Microsoft August 2025 Patch Tuesday Targets Kerberos Zero-Day, Critical Elevation and Remote Code Execution Flaws
Microsoft’s August 2025 security update contains patches for 111 newly disclosed vulnerabilities, including a zero-day flaw in Kerberos that can allow attackers to compromise entire Active Directory domains. Several additional critical bugs were also addressed across Azure, GDI+, Windows Graphics, Microsoft 365 Copilot, and the MSMQ subsystem.
Kerberos “BadSuccessor” Zero-Day Exposed
The highlight of this update is the mitigation of a Kerberos zero-day, nicknamed “BadSuccessor,” which enables full Active Directory compromise under specific conditions. Effective exploitation requires the presence of at least one domain controller running Windows Server 2025. The attacker can gain domain-wide access, making this especially relevant for enterprises with hybrid or mixed environments transitioning to the latest Windows Server builds. Despite the criticality, only about 0.7% of domains are estimated to be currently vulnerable due to the niche prerequisites involved.
Full Rundown of Critical CVEs Patched
- CVE-2025-53767 (CVSS 10.0): A privilege escalation flaw in Azure OpenAI that could allow attackers to gain unauthorized access or escalate actions in AI-powered cloud environments.
- CVE-2025-53766 (CVSS 9.8): GDI+ Remote Code Execution, via malicious image files processed by vulnerable components, potentially allows code execution on affected endpoints.
- CVE-2025-50165 (CVSS 9.8): Windows Graphics Component RCE, a graphics parsing vulnerability with wide exploitation potential through booby-trapped content.
- CVE-2025-50177, CVE-2025-53143, CVE-2025-53144, CVE-2025-53145: Multiple Microsoft Message Queuing (MSMQ) flaws, some rated critical, could allow attackers to send specially crafted packets and achieve code execution on vulnerable servers. CVE-2025-50177 is notable for being more likely to be exploited in the wild, according to Microsoft’s Exploitability Index.
- CVE-2025-53792 (CVSS 9.1): Azure Portal Elevation of Privilege, allowing malicious actors to escalate privileges via the portal interface.
- CVE-2025-53787 (CVSS 8.2): Information disclosure in Microsoft 365 Copilot BizChat, where confidential business chat data could be leaked to unauthorized parties.
- CVE-2025-50176 (CVSS 7.8): DirectX Graphics Kernel RCE, which can be exploited via malformed graphics data causing kernel-level compromise.
- CVE-2025-53778 (CVSS 8.8): A critical NTLM elevation-of-privilege vulnerability, marking the second major NTLM issue addressed in 2025. Successful exploitation allows a local attacker to escalate to SYSTEM privileges, facilitating full system compromise.
Broader Security Implications and Enterprise Actions
Enterprises are urged to assess their exposure, especially in environments where Windows Server 2025 is deployed. Critical services relying on Kerberos, NTLM, and MSMQ must receive immediate patching. Security teams should also prioritize mitigation steps relating to Azure OpenAI and 365 Copilot deployments, particularly in regulated industries.
For organizations with legacy authentication still in use, Microsoft continues its ongoing shift toward stronger OAuth and passwordless protocols. These updates form part of a wider effort to secure the software supply chain and embedded AI functionality, both increasingly targeted by sophisticated attackers.
ECScape Vulnerability Enables Cross-Task IAM Credential Theft in Amazon ECS via Undocumented WebSockets
At Black Hat USA 2025, a significant privilege escalation vulnerability was disclosed in Amazon ECS (Elastic Container Service) running on EC2 instances. The new attack, named ECScape, allows a low-privilege container to capture AWS IAM credentials from neighboring tasks on the same EC2 instance, without detection, via an undocumented WebSocket channel and interaction with the EC2 Instance Metadata Service (IMDS).
Technical Deep Dive: ECScape’s Attack Chain
The exploit leverages an undocumented internal WebSocket channel—part of the Amazon Container Service Agent (ACS)—intended for communication between the ECS agent and running containers or tasks.
By manipulating this WebSocket interface, a rogue container can initiate requests typically reserved for higher-privilege tasks. When combined with a weakness in how IMDS credentials are scoped and delivered, the attacker is able to extract temporary AWS Credentials (including Access Key, Secret, and Security Token) associated with other containers on the same host. This bypasses isolation protections and could, depending on IAM policy, result in privilege escalation across numerous AWS resources.
Mitigation and Cloud Security Guidance
Amazon is expected to issue a guidance and patch for affected ECS deployments. Customers are advised to audit task definitions, enforce strict role separation between containers, and use the latest ECS agent versions with restricted metadata access.
Security architects should monitor container-to-metadata communications, apply defense-in-depth policies, and restrict the use of shared EC2 instances across security boundaries.
Prompt Injection Exploit “AgentFlayer” Proves AI Agents Vulnerable to Credential Theft and Data Exfiltration
Cybersecurity researchers have disclosed “AgentFlayer,” a set of zero- and one-click prompt injection techniques that compromise AI agent platforms—including ChatGPT, Microsoft Copilot Studio, and Cursor. The attack allows malicious prompts embedded in ordinary communication to steal credentials, leak past conversation logs, and exfiltrate documents, with zero user interaction in many cases.
