December Linux Patch Wednesday. In December, Linux vendors began fixing 650 vulnerabilities, roughly the same as in November. Of these, 399 are in the Linux Kernel. No vulnerabilities with signs of in-the-wild exploitation were detected.
For 29 vulnerabilities, public exploits are available or there are indications of their existence. The following can be highlighted:
🔸 RCE – JupyterLab Extension Template (CVE-2024-39700), fontTools (CVE-2025-66034), Cacti (CVE-2025-66399), CUPS (CVE-2025-64524)
🔸 XXE – Apache Tika (CVE-2025-66516)
🔸 SQLi – phpPgAdmin (CVE-2025-60797, CVE-2025-60798)
🔸 AuthBypass – cpp-httplib (CVE-2025-66570)
🔸 OpenRedirect – Chromium (CVE-2024-13983)
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.