Adam Barnett from Rapid7 particularly warns against the CVE-2025-26663 flaw that affects LDAP servers: ” Without privileges required, without the need for user interaction, and the execution of code probably in the context of the LDAP server itself, a successful exploitation would constitute an attractive shortcut for any attacker ».
Other critical updates relate to remote code execution flaws in Windows Remote Desktop (RDP) services, including CVE-2025-26671, CVE-2025-27480 and CVE-2025-27482. Although only the last two are considered critical, Microsoft indicates a high probability of exploitation.
Web browsers are no exception to the fixes of this patch Tuesday of April 2025: Chrome resolved 13 vulnerabilities this week, Firefox has corrected eight, and other fixes are expected for Microsoft Edge. Adobe also published 12 updates covering 54 flaws on software like Photoshop, Premiere Pro or After Effects.
System administrators are obviously encouraged to apply these fixes as quickly as possible. As always, it is strongly advised to save your data before any update, this in order to facilitate a possible rear return.
