The cyber threat landscape in June 2025 was marked by a surge in ransomware activity, the rapid exploitation of zero-day vulnerabilities, and the continued targeting of critical infrastructure by advanced persistent threat (APT) groups. High-impact vulnerabilities across Microsoft, Fortinet, SAP, Google, Cisco, and Android ecosystems demanded immediate attention, as attackers moved quickly to exploit security gaps before patches could be widely applied.
In this article, we break down the most impactful CVEs disclosed in June 2025, explain the risks, and offer practical mitigation strategies to help organisations strengthen their defences.
What We'll Cover
CVE-2025-47172: Remote Code Execution in Microsoft SharePoint Server
Severity: Critical
CVSS Score: 8.8
Vulnerability Type: SQL Injection Leading to Remote Code Execution
Impact: Server Compromise, Data Theft, Privilege Escalation
Affected Systems: Microsoft SharePoint Server 2016, 2019, Subscription Edition
A critical SQL Injection vulnerability in Microsoft SharePoint Server allows authenticated, low-privilege users to execute arbitrary commands on the server. Successful exploitation can lead to data theft, privilege escalation, and operational disruption.
Mitigation Strategies:
Apply Microsoft’s latest cumulative updates, including KB5038316. Implement strict access controls, segment SharePoint environments, enable web application firewall (WAF) protections, and continuously monitor logs for unusual activity.
CVE-2025-32710: Remote Code Execution in Windows Remote Desktop Services Gateway
Severity: Critical
CVSS Score: 8.1
Vulnerability Type: Use-After-Free
Impact: Full Server Compromise, Ransomware Deployment Vector
Affected Systems: Windows Server 2016/2019/2022 (RDS Gateway Enabled)
This use-after-free vulnerability in RDS Gateway can be exploited without user interaction or elevated privileges, making it a prime ransomware entry point. Exploitation could result in full system compromise and rapid lateral movement.
Mitigation Strategies:
Apply June 2025 Microsoft security updates immediately. Restrict RDS Gateway access via VPNs and firewalls, enforce Network Level Authentication (NLA) with MFA, and closely monitor RDP traffic for anomalies.
CVE-2025-33053: Windows WebDAV Zero-Day (Actively Exploited)
Severity: Critical
CVSS Score: 8.8
Vulnerability Type: Remote Code Execution
Impact: Advanced Malware Deployment, APT Entry Point
Affected Systems: Windows 10/11, Windows Server 2016/2019/2022
This actively exploited zero-day was used by the Stealth Falcon APT group to target government and defence sectors. Attackers delivered malware through spear-phishing emails with malicious .url files, exploiting the WebDAV flaw using legitimate Windows tools.
Mitigation Strategies:
Apply Microsoft’s June patches immediately. Monitor WebDAV traffic, deploy EDR solutions capable of detecting living-off-the-land binary (LOLBins) abuse, and conduct continuous security awareness training to reduce phishing risks.
CVE-2025-33073: SMB Client Elevation of Privilege (Actively Exploited)
Severity: Critical
CVSS Score: 8.8
Vulnerability Type: Improper Access Control
Impact: SYSTEM-Level Access, Lateral Movement
Affected Systems: Windows 10/11, Windows Server 2016/2019/2022
This zero-day flaw in Windows SMB Client was actively exploited in June 2025. The vulnerability allows SYSTEM-level code execution when a user connects to a malicious SMB server.
Mitigation Strategies:
Apply Microsoft’s June security updates without delay. Block outbound SMB traffic where possible, restrict client access to trusted servers, and reinforce security awareness to prevent malicious SMB connection attempts.
CVE-2025-32756: Fortinet FortiVoice Critical Zero-Day (Actively Exploited)
Severity: Critical
CVSS Score: 9.6
Vulnerability Type: Stack-Based Buffer Overflow
Impact: Remote Code Execution with Root Privileges
Affected Systems: FortiVoice (7.2.0, 7.0.x, 6.4), FortiMail, FortiNDR, FortiRecorder, FortiCamera
This zero-day in Fortinet FortiVoice and related appliances was actively exploited in June 2025. Attackers could execute arbitrary code with root-level privileges, using vulnerable HTTP request handling.
