Microsoft has rolled out reforms for several safety flaws as part of the June 2025 patch Tuesday release, including 11 weaknesses with “significant” ratings, and 56 others have been given status as “significant”. The two flaws patched by Microsoft are classified as zero-day flaws, one of which was actively exploited by the company before a fixed roll. The Redmond Company first fixed several security flaws affecting Microsoft Edge, including exploitation of a zero-day that also affects the Google Chrome browser.
Microsoft Patch first exploited webdave zero-day defect
According to Microsoft’s release notes, the security update of June 2025 is included 67 fixed for security flaws To affect various products and services. The firm has fixed 14 flaws, which could enhance privilege, 26 remote code execution weaknesses and 17 other issues, leading to information disclosure.
The most notable security defect detected by Microsoft is the CVE-2025-33053, which affects an HTTP extension called web distributed authorization and version (webdav). Microsoft says that the CVSS score of this zero-day security defect is 8.8, and that it has been actively exploited by cheating users in clicking a malicious URL.
The defect was detected by Czech Point researchers David Druer and Alexandra Gofman, and the cybercity firm says that a known threat was using CVE -2025–33053 vulgarity. Safety defects allowed hackers to execute the code from a distance on the target computer, but made a change in the victim’s working directory.
Microsoft has also packed another zero-day security defects that affect the Windows SMB (SAMBA) client, and may allow a malicious user to get an elevated (or system) privilege on devices connected to the same local network. According to Microsoft, this problem occurred due to unfair access control in Windows SMB client.
Earlier this month, the company rolled out several safety reforms for the Microsoft Edge browser, previously released by the Chromium Project. One of these defects, CVE-2025-5419 identified asThere is a zero-day security defect which was exploited before Google was patted. The users who are running on the latest stable release (version 137.0.3296.62) should be preserved against these safety flaws.