Volume / scope: Microsoft’s August 2025 Patch Tuesday addressed 119 CVEs across Windows, Office, Azure, Exchange and other components (some trackers count 107 in the core release, with higher totals typically including additional product-family items such as Edge). (threatprotect.qualys.com)
Exploitation status (important correction): The headline “zero-day” this month was publicly disclosed, but multiple reputable trackers stated no confirmed in-the-wild exploitation at release time. (SANS Internet Storm Center)
Key items to prioritise
CVE-2025-53779 — Windows Kerberos EoP (“BadSuccessor”)
What it is: A relative path traversal issue in Windows Kerberos that can enable privilege escalation in Active Directory environments. (NVD)
Why it matters: Research showed the technique can be used to reach domain/forest compromise under certain AD conditions (notably involving delegated Managed Service Accounts (dMSA) introduced with Windows Server 2025). (akamai.com)
Status: Publicly disclosed prior to Patch Tuesday; not confirmed as actively exploited at release. (SANS Institute)
CVE-2025-50165 — Microsoft Graphics Component RCE
What it is: A critical remote code execution flaw (untrusted pointer dereference) that can be triggered over the network. (NVD)
Why it matters: Often discussed as a “malicious image/file” style risk (high-impact if reachable via document/image parsing paths). (wiz.io)
CVE-2025-53731 — Microsoft Office RCE (Preview Pane vector noted by multiple trackers)
What it is: A use-after-free in Microsoft Office that can lead to code execution; reporting highlighted Preview Pane as an attack vector in some scenarios. (NVD)
CVE-2025-53767 — Azure OpenAI Elevation of Privilege (hosted service)
What it is: An Azure OpenAI elevation-of-privilege issue (tagged as an exclusively hosted service in NVD). (NVD)
“Public exploit / likely targeting” watch-outs
CVE-2025-50154 — Windows File Explorer spoofing / NTLM material exposure
What it is: Exposure of sensitive information that can enable spoofing over the network (commonly discussed in the context of NTLM credential material leakage / coercion). (NVD)
Why it matters:Public exploit code appeared shortly after Patch Tuesday, and UK healthcare-sector alerting assessed attempted exploitation as likely. (exploit-db.com)
Practical guidance (triage order)
Domain controllers / AD-adjacent servers (especially Windows Server 2025 features): prioritise CVE-2025-53779 (Kerberos/AD privilege escalation path). (Tenable®)
Credential-theft / NTLM exposure reduction: patch and hunt for CVE-2025-50154-style coercion patterns, given public exploit availability and “likely targeting” assessments. (NHS England Digital)