Mitigation Strategies:
Apply Fortinet’s security updates immediately. If patching is delayed, disable HTTP/HTTPS administrative interfaces. Conduct lateral movement assessments, isolate vulnerable devices, and ensure administrative interfaces are never internet-facing.
CVE-2025-42989: Missing Authorization in SAP NetWeaver
Severity: Critical
CVSS Score: 9.6
Vulnerability Type: Missing Authorization Check
Impact: Unauthorized System Modification, Business Disruption
Affected Systems: SAP NetWeaver KERNEL 7.89, 7.93, 9.14, 9.15
A critical vulnerability in SAP NetWeaver allows low-privilege users to escalate privileges through missing authorization checks in RFC inbound processing. Exploitation could severely impact data integrity and system availability.
Mitigation Strategies:
Apply SAP’s June 2025 Security Patch Day updates immediately. Review SAP user permissions and access roles, and regularly audit SAP systems to detect misuse. Treat SAP patching as a business continuity priority.
CVE-2025-5419: Actively Exploited Chromium V8 Vulnerability
Severity: High
CVSS Score: 8.8
Vulnerability Type: Out-of-Bounds Read/Write
Impact: Remote Code Execution via Browser
Affected Systems: Google Chrome prior to version 137.0.7151.68, Chromium-based Browsers
This actively exploited vulnerability in Google Chrome’s V8 engine allows remote code execution via malicious HTML pages. The flaw affects multiple Chromium-based browsers and was added to CISA’s KEV catalog in June 2025.
Mitigation Strategies:
Update Chrome and all Chromium-based browsers immediately. Deploy web filtering to block phishing and malicious websites, and continuously educate users on phishing risks to prevent initial compromise.
CVE-2025-20282: Unauthenticated File Upload in Cisco ISE
Severity: Critical
CVSS Score: 10.0
Vulnerability Type: Unauthenticated File Upload
Impact: Full Root-Level System Compromise
Affected Systems: Cisco ISE and ISE PIC v3.4
This maximum-severity vulnerability allows attackers to upload files and execute code with root privileges, without authentication. Cisco ISE is a core network access control system, and its compromise can undermine an entire network’s security.
Mitigation Strategies:
Apply Cisco’s June 2025 patches immediately. Ensure Cisco ISE is not internet-facing, conduct patch verification across all deployments, and segment NAC systems from critical infrastructure.
Android Local Privilege Escalation Vulnerabilities
Severity: High
Vulnerability Type: Local Privilege Escalation
Impact: Elevated Access on Android Devices
Affected Systems: Android devices prior to June 2025 security updates
The June 2025 Android Security Bulletin addressed 34 vulnerabilities, including local privilege escalation flaws that require no additional user permissions. These vulnerabilities remain a concern due to patching delays from manufacturers.
Mitigation Strategies:
Apply Android’s June updates as soon as they are available for your device models. Enforce minimum patch levels using MDM or EMM platforms, and deploy mobile threat defence solutions for additional protection.
June 2025 confirmed that attackers continue to move quickly to weaponise critical vulnerabilities, often exploiting zero-days before organisations can respond. Major enterprise systems were repeatedly targeted, including Microsoft SharePoint, RDS Gateway, WebDAV, SMB Client, SAP NetWeaver, Fortinet appliances, Google Chrome, Cisco ISE, and Android.
The rapid addition of these vulnerabilities to CISA’s Known Exploited Vulnerabilities (KEV) catalog highlights the importance of treating these flaws as the highest priority for immediate patching.
Organisations relying on slow patch cycles, fragmented asset management, or incomplete monitoring are increasingly vulnerable to ransomware, APT campaigns, and business disruption.
Cyber threats are evolving, and so must your defences. Let us help you build the resilience you need to stay ahead of attackers.
