Skip to content
BLOG

Patch Tuesday May 2025

Brock Bingham candid headshot
Brock Bingham|May 13, 2025
PatchTuesday green
PatchTuesday green
Sections

It’s been exactly five weeks since our last Patch Tuesday update, and I don’t know about you, but that’s one week too many. I’ve been bored out of my mind.

If you recall, April’s patches broke some stuff, so at least we had that to keep us busy. Side note: I think broken updates are just Microsoft’s way of showing it cares. A built-in job security feature, if you will.

With an extra week of prep time, let’s see what Microsoft has cooked up for us this month.

  • Total exploits patched: 80

  • Critical patches: 11

  • Already known or exploited: 7

Some highlights (or lowlights)

  • CVE-2025-29813: If you were hoping to start your Patch Tuesday off with a perfect 10-rated vulnerability, today's your lucky day! That's right, CVE-2025-29813 comes in at a whopping 10.0, or as Microsoft likes to call it, a "major oopsie." This Azure DevOps elevation of privilege vulnerability exploits Visual Studio, improperly handling pipeline job tokens. Thankfully, Microsoft has already addressed the token-handling logic on its end — no user interaction required.

  • CVE-2025-30387: If you use Document Intelligence to comb through, organize, and extract data from all your valuable files and documents, well, there's a 9.8-rated vulnerability headed your way. CVE-2025-30387 indicates that an attacker could gain an elevation of privilege over the network if they were to take advantage of this path traversal exploit. Thankfully, this exploit is only theoretical at this point. But to ensure you're not vulnerable, Microsoft says you need to update the image to the latest tag, which “shouldn't” (famous last words) affect user data.

  • CVE-2025-47733: Want to use AI to easily develop apps? Microsoft sure hopes you do. And it hopes you’ll use Microsoft Power Apps to do it. The only problem is it may have snuck a 9.1-rated server-side request forgery exploit in there. Just for fun. Thankfully, Microsoft (or more likely AI) has already patched everything on its end, which means you don’t have to worry about anything. Unless you worry about Microsoft increasing the use of AI. In that case, feel free to panic as much as you like.

Wrapping up

Will we get some shenanigans with May’s patches like we did with April’s? It’s still too early to tell. But with AI generating up to 30% of Microsoft’s code, I’d say the chances are pretty good. Which is another great reminder to thoroughly test before deploying patches to production devices. Oh, and it’s always a good idea to have a rollback strategy. You know, just in case.

Loading...

Brock Bingham candid headshot
Brock Bingham

Born in the '80s and raised by his NES, Brock quickly fell in love with everything tech. With over 15 years of IT experience, Brock now enjoys the life of luxury as a renowned tech blogger and receiver of many Dundie Awards. In his free time, Brock enjoys adventuring with his wife, kids, and dogs, while dreaming of retirement.

Related articles

Dog drooling while reading content on laptop

How to run PowerShell commands on remote computers

PRODUCT

Illustration of block with Powershell logo

Five takeaways from the PowerShell + DevOps Global Summit 2025

POWERSHELL

Women Tech Council Shatter List 2025

PDQ named to the Shatter List for supporting women in tech

NEWS