Patch Tuesday April 2025: One Zero-Day, 11 High-Risk Flaws
April’s Patch Tuesday for 2025 saw the release of updates addressing 135 vulnerabilities, including one zero-day vulnerability that was being actively exploited, along with 11 other high-risk flaws. Together, these patches cover 126 vulnerabilities related to various Microsoft products and an additional nine concerning Chrome and Microsoft Edge browsers.
The zero-day vulnerability, identified as CVE-2025-29824, is a use-after-free flaw in the Windows Common Log File System Driver. This particular flaw has been assigned a severity score of 7.8 and can lead to an elevation of privileges for an attacker within a system. Notably, it has gained attention as it has been associated with ransomware attacks.
This marks a notable decrease in zero-day issues, down from six reported the preceding month in March. Up until this point in 2025, Microsoft has disclosed 405 vulnerabilities in their routine Patch Tuesday summaries, with 12 of these being zero-day vulnerabilities exploited in real-world attacks.
The 11 vulnerabilities categorized as “Exploitation More Likely” have varying severity ratings, spanning from 5.4, related to a Windows Mark of the Web Security Feature Bypass flaw, to an 8.8 for a SharePoint Remote Code Execution vulnerability. Four additional vulnerabilities have been rated at 8.1.
These high-risk vulnerabilities address a series of critical security gaps, underscoring the necessity for timely updates to secure systems effectively against potential exploits.
This monthly update cycle not only impacts services and products from Microsoft but also coincides with other important IT vendors releasing their patches.
As the landscape of cyber threats evolves, staying current with the latest security updates becomes increasingly essential to defend against both known and newly emerging vulnerabilities. Regular patching helps shield systems from exploits that could have severe repercussions if left unaddressed.
