Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild.
Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity. Two other defects are listed as publicly known at the time of the release. These include 29 privilege escalation, 18 remote code execution, four information disclosure, three denial-of-service, and two spoofing vulnerabilities.
In total, Microsoft has addressed a total of 1,275 CVEs in 2025, according to data compiled by Fortra. Tenable’s Satnam Narang said 2025 also marks the second consecutive year where the Windows maker has patched over 1,000 CVEs. It’s the third time it has done so since Patch Tuesday’s inception.
The update is in addition to 17 shortcomings the tech giant patched in its Chromium-based Edge browser since the release of the November 2025 Patch Tuesday update. This also consists of a spoofing vulnerability in Edge for iOS (CVE-2025-62223, CVSS score: 4.3).
The vulnerability that has come under active exploitation is CVE-2025-62221 (CVSS score: 7.8), a use-after-free in Windows Cloud Files Mini Filter Driver that could allow an authorized attacker to elevate privileges locally and obtain SYSTEM permissions.
“File system filter drivers, aka minifilters, attach to the system software stack, and intercept requests targeted at a file system, and extend or replace the functionality provided by the original target,” Adam Barnett, lead software engineer at Rapid7, said in a statement. “Typical use cases include data encryption, automated backup, on-the-fly compression, and cloud storage.”
“The Cloud Files minifilter is used by OneDrive, Google Drive, iCloud, and others, although as a core Windows component, it would still be present on a system where none of those apps were installed.”
It’s currently not known how the vulnerability is being abused in the wild and in what context, but successful exploitation requires an attacker to obtain access to a susceptible system through some other means. Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have been credited with discovering and reporting the flaw.
According to Mike Walters, president and co-founder of Action1, a threat actor could gain low-privileged access through methods like phishing, web browser exploits, or another known remote code execution flaw, and then chain it with CVE-2025-62221 to seize control of the host.
Armed with this access, the attacker could deploy kernel components or abuse signed drivers to evade defenses and maintain persistence, and can be weaponized to achieve a domain-wide compromise when coupled with credential theft scenarios.
The exploitation of CVE-2025-62221 has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add it to the Known Exploited Vulnerabilities (KEV) catalog, mandating Federal Civilian Executive Branch (FCEB) agencies to apply the patch by December 30, 2025.
The remaining two zero-days are listed below –
- CVE-2025-54100 (CVSS score: 7.8) – A command injection vulnerability in Windows PowerShell that allows an unauthorized attacker to execute code locally
- CVE-2025-64671 (CVSS score: 8.4) – A command injection vulnerability in GitHub Copilot for JetBrains that allows an unauthorized attacker to execute code locally
“This is a command injection flaw in how Windows PowerShell processes web content,” Action1’s Alex Vovk said about CVE-2025-54100. “It lets an unauthenticated attacker execute arbitrary code in the security context of a user who runs a crafted PowerShell command, such as Invoke-WebRequest.”
“The threat becomes significant when this vulnerability is combined with common attack patterns. For example, an attacker can use social engineering to persuade a user or admin to run a PowerShell snippet using Invoke-WebRequest, allowing a remote server to return crafted content that triggers the parsing flaw and leads to code execution and implant deployment.”
It’s worth noting that CVE-2025-64671 comes in the wake of a broader set of security vulnerabilities collectively named IDEsaster that was recently disclosed by security researcher Ari Marzouk. The issues arise as a result of adding agentic capabilities to an integrated development environment (IDE), exposing new security risks in the process.
These attacks leverage prompt injections against the artificial intelligence (AI) agents embedded into IDEs and combine them with the base IDE layer to result in information disclosure or command execution.
“This uses an ‘old’ attack chain of using a vulnerable tool, so not exactly part of the IDEsaster novel attack chain,” Marzouk, who is credited with discovering and reporting the flaw, told The Hacker News. “Specifically, a vulnerable ‘execute command’ tool where you can bypass the user-configured allow list.”
Marzouk also said multiple IDEs were found vulnerable to the same attack, including Kiro.dev, Cursor (CVE-2025-54131), JetBrains Junie (CVE-2025-59458), Gemini CLI, Windsurf, and Roo Code (CVE-2025-54377, CVE-2025-57771, and CVE-2025-65946). Furthermore, GitHub Copilot for Visual Studio Code has been found to be susceptible to the vulnerability, although, in this case, Microsoft assigned it a “Medium” severity rating with no CVE.
“The vulnerability states that it’s possible to gain code execution on affected hosts by tricking the LLM into running commands that bypass the guardrails and appending instructions in the user’s ‘auto-approve’ settings,” Kev Breen, senior director of cyber threat research at Immersive, said.
“This can be achieved through ‘Cross Prompt Injection,’ which is where the prompt is modified not by the user but by the LLM agents as they craft their own prompts based on the content of files or data retrieved from a Model Context Protocol (MCP) server that has risen in popularity with agent-based LLMs.”
Software Patches from Other Vendors
In addition to Microsoft, security updates have also been released by other vendors over the past several weeks to rectify multiple vulnerabilities, including —
- Adobe
- Amazon Web Services
- AMD
- Arm
- ASUS
- Atlassian
- Bosch
- Broadcom (including VMware)
- Canon
- Cisco
- Citrix
- CODESYS
- Dell
- Devolutions
- Drupal
- F5
- Fortinet
- Fortra
- GitLab
- Google Android and Pixel
- Google Chrome
- Google Cloud
- Google Pixel Watch
- Hitachi Energy
- HP
- HP Enterprise (including Aruba Networking and Juniper Networks)
- IBM
- Imagination Technologies
- Intel
- Ivanti
- Lenovo
- Linux distributions AlmaLinux, Alpine Linux, Amazon Linux, Arch Linux, Debian, Gentoo, Oracle Linux, Mageia, Red Hat, Rocky Linux, SUSE, and Ubuntu
- MediaTek
- Mitsubishi Electric
- MongoDB
- Moxa
- Mozilla Firefox and Firefox ESR
- NVIDIA
- OPPO
- Progress Software
- Qualcomm
- React
- Rockwell Automation
- Samsung
- SAP
- Schneider Electric
- Siemens
- SolarWinds
- Splunk
- Synology
- TP-Link
- WatchGuard
- Zoom, and
- Zyxel
