Once again, it’s the second Tuesday of the month, and Microsoft has published its monthly security updates for May 2025. Once again, this month includes many updates for the Windows Server Routing and Remote Access Service (RRAS) and an update for Active Directory Certificate Services (AD CS).
RRAS Updates
The Microsoft security updates for May 2025 address the following CVEs for Windows Server RRAS.
- CVE-2025-29830
- CVE-2025-29832
- CVE-2025-29835
- CVE-2025-29836
- CVE-2025-29958
- CVE-2025-29959
- CVE-2025-29960
- CVE-2025-29961
All the reported vulnerabilities in RRAS this month are information disclosure vulnerabilities, with exploitation unlikely. Most appear to be memory-related (null pointer references, out-of-bounds reads, etc.). None are Remote Code Execution (RCE) vulnerabilities, and none are rated Critical.
AD CS Update
This month’s update release also includes a single CVE addressing a denial of service (DoS) vulnerability in AD CS.