In its December 2025 Patch Tuesday update, Microsoft addressed a total of 57 vulnerabilities, featuring one actively exploited zero-day and six vulnerabilities classified as high-risk. This comprehensive update emphasizes the ongoing commitment to user security and systems integrity.
The zero-day vulnerability, identified as CVE-2025-62221, is rated at 7.8 and pertains to a Use After Free vulnerability in the Windows Cloud Files Mini Filter Driver. This particular flaw could enable authorized attackers to escalate their privileges locally, potentially gaining SYSTEM-level access. In response to this threat, CISA has promptly added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, underscoring its severity.
Microsoft’s Threat Intelligence Center (MSTIC) and Security Response Center (MSRC) were instrumental in identifying this vulnerability, showcasing the company’s proactive approach to security threats.
Addressing Non-Microsoft Vulnerabilities
Alongside Microsoft’s vulnerabilities, the December update also tackled 13 non-Microsoft CVEs, primarily focused on vulnerabilities within Chromium-based browsers, particularly Microsoft Edge. This highlights the importance of patching even third-party vulnerabilities to protect users from potential exploits.
Various other vendors also took significant steps to enhance security during this patch cycle. Companies like Fortinet addressed CVEs such as CVE-2025-59718 and CVE-2025-59719. Ivanti issued a fix for CVE-2025-10573, while SAP released patches for multiple vulnerabilities, including CVE-2025-42880 and CVE-2025-42928, as well as vulnerabilities related to Apache Tomcat (CVE-2025-55754 and CVE-2025-55752).
High-Risk Vulnerabilities in the Update
Six vulnerabilities were flagged by Microsoft as having a high likelihood of exploitation, all rated at 7.8 under the Common Vulnerability Scoring System (CVSS) 3.1. Three of these vulnerabilities are categorized as Heap-based Buffer Overflows, highlighting a critical area of concern in security.
The high-risk vulnerabilities include:
- CVE-2025-59516: This vulnerability in the Windows Storage VSP Driver allows local privilege escalation due to a Missing Authentication for Critical Function flaw.
- CVE-2025-59517: Another vulnerability in the Windows Storage VSP Driver enables local privilege escalation due to improper access control.
- CVE-2025-62454: This Heap-based Buffer Overflow vulnerability in the Windows Cloud Files Mini Filter Driver also allows local privilege elevation.
- CVE-2025-62458: A Heap-based Buffer Overflow flaw in Windows Win32K – GRFX that permits local privilege escalation.
- CVE-2025-62470: This vulnerability affects the Windows Common Log File System Driver, allowing local privilege escalation through a Heap-based Buffer Overflow.
- CVE-2025-62472: In the Windows Remote Access Connection Manager, this vulnerability allows local privilege elevation through a flaw involving uninitialized resources.
High-Severity Vulnerabilities in Office and SharePoint
The December 2025 Patch Tuesday update also focused on several high-severity vulnerabilities within Office products and Microsoft services. The most severe of these were rated at 8.8. Microsoft indicated that, while these vulnerabilities are serious, they present a lower risk of exploitation compared to others.
Notable vulnerabilities include:
- CVE-2025-62549: A Remote Code Execution vulnerability in the Windows Routing and Remote Access Service (RRAS).
- CVE-2025-62550: A Remote Code Execution vulnerability related to the Azure Monitor Agent.
- CVE-2025-62456: A Remote Code Execution vulnerability in the Windows Resilient File System (ReFS).
- CVE-2025-64672: A spoofing vulnerability found in Microsoft SharePoint Server.
In addition, three vulnerabilities rated at 8.4 include:
- CVE-2025-64671: A Remote Code Execution vulnerability concerning GitHub Copilot for Jetbrains.
- CVE-2025-62557: A Remote Code Execution/Use After Free vulnerability in Microsoft Office.
- CVE-2025-62554: This vulnerability involves Remote Code Execution/Type Confusion in Microsoft Office.