Mechanism of the AgentFlayer Attacks
AgentFlayer weaponizes prompt injection: an adversarial input that manipulates the context or flow of AI agent conversations. When an agent receives crafted text—via email, document, or API payload—it interprets it as legitimate instructions. This can trigger the agent to access sensitive internal data (such as credentials, API tokens, or conversation logs) and relay it to an attacker’s server or email address.
The attack is notable for bypassing conventional controls such as sanitization or output filtering. Both zero-click (automatic execution on processing the prompt) and one-click (requiring minimal approved action by the user) vectors have been observed.
Targeted Agents and Real-World Impact
Demonstrations show successful exploitation against prominent AI coding and productivity agents. Consequences include leaking internal business correspondence, credentials stored in agent memory, and corporate documents previously summarized or ingested by the agent. As these platforms become further integrated with enterprise apps and workflows, reliance on prompt-based command execution may require architecture changes to improve input validation and endpoint isolation.
Trend Micro Apex One Management Console Hit by Active Command-Injection Exploits (CVE-2025-54948/54987)
Threat actors are actively exploiting newly disclosed command-injection vulnerabilities—CVE-2025-54948 and CVE-2025-54987—in the Trend Micro Apex One Management Console. Successful exploitation can yield full administrative control of affected management interfaces, heightening risk for organizations relying on Apex One for endpoint security management.
Attack Vector and Technical Impact
The vulnerabilities affect the web interface of the management console. Attackers can exploit them remotely by supplying malicious payloads via parameterized inputs, which are improperly sanitized. On successful exploitation, the attacker achieves command execution in the context of the web server, with possible lateral movement to managed endpoints.
The vulnerabilities are considered critical due to their ease of exploitation, broad attack surface, and the privileged security context in which the management console typically runs.
Immediate Remediation Steps
Trend Micro users are advised to update their Apex One deployments immediately and restrict console access to trusted administrative networks. Organizations should monitor for unusual administrative actions and potential signs of compromise pending full remediation.
Bouygues Telecom Data Breach Impacts 6.4 Million French Customers, Exposing Contact and Bank Data
Bouygues Telecom, a leading French telecommunications provider, confirmed a significant data breach affecting 6.4 million customers. Attackers accessed sensitive personal details including contact information, contract data, and IBAN (bank account) numbers, though no passwords or credit card numbers were stolen. This incident raises regulatory and financial risks for the carrier and its customers.
Data Types Compromised and Customer Impact
The breach centers on non-encrypted personal data: email addresses, phone numbers, contract references, and bank account information (IBANs). Although core financial credentials like PINs and credit card data were not exposed, access to IBANs enables attackers to attempt unauthorized bank withdrawals, direct debit fraud, or targeted phishing.
Regulatory oversight is expected to intensify, with France’s CNIL privacy regulator and the EU’s GDPR reporting regime likely to demand incident reviews and corrective measures.
Security Response and Recommendations
Impacted individuals are advised to monitor their bank accounts for suspicious debits and exercise caution with any communications purporting to be from Bouygues or their bank. Bouygues Telecom has assured stakeholders that enhanced monitoring and network controls are being implemented to prevent similar breaches.
European Media Freedoms Act Takes Effect, Curtailing State Surveillance of Journalists
The European Media Freedoms Act (EMFA) officially became law, instituting unprecedented restrictions on state surveillance of journalists and media organizations across the EU. The regulation directly addresses years of abuses involving spyware and covert device monitoring targeting reporters.
Key Provisions of the EMFA
The act eliminates most forms of government surveillance targeting journalists’ devices, including the use of commercial spyware, overreaching subpoenas for source materials, and broad device monitoring. EMFA’s legal design ensures immediate applicability across all EU nations, closing loopholes previously exploited by some member states to delay or dilute enforcement.
Non-compliance can lead to court actions, substantial financial penalties, and loss of EU structural funds for offending governments or agencies.
Implications for Media and Civil Rights
The new law reinforces editorial independence, protects source confidentiality, and provides new benchmarks for press freedom within the digital landscape. Media organizations are encouraged to revisit their security postures and transparency controls in light of enhanced protections and reporting obligations.
Credential Theft Surge: Malicious OAuth Applications Bypass MFA
Security researchers are sounding alarms over a persistent wave of attacks using counterfeit Microsoft OAuth applications to steal user credentials, often bypassing Multi-Factor Authentication (MFA). By masquerading as trusted apps such as RingCentral and SharePoint, attackers trick victims into approving OAuth permissions, granting long-term access to accounts and data.
Attack Lifecycle and Techniques
The adversary crafts malicious OAuth apps registered in Azure AD, closely mimicking legitimate providers. Victims are lured via phishing emails or malicious links, where they are prompted to authenticate and unknowingly consent to excessive permissions. Once approved, the attacker gains ongoing API access, often persisting long after initial compromise, even if the user resets their password.
Microsoft plans to tighten OAuth app security and block legacy authentication pathways by the end of August 2025, aiming to shrink the attack surface for such campaigns.
Defensive Measures
Organizations should implement strict OAuth app approval workflows, monitor admin consent events, and educate users to carefully review app permission requests and issuer details.