Patch on Tuesday May: Five zero-day vulnerabilities CISOs should focus on

He said: CVE-2025-30397 has an interesting loophole. This vulnerability (described above by Walters) can only be exploited if Microsoft Edge is running in “Internet Explorer” mode. By default, Edge does not run in Internet Explorer mode, but there may be some situations, especially on workstations used by system administrators and developers, where this mode can be enabled. He said that unless a specific use case explicitly requires it, configuration management should be used to prevent this.

Ulrich added: “Luckily, I think the vulnerability of an attacker to an attacker is CVE-2025-29831, which can only be exploited when the RDP service is restarted. This vulnerability may not be exploited unless the attacker is able to trigger a restart, but may be emphasized again.

SAP, zoom patch

Separately, sap 18 security notes were released, ranging from critical authorization issues to remote code execution, disclosure and cross-site scripting.