Microsoft enjoys first Patch Tuesday of 2025 with no active exploits

For the first time this year, Microsoft has released a Patch Tuesday bundle with no exploited security problems, although one has been made public already, and there are ten critical flaws to fix.

July's software flaw fix package includes 130 patches with none exploited and only one earning a CVSS score of over nine - CVE-2025-47981. This critical issue comes with a 9.8 score and breaks Microsoft's Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) security protocols with a heap-based buffer overflow that would allow remote code execution.

Of the other nine new critical issues, four are in Office, which last month had a major patching update and gets more this month. In July's fixes, four flaws allow for remote code execution in the Office bundle. In all, Office gets 16 patches this week, but those four should be on the list of first to fix.

• CVE-2025-49695 - An ...