By- Satnam Narang, Sr. Staff Research Engineer, Tenable
“This month’s release highlights an upward trend in post-compromise vulnerabilities over code execution bugs. For the second consecutive month, elevation of privilege vulnerabilities represented the bulk of CVEs patched this month at 39.3% (41.4% in July).
“Microsoft released a patch for CVE-2025-53779, a privilege escalation bug known as BadSuccessor that was disclosed back in May as a zero day. While patching BadSuccessor is critical, our analysis indicates that the immediate impact is limited, as only 0.7% of AD domains had met the prerequisite at the time of disclosure. To exploit BadSuccessor, an attacker must have at least one domain controller in a domain running Windows Server 2025 in order to achieve domain compromise.
“It might seem like deja vu because Microsoft patched two more SharePoint vulnerabilities this month: a remote code execution flaw (CVE-2025-49712) and an elevation of privilege bug (CVE-2025-53760).
“After the chaos that ensued with the exploitation of the ToolShell vulnerabilities, any new SharePoint vulnerabilities understandably raise concerns. However, based on historical Patch Tuesday data since 2022, 21.7 SharePoint vulnerabilities are patched each year, with 2023 accounting for the most SharePoint vulnerabilities patched at 25.
“However, that record might be broken this year, as 20 SharePoint vulnerabilities have already been patched this year.
“Despite over 80 SharePoint bugs patched over the last four years, only three were exploited in the wild (CVE-2023-29357, CVE-2023-24955, CVE-2024-38094) in addition to the three ToolShell vulnerabilities (CVE-2025-49706, CVE-2025-49704, CVE-2025-53770). We’ve seen reports that one of the ToolShell vulnerabilities, CVE-2025-53771, was also exploited, but there is no official confirmation.”