The May 2025 Security Update Review

Adobe released 13 bulletins fixing 40 CVEs across multiple Creative Cloud and Substance 3D products, with ColdFusion singled out as high priority; Microsoft released ~75 new CVEs (82 including third-party) across Windows, Office, Azure and other components, including 12 Critical fixes and several CVEs reported under active exploitation (notably CVE-2025-30397 and several privilege-escalation bugs). The report recommends prioritizing patches that enable remote code execution and elevation to SYSTEM because those are commonly chained in phishing and ransomware campaigns.