As we speak is Microsoft’s December 2025 Patch Tuesday, which fixes 57 flaws, together with one actively exploited and two publicly disclosed zero-day vulnerabilities.
This Patch Tuesday additionally addresses three “Essential” distant code execution vulnerabilities.
The variety of bugs in every vulnerability class is listed under:
- 28 Elevation of Privilege Vulnerabilities
- 19 Distant Code Execution Vulnerabilities
- 4 Info Disclosure Vulnerabilities
- 3 Denial of Service Vulnerabilities
- 2 Spoofing Vulnerabilities
When BleepingComputer stories on Patch Tuesday security updates, we solely depend these launched by Microsoft in the present day. Due to this fact, the variety of flaws doesn’t embrace Microsoft Edge (15 flaws) and Mariner vulnerabilities mounted earlier this month.
To study extra concerning the non-security updates launched in the present day, you’ll be able to evaluation our devoted articles on the Home windows 11 KB5072033 & KB5071417 cumulative updates.
3 zero-days, two exploited
This month’s Patch Tuesday fixes one actively exploited and two publicly disclosed zero-day vulnerabilities.
Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited whereas no official repair is out there.
The actively exploited zero-day is:
CVE-2025-62221 – Home windows Cloud Recordsdata Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft has patched an actively exploited privilege elevation vulnerability within the Home windows Cloud Recordsdata Mini Filter Driver.
“Use after free in Home windows Cloud Recordsdata Mini Filter Driver permits a licensed attacker to raise privileges regionally,” explains Microsoft.
Microsoft says that efficiently exploiting the flaw permits attackers to realize SYSTEM privileges.
Microsoft has attributed the flaw to Microsoft Risk Intelligence Middle (MSTIC) & Microsoft Safety Response Middle (MSRC) however has not shared how the flaw was exploited.
The publicly disclosed zero-day flaws are:
CVE-2025-64671 – GitHub Copilot for Jetbrains Distant Code Execution Vulnerability
Microsoft has patched a publicly disclosed GitHub Copilot flaw that permits an attacker to execute instructions regionally.
“Improper neutralization of particular components utilized in a command (‘command injection’) in Copilot permits an unauthorized attacker to execute code regionally,” explains Microsoft.
Microsoft says the flaw will be exploited by a Cross Immediate Injection in untrusted information or MCP servers.
“Through a malicious Cross Immediate Inject in untrusted information or MCP servers, an attacker might execute further instructions by appending them to instructions allowed within the consumer’s terminal auto-approve setting,” continued Microsoft.
Microsoft has attributed the flaw to Ari Marzuk, who just lately disclosed the flaw as a part of his “IDEsaster: A Novel Vulnerability Class in AI IDEs” report.
CVE-2025-54100 – PowerShell Distant Code Execution Vulnerability
Microsoft has patched a PowerShell vulnerability that would trigger scripts embedded in a webpage to be executed when the web page is retrieved utilizing Invoke-WebRequest.
“Improper neutralization of particular components utilized in a command (‘command injection’) in Home windows PowerShell permits an unauthorized attacker to execute code regionally,” explains Microsoft.
Microsoft has made a change that shows a warning when PowerShell makes use of ‘Invoke-WebRequest,’ prompting the consumer so as to add the -UseBasicParsing to stop code execution.
Safety Warning: Script Execution Danger
Invoke-WebRequest parses the content material of the online web page. Script code within the net web page may be run when the web page is parsed.
RECOMMENDED ACTION:
Use the -UseBasicParsing change to keep away from script code execution.
Do you need to proceed?
```
For added particulars, see [KB5074596: PowerShell 5.1: Preventing script execution from web content](https://help.microsoft.com/assist/5072034).
Microsoft attributes this flaw to quite a few researchers, together with Justin Necke, DeadOverflow, Pēteris Hermanis Osipovs, Nameless, Melih Kaan Yıldız, and Osman Eren Güneş.
Current updates from different firms
Different distributors who launched updates or advisories in December 2025 embrace:
- Adobe launched security updates for ColdFusion, Expertise Supervisor, DNG SDK, Acrobat Reader, and Artistic Cloud Desktop.
- Fortinet launched security updates for a number of merchandise, together with a important FortiCloud SSO Login Authentication Bypass flaw.
- Google has launched Android’s December security bulletin, which incorporates fixes for 2 actively exploited vulnerabilities.
- Ivanti launched security patches as a part of its December 2025 Patch Tuesday updates, which embrace a repair for a 9.6/10 Saved XSS flaw in Ivanti Endpoint Supervisor.
- React launched security updates for a important RCE flaw in React Server Elements. The flaw, dubbed React2Shell, is now broadly exploited in assaults.
