Black Arrow Cyber Advisory 11 June 2025 – Security Updates from Microsoft, Adobe, Ivanti, Salesforce, SAP, and Google
Executive Summary
Microsoft’s Patch Tuesday for June 2025 delivered updates for 66 vulnerabilities, including one actively exploited zero‑day WebDAV remote code execution flaw, alongside nine critical issues such as RCE and privilege escalation in SMB, SharePoint, and Windows Hello for Business.
Adobe patched a number of vulnerabilities addressing critical and important vulnerabilities in Acrobat/Reader, InCopy, and Commerce/Magento—notably patching 254 flaws in Adobe Experience Manager (mostly XSS) and a critical Magento XSS flaw (CVE‑2025‑47110) with potential for arbitrary code execution.
Ivanti’s June advisory fixes multiple high-severity issues in Workspace Control (e.g., SQL credential decrypt) and addresses vulnerabilities in EPMM previously exploited in the wild (CVE‑2025‑4427/4428).
Salesforce Industry Cloud fixed five zero‑days and 15 critical misconfigurations that risk unauthorised access to encrypted data, sessions, credentials, and business logic.
SAP released its June Security Patch Day, addressing 19 notes including a critical NetWeaver RFC missing authorisation flaw (CVE 2025 42989, CVSS 9.6) that allows privilege escalation
Google Chrome received a security update fixing two high severity remote code execution (RCE) bugs in the V8 engine impacting Windows, macOS, and Linux users
What’s the risk to me or my business?
The presence of actively exploited zero‑days and critical RCE/privilege escalation vulnerabilities across major enterprise platforms significantly elevates the risk of data breaches, lateral movement, malware deployment, and full system compromise.
What can I do?
Black Arrow recommends promptly applying the available security updates for all affected products. Prioritise patches for vulnerabilities that are actively exploited or rated as critical or high severity. Regularly review and update your organisation's security policies and ensure that all systems are running supported and up-to-date software versions.
Microsoft
Further details on specific updates within this Microsoft patch Tuesday can be found here:
June 2025 Security Updates - Release Notes - Security Update Guide - Microsoft
Adobe, Ivanti, Salesforce, SAP, and Google
Further details of the vulnerabilities in affected Adobe, Ivanti, SAP and Google:
https://helpx.adobe.com/security/security-bulletin.html
https://appomni.com/blog/low-code-high-stakes-salesforce-security/
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/june-2025.html
https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html
#threatadvisory #threatintelligence #cybersecurity