December 2025 Patch Tuesday Analysis

Posted on December 9, 2025
 

Today’s Patch Tuesday Alert addresses Microsoft’s December 2025 Security Updates. The FIRE team is actively working on coverage for these vulnerabilities and expect to ship that coverage as soon as it is completed.

In-The-Wild & Disclosed CVEs

CVE-2025-62221

use after free vulnerability in the Windows Cloud Files Mini Filter could allow an authenticated user to elevate their privileges to SYSTEM. Microsoft has reported this vulnerability as Exploitation Detected.

CVE-2025-54100

command injection vulnerability exists within Windows PowerShell that could allow unauthorized attackers to execute code locally via the Invoke-WebRequest command. After installing the update, users will see a warning when using the Invoke-WebRequest command warning of the risk of script execution. Microsoft has reported this vulnerability as Exploitation Less Likely.

CVE-2025-64671

command injection vulnerability exists within GitHub copilot for JetBrains that could allow code execution via malicious cross prompt injection from untrusted files or MCP servers. The code execution occurs because additional commands are appended to the terminal auto-approve setting. Microsoft has reported this vulnerability as Exploitation Less Likely.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also color coded to aid with identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
TagCVE CountCVEs
Microsoft Edge for iOS1CVE-2025-62223
Windows Cloud Files Mini Filter Driver3CVE-2025-62454, CVE-2025-62457, CVE-2025-62221
Windows Resilient File System (ReFS)1CVE-2025-62456
Windows Win32K - GRFX1CVE-2025-62458
Windows Client-Side Caching (CSC) Service1CVE-2025-62466
Microsoft Brokering File System2CVE-2025-62469, CVE-2025-62569
Windows Common Log File System Driver1CVE-2025-62470
Windows Remote Access Connection Manager2CVE-2025-62472, CVE-2025-62474
Windows Routing and Remote Access Service (RRAS)3CVE-2025-62473, CVE-2025-62549, CVE-2025-64678
Microsoft Office Excel6CVE-2025-62561, CVE-2025-62563, CVE-2025-62564, CVE-2025-62553, CVE-2025-62556, CVE-2025-62560
Microsoft Office Outlook1CVE-2025-62562
Windows Installer1CVE-2025-62571
Application Information Services1CVE-2025-62572
Windows DirectX3CVE-2025-62573, CVE-2025-62463, CVE-2025-62465
Windows Shell3CVE-2025-64658, CVE-2025-62565, CVE-2025-64661
Microsoft Exchange Server2CVE-2025-64667, CVE-2025-64666
Microsoft Graphics Component1CVE-2025-64670
Storvsp.sys Driver1CVE-2025-64673
Microsoft Edge (Chromium-based)13CVE-2025-13640, CVE-2025-13639, CVE-2025-13638, CVE-2025-13637, CVE-2025-13636, CVE-2025-13635, CVE-2025-13720, CVE-2025-13721, CVE-2025-13634, CVE-2025-13633, CVE-2025-13632, CVE-2025-13631, CVE-2025-13630
Windows Storage VSP Driver2CVE-2025-59516, CVE-2025-59517
Windows Message Queuing1CVE-2025-62455
Windows Projected File System Filter Driver1CVE-2025-62461
Windows Projected File System4CVE-2025-62462, CVE-2025-62464, CVE-2025-55233, CVE-2025-62467
Windows Defender Firewall Service1CVE-2025-62468
Azure Monitor Agent1CVE-2025-62550
Microsoft Office Access1CVE-2025-62552
Microsoft Office2CVE-2025-62554, CVE-2025-62557
Microsoft Office Word3CVE-2025-62555, CVE-2025-62558, CVE-2025-62559
Windows Hyper-V1CVE-2025-62567
Windows Camera Frame Server Monitor1CVE-2025-62570
Copilot1CVE-2025-64671
Microsoft Office SharePoint1CVE-2025-64672
Windows DWM Core Library2CVE-2025-64679, CVE-2025-64680
Windows PowerShell1CVE-2025-54100

Other Information

At the time of publication, there were no new advisories included with the December Security Guidance. 

Off

Powered by the Fortra® Intelligence and Research Experts (FIRE) Team 

LEARN MORE
Related Products
Fortra Vulnerability Management
Related Solutions
Threat Research & Intelligence