- SAP launched the December security updates for a number of merchandise, together with a repair for a 9.9/10 code injection flaw in SAP Answer Supervisor.
The December 2025 Patch Tuesday Safety Updates
Under is the entire listing of resolved vulnerabilities within the December 2025 Patch Tuesday updates.
To entry the complete description of every vulnerability and the methods it impacts, you’ll be able to view the full report right here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Software Info Providers | CVE-2025-62572 | Software Info Service Elevation of Privilege Vulnerability | Essential |
| Azure Monitor Agent | CVE-2025-62550 | Azure Monitor Agent Distant Code Execution Vulnerability | Essential |
| Copilot | CVE-2025-64671 | GitHub Copilot for Jetbrains Distant Code Execution Vulnerability | Essential |
| Microsoft Brokering File System | CVE-2025-62569 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Essential |
| Microsoft Brokering File System | CVE-2025-62469 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Essential |
| Microsoft Edge (Chromium-based) | CVE-2025-13634 | Chromium: CVE-2025-13634 Inappropriate implementation in Downloads | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13721 | Chromium: CVE-2025-13721 Race in v8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13630 | Chromium: CVE-2025-13630 Kind Confusion in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13631 | Chromium: CVE-2025-13631 Inappropriate implementation in Google Updater | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13632 | Chromium: CVE-2025-13632 Inappropriate implementation in DevTools | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13633 | Chromium: CVE-2025-13633 Use after free in Digital Credentials | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13638 | Chromium: CVE-2025-13638 Use after free in Media Stream | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13639 | Chromium: CVE-2025-13639 Inappropriate implementation in WebRTC | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13640 | Chromium: CVE-2025-13640 Inappropriate implementation in Passwords | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13637 | Chromium: CVE-2025-13637 Inappropriate implementation in Downloads | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13720 | Chromium: CVE-2025-13720 Dangerous forged in Loader | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13635 | Chromium: CVE-2025-13635 Inappropriate implementation in Downloads | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13636 | Chromium: CVE-2025-13636 Inappropriate implementation in Break up View | Unknown |
| Microsoft Edge for iOS | CVE-2025-62223 | Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability | Low |
| Microsoft Trade Server | CVE-2025-64666 | Microsoft Trade Server Elevation of Privilege Vulnerability | Essential |
| Microsoft Trade Server | CVE-2025-64667 | Microsoft Trade Server Spoofing Vulnerability | Essential |
| Microsoft Graphics Element | CVE-2025-64670 | Home windows DirectX Info Disclosure Vulnerability | Essential |
| Microsoft Workplace | CVE-2025-62554 | Microsoft Workplace Distant Code Execution Vulnerability | Essential |
| Microsoft Workplace | CVE-2025-62557 | Microsoft Workplace Distant Code Execution Vulnerability | Essential |
| Microsoft Workplace Entry | CVE-2025-62552 | Microsoft Entry Distant Code Execution Vulnerability | Essential |
| Microsoft Workplace Excel | CVE-2025-62560 | Microsoft Excel Distant Code Execution Vulnerability | Essential |
| Microsoft Workplace Excel | CVE-2025-62563 | Microsoft Excel Distant Code Execution Vulnerability | Essential |
| Microsoft Workplace Excel | CVE-2025-62561 | Microsoft Excel Distant Code Execution Vulnerability | Essential |
| Microsoft Workplace Excel | CVE-2025-62564 | Microsoft Excel Distant Code Execution Vulnerability | Essential |
| Microsoft Workplace Excel | CVE-2025-62553 | Microsoft Excel Distant Code Execution Vulnerability | Essential |
| Microsoft Workplace Excel | CVE-2025-62556 | Microsoft Excel Distant Code Execution Vulnerability | Essential |
| Microsoft Workplace Outlook | CVE-2025-62562 | Microsoft Outlook Distant Code Execution Vulnerability | Essential |
| Microsoft Workplace SharePoint | CVE-2025-64672 | Microsoft SharePoint Server Spoofing Vulnerability | Essential |
| Microsoft Workplace Phrase | CVE-2025-62558 | Microsoft Phrase Distant Code Execution Vulnerability | Essential |
| Microsoft Workplace Phrase | CVE-2025-62559 | Microsoft Phrase Distant Code Execution Vulnerability | Essential |
| Microsoft Workplace Phrase | CVE-2025-62555 | Microsoft Phrase Distant Code Execution Vulnerability | Essential |
| Storvsp.sys Driver | CVE-2025-64673 | Home windows Storage VSP Driver Elevation of Privilege Vulnerability | Essential |
| Home windows Digicam Body Server Monitor | CVE-2025-62570 | Home windows Digicam Body Server Monitor Info Disclosure Vulnerability | Essential |
| Home windows Consumer-Aspect Caching (CSC) Service | CVE-2025-62466 | Home windows Consumer-Aspect Caching Elevation of Privilege Vulnerability | Essential |
| Home windows Cloud Recordsdata Mini Filter Driver | CVE-2025-62457 | Home windows Cloud Recordsdata Mini Filter Driver Elevation of Privilege Vulnerability | Essential |
| Home windows Cloud Recordsdata Mini Filter Driver | CVE-2025-62454 | Home windows Cloud Recordsdata Mini Filter Driver Elevation of Privilege Vulnerability | Essential |
| Home windows Cloud Recordsdata Mini Filter Driver | CVE-2025-62221 | Home windows Cloud Recordsdata Mini Filter Driver Elevation of Privilege Vulnerability | Essential |
| Home windows Frequent Log File System Driver | CVE-2025-62470 | Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability | Essential |
| Home windows Defender Firewall Service | CVE-2025-62468 | Home windows Defender Firewall Service Info Disclosure Vulnerability | Essential |
| Home windows DirectX | CVE-2025-62463 | DirectX Graphics Kernel Denial of Service Vulnerability | Essential |
| Home windows DirectX | CVE-2025-62465 | DirectX Graphics Kernel Denial of Service Vulnerability | Essential |
| Home windows DirectX | CVE-2025-62573 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Essential |
| Home windows DWM Core Library | CVE-2025-64679 | Home windows DWM Core Library Elevation of Privilege Vulnerability | Essential |
| Home windows DWM Core Library | CVE-2025-64680 | Home windows DWM Core Library Elevation of Privilege Vulnerability | Essential |
| Home windows Hyper-V | CVE-2025-62567 | Home windows Hyper-V Denial of Service Vulnerability | Essential |
| Home windows Installer | CVE-2025-62571 | Home windows Installer Elevation of Privilege Vulnerability | Essential |
| Home windows Message Queuing | CVE-2025-62455 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Essential |
| Home windows PowerShell | CVE-2025-54100 | PowerShell Distant Code Execution Vulnerability | Essential |
| Home windows Projected File System | CVE-2025-62464 | Home windows Projected File System Elevation of Privilege Vulnerability | Essential |
| Home windows Projected File System | CVE-2025-55233 | Home windows Projected File System Elevation of Privilege Vulnerability | Essential |
| Home windows Projected File System | CVE-2025-62462 | Home windows Projected File System Elevation of Privilege Vulnerability | Essential |
| Home windows Projected File System | CVE-2025-62467 | Home windows Projected File System Elevation of Privilege Vulnerability | Essential |
| Home windows Projected File System Filter Driver | CVE-2025-62461 | Home windows Projected File System Elevation of Privilege Vulnerability | Essential |
| Home windows Distant Entry Connection Supervisor | CVE-2025-62474 | Home windows Distant Entry Connection Supervisor Elevation of Privilege Vulnerability | Essential |
| Home windows Distant Entry Connection Supervisor | CVE-2025-62472 | Home windows Distant Entry Connection Supervisor Elevation of Privilege Vulnerability | Essential |
| Home windows Resilient File System (ReFS) | CVE-2025-62456 | Home windows Resilient File System (ReFS) Distant Code Execution Vulnerability | Essential |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-62549 | Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability | Essential |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-62473 | Home windows Routing and Distant Entry Service (RRAS) Info Disclosure Vulnerability | Essential |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-64678 | Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability | Essential |
| Home windows Shell | CVE-2025-62565 | Home windows File Explorer Elevation of Privilege Vulnerability | Essential |
| Home windows Shell | CVE-2025-64661 | Home windows Shell Elevation of Privilege Vulnerability | Essential |
| Home windows Shell | CVE-2025-64658 | Home windows File Explorer Elevation of Privilege Vulnerability | Essential |
| Home windows Storage VSP Driver | CVE-2025-59517 | Home windows Storage VSP Driver Elevation of Privilege Vulnerability | Essential |
| Home windows Storage VSP Driver | CVE-2025-59516 | Home windows Storage VSP Driver Elevation of Privilege Vulnerability | Essential |
| Home windows Win32K – GRFX | CVE-2025-62458 | Win32k Elevation of Privilege Vulnerability | Essential |
Damaged IAM is not simply an IT downside – the affect ripples throughout your entire enterprise.
This sensible information covers why conventional IAM practices fail to maintain up with trendy calls for, examples of what “good” IAM appears to be like like, and a easy guidelines for constructing a scalable technique.
