Patch Tuesday: July 2025 (Expel’s version)

This Patch Tuesday briefing (July 8, 2025) reviews 137 CVEs (14 critical), highlights priority Microsoft RCE and information-disclosure vulnerabilities, and spotlights high-risk Citrix NetScaler flaws (CVE-2025-6543 and CVE-2025-5777, aka “CitrixBleed2”) that have seen in-the-wild exploitation; one observed incident allowed attackers VDI access and environment enumeration before SOC containment. Patches are available and organizations are urged to prioritize remediation immediately.