsoft Office, Microsoft Office Sharepoint, Windows Cryptographic Services, KDC Proxy Service, Remote Desktop Services and Windows Netlogon.

 

Adobe

Adobe released security updates for InCopy, Experience Manager, Commerce, InDesign, Substance 3D Sampler, Acrobat Reader, and Substance 3D Painter.

 

Cisco

Since our May Blog, Cisco has released 24 advisories, with the impact ratings ranging from Medium to Critical. CISO has given 3 of those vulnerabilities a ‘Critical’ impact rating. These impact CISCO IOS XE Wireless Controller Software, cloud deployed Identity Services Engine and multiple products with an RCE in Erlang/OTP SSH Server.

 

Citrix

Citrix has not released any new Security Updates this month.

 

Fortinet

Fortinet has published/updated 2 advisories since our May Blog. One of which is rated critical, the other is High. Both advisories impact multiple products.

The critical advisory, was published in our May Blog, but updated on the 28th May. CVE-2025-22252 is an authentication bypass vulnerability in FortiOS, FortiProxy, and FortiSwitchManager TACACS+ configurations that use a remote TACACS+ server with ASCII authentication. It can allow an attacker with knowledge of an existing admin account to gain access as a valid admin.

 

Ivanti

Ivanti has issued security updates to address three high-severity vulnerabilities in its Workspace Control (IWC) solution. The flaws stem from hardcoded, unchangeable cryptographic keys, which could allow local authenticated attackers to decrypt stored credentials and escalate privileges. Two of the vulnerabilities (CVE-2025-5353 and CVE-2025-22455) affect SQL credentials in IWC versions 10.19.0.0 and earlier, while a third (CVE-2025-22463) enables decryption of the stored environment password. Ivanti warns that successful exploitation could lead to credential compromise and system-level impact.

 

SAP

On the 10th June as part of its Security Patch day, SAP released 14 new Security Notes, one of which is rated Critical. A further 5 are rated High. The products affected by the critical and high advisories are:

· SAP NetWeaver (Critical)

· SAP GRC

· SAP Business Warehouse

· SAP BusinessObjects Business Intelligence Platform

· SAP Netweaver Visual Composer

· SAP MDM Server

 

Industrial Control Systems

Since our May Blog, the CyberSecurity and Infrastructure Agency (CISA) released the following advisories for Industrial Control Systems. Any clients utilising these systems should check the list below to determine if they are using vulnerable components within their systems.

ICSA-23-089-01 Hitachi Energy IEC 61850 MMS-Server (Update A)

 

CISA advises users and administrators to review these newly released advisories for technical details and to apply the appropriate mitigations.

 

May Highlights

May 21st 2025 – CISA issued the following advisory, around Russian Actors targeting Western Logistics and Technology companies. Although the report contains no evidence of an identified threat against UK companies, the report details TTP’s and provides actionable intelligence and has been endorsed by the UK NCSC.

A PDF of the report is available here.

As always, users are recommended to apply the latest security updates as soon as possible to protect their systems from potential threats.