Microsoft’s December 2025 Patch Tuesday includes fixes for 57 vulnerabilities, including one actively exploited zero-day and two publicly disclosed zero-days. Three of the patched flaws are classified as critical, all tied to remote code execution.
Breakdown of Vulnerabilities
- 28 Elevation of Privilege vulnerabilities
- 19 Remote Code Execution vulnerabilities
- 4 Information Disclosure vulnerabilities
- 3 Denial of Service vulnerabilities
- 2 Spoofing vulnerabilities
These totals do not include 15 Microsoft Edge vulnerabilities or Mariner fixes that were released earlier in the month. Non-security updates released alongside this cycle include Windows 11 KB5072033 and KB5071417.
Zero-Day Vulnerabilities
This month’s update addresses three zero-days, one of which has been actively exploited in real-world attacks.
CVE-2025-62221 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
This actively exploited flaw stems from a use-after-free condition in the Windows Cloud Files Mini Filter Driver. Successful exploitation allows a local attacker to escalate privileges to SYSTEM. Microsoft attributes the discovery to the Microsoft Threat Intelligence Center and Microsoft Security Response Center but has not shared exploitation details.
CVE-2025-64671 | GitHub Copilot for JetBrains Remote Code Execution Vulnerability
This publicly disclosed vulnerability allows local command execution through improper neutralization of special elements in command handling. The issue can be triggered via a Cross Prompt Injection using untrusted files or malicious MCP servers, allowing attackers to append commands to those auto-approved in the terminal. The flaw was disclosed by Ari Marzuk as part of the “IDEsaster” research into AI-powered development tools.
CVE-2025-54100 | PowerShell Remote Code Execution Vulnerability
This PowerShell vulnerability results from improper command handling when Invoke-WebRequest retrieves web content containing embedded scripts. Under certain conditions, those scripts could execute locally. Microsoft has added a new warning that prompts users to apply the -UseBasicParsing switch to prevent unintended script execution. Multiple researchers contributed to the discovery of this issue.
Other Critical Vulnerabilities
Beyond the zero-days, Microsoft patched three additional critical RCE flaws affecting Windows components. While exploitation details were not disclosed, the classification indicates a high likelihood of weaponization once exploit tooling becomes available.
Adobe and Other Vendor Updates
Other major vendors issued important security updates in December 2025:
- Adobe released updates for ColdFusion, Experience Manager, DNG SDK, Acrobat Reader, and Creative Cloud Desktop.
- Fortinet addressed multiple product flaws, including a critical FortiCloud SSO login authentication bypass.
- Google released Android’s December bulletin, which includes fixes for two actively exploited vulnerabilities.
- Ivanti issued patches for December, including a 9.6 stored XSS flaw in Ivanti Endpoint Manager.
- React released fixes for a critical RCE flaw in React Server Components known as React2Shell, which is now widely exploited.
- SAP released December security updates across multiple products, including a 9.9 code injection flaw in SAP Solution Manager.
Recommendations for Users and Administrators
Organizations should prioritize patching systems affected by the Cloud Files Mini Filter Driver flaw, PowerShell, and any environments using GitHub Copilot for JetBrains. The actively exploited privilege escalation vulnerability poses immediate risk for post-exploitation attacks and lateral movement.
Administrators should also apply the new PowerShell safeguards tied to Invoke-WebRequest and review recent third-party updates from Fortinet, Google, React, and SAP, especially where active exploitation is already underway.
Full technical details and patch links are available in Microsoft’s Security Update Guide.
How Can Netizen Help?
Founded in 2013, Netizen is an award-winning technology firm that develops and leverages cutting-edge solutions to create a more secure, integrated, and automated digital environment for government, defense, and commercial clients worldwide. Our innovative solutions transform complex cybersecurity and technology challenges into strategic advantages by delivering mission-critical capabilities that safeguard and optimize clients’ digital infrastructure. One example of this is our popular “CISO-as-a-Service” offering that enables organizations of any size to access executive level cybersecurity expertise at a fraction of the cost of hiring internally.
Netizen also operates a state-of-the-art 24x7x365 Security Operations Center (SOC) that delivers comprehensive cybersecurity monitoring solutions for defense, government, and commercial clients. Our service portfolio includes cybersecurity assessments and advisory, hosted SIEM and EDR/XDR solutions, software assurance, penetration testing, cybersecurity engineering, and compliance audit support. We specialize in serving organizations that operate within some of the world’s most highly sensitive and tightly regulated environments where unwavering security, strict compliance, technical excellence, and operational maturity are non-negotiable requirements. Our proven track record in these domains positions us as the premier trusted partner for organizations where technology reliability and security cannot be compromised.
Netizen holds ISO 27001, ISO 9001, ISO 20000-1, and CMMI Level III SVC registrations demonstrating the maturity of our operations. We are a proud Service-Disabled Veteran-Owned Small Business (SDVOSB) certified by U.S. Small Business Administration (SBA) that has been named multiple times to the Inc. 5000 and Vet 100 lists of the most successful and fastest-growing private companies in the nation. Netizen has also been named a national “Best Workplace” by Inc. Magazine, a multiple awardee of the U.S. Department of Labor HIRE Vets Platinum Medallion for veteran hiring and retention, the Lehigh Valley Business of the Year and Veteran-Owned Business of the Year, and the recipient of dozens of other awards and accolades for innovation, community support, working environment, and growth.
Looking for expert guidance to secure, automate, and streamline your IT infrastructure and operations? Start the conversation today.
