Critical CVEs in patch Tuesday August 2025

Microsoft’s August 2025 Patch Tuesday addresses over 100 vulnerabilities, including a publicly disclosed zero-day and multiple high-severity flaws across Kerberos, NTLM, Exchange, Office, and AI services. Here’s a list of the most critical ones, listed by impact type:

Remote Code Execution (RCE)

• CVE-2025-50165 (Windows Graphics Component) - CVSS Critical (9.8) - This vulnerability allows an unauthenticated attacker to execute code remotely via a malicious JPEG file. 
• CVE-2025-53766 (GDI+) - CVSS Critical (9.8) - Exploitable by opening a crafted image in a document, potentially leading to system-level code execution. 
• CVE-2025-53733 (Microsoft Word) - CVSS High (8.4) - A use-after-free vulnerability triggered by opening a malicious Word document. 
• CVE-2025-53740 (Microsoft Office) - CVSS High (8.4) - Exploitable through the Preview Pane and affecting multiple Office versions. 
• CVE-2025-53731 (Office RCE - Mac & Windows) - CVSS High (8.4) - Another use-after-free vulnerability in Office, potentially exploitable through the Preview Pane. 
• CVE-2025-53784 (Microsoft Word) - CVSS High (8.4) - Similar to other Word vulnerabilities, exploitable via malicious documents. 
• CVE-2025-50177 (Microsoft Message Queuing - MSMQ) - CVSS High (8.1) - An unauthenticated attacker can execute code over HTTP using this vulnerability. 
• CVE-2025-50176 (DirectX Graphics Kernel) - CVSS High (7.8) - A type confusion vulnerability allowing local attackers to execute code. 

Elevation of Privilege (EoP)

• CVE-2025-53778 (Windows NTLM) - CVSS High (8.8) - An authenticated attacker can escalate privileges to SYSTEM via spoofed authentication. 
• CVE-2025-53786 (Exchange Server Hybrid Deployment) - CVSS High (8.0) -  Allows an attacker to pivot from a compromised Exchange Server into an organization's cloud environment, potentially gaining control over Exchange Online and other Microsoft Office 365 services.

Data exposure

• CVE-2025-53781 (Azure Virtual Machines) - CVSS High (7.7) - A vulnerability that could allow an attacker to disclose sensitive information.
• CVE-2025-53793 (Azure Stack Hub) - CVSS High (7.5) - Another information disclosure vulnerability. 

Zero-day vulnerability

• CVE-2025-53779 (Windows Kerberos) - High (7.2) - A flaw that could allow an authenticated attacker to gain domain administrator privileges. 

Windows 10 End of Support

Note that Microsoft will stop shipping free security updates for Windows 10 after October 14, 2025, and suggests installing Linux Mint as a safe alternative for older Windows 10 PCs that cannot upgrade to Windows 11. It’s important to take action now before the October End of Support date.

Which CVEs should be prioritized?

Without considering environmental context, we’d prioritize the following CVEs for patching:

• Kerberos (CVE-2025-53779): zero-day with active disclosure.
• NTLM (CVE-2025-53778): high likelihood of exploitation.
• MSMQ (CVE-2025-50177): active RCE risk to exposed systems.
• Exchange (CVE-2025-53786): Approximately 29,000 publicly facing Exchange servers are vulnerable.
• GDI+ & Graphics (CVE-53766, CVE-50165): systems handling graphical input are vulnerable.
• Azure OpenAI (CVE-53767): critical cloud service exposure worth immediate attention.
• Word (CVE-53733): exploit via Preview Pane; may affect user endpoints broadly
• SharePoint (CVE-49712): network-facing servers vulnerable; patch urgently.

How Mondoo prioritizes based on your actual risk

Even though CVE patching can be prioritized by looking at CVSS scores and likelihood of exploitation in the wild, your actual risk greatly depends on the exposure that exists in your individual environment. This can only be determined when you have a full understanding of the context of the affected asset, and whether there are any factors present that could increase or reduce the likelihood or impact of exploitation. We’ve listed some examples below:

Factors that increase risk:

• The asset has a public IP on the internet
• The sshd process is active
• The sshd process is listening on an open port
• The asset has access to critical data
• Another vulnerability on the asset allows for remote code execution

Factors that reduce risk:

• A local firewall controls inbound network access 
• The asset does not have access to critical data
• Restricted user access to the system

This is where Mondoo can help because we scan for all these factors, display them in the UI, and automatically adjust priority scoring according to the actual risk in your environment. This allows you to start patching the issues that are actually the most critical in your environment, so you can stay ahead of attackers and save your security team hours of manual investigation.

How Mondoo helps you remediate quickly

At Mondoo, we believe that security and compliance findings must be actionable. This means that we don’t only tell you what’s wrong, we also tell you how to fix it - while automating the process as much as possible:

• For each CVE, Mondoo includes guided remediation, providing configuration steps and code snippets for CLI, PowerShell, Ansible, Terraform, CloudFormation, and more. 
• With Mondoo's ITSM integrations, security engineers can create tickets directly from the Mondoo platform. Each ticket will include detailed information on the vulnerability, contextual risk factors, full asset details, and remediation instructions. This enables platform engineers to take quick action without requiring back and forth with the security team. Mondoo will track the progress of the ticket, validate whether the issue is fixed, and automatically reopen the ticket if drift occurs.
• Mondoo offers Agentic Vulnerability Patching, a fully transparent system based on tried and tested, easy to use, open source technologies that provides semi-autonomous patching and allows engineers to see exactly what is happening and easily rollback if necessary.

About Mondoo

Mondoo is a vulnerability management platform that saves teams many hours of manual work, reduces friction between security and platform engineering teams, and allows organizations to focus on strategic security efforts instead of just being reactive. Schedule a demo to see the Mondoo difference